Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Diconnected internet

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Diconnected internet

Unread postby Maruquani » January 27th, 2011, 2:31 pm

My internet is being disconnected





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:05:27 PM, on 1/27/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LPLYXLK\HijackThis[1].exe
c:\Users\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5278 bytes



Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
Digital Media Reader
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.9
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
NVIDIA Drivers
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Soft Data Fax Modem with SmartCP
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Driver Package - NVIDIA Corporation (nvstor32) HDC (07/02/2007 5.10.2600.0995)
ZoneAlarm
ZoneAlarm Toolbar
Maruquani
Active Member
 
Posts: 9
Joined: January 27th, 2011, 2:17 pm
Advertisement
Register to Remove

Re: Diconnected internet

Unread postby Bob4 » January 29th, 2011, 8:23 am

Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Removing malware may or may not fix your specific problem.
Please only use this topic to reply to. Do not start another thread.
The process is not instant.
Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear.
So lets do this to the end!


  • Save and quit any work your doing before beginning the fix.
  • Follow the steps I describe in the order I asked if at all possible,
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.
  • DO NOT install new programs while we are fixing this machine.
  • Be sure to use the subscribe button to receive notification by Email that you have been replied to.
    If I do not hear from you in 3 days from my last post this topic will be closed. You will need to start another.

Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!


NOTE to Vista and windows 7 users:
For any tool I ask you to run you will need to "right click on it and choose
"Run as Administrator"





________________________________________
OTL
Please download OTL© by OldTimer and save it to your desktop. Click here.
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options are checked (ticked). There are five of them.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check and Purity Check.
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.




_________________________
In your next reply I would like to see:
  • The reports (2) from OTL
  • Describe the problem in a bit more detail. Are you being disconnected intermittently ,when using a certain program?
    How do you work around this problem? Have you added a new program recently ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Diconnected internet

Unread postby Maruquani » January 30th, 2011, 12:56 pm

My internet does go off intermittenly . I use diagnose and repair having to get new ip settings, which was reliable for a couple days then the problem got more frequent like right after the internet starts working again. I open task manager and end the processes of flashutil10l_activex.exe or disnotedexe which alot of the time seems to have make the internet work almost immediately. Some other things I noticed , the task manager window is stuck open with no exit button and the right click menu wont come up to close it. I also noticed my file sharing option in network and sharing center wont stay turned off.
I recently installed adobe reader.

OTL Extras logfile created on: 1/30/2011 11:16:50 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 374.98 Gb Free Space | 80.51% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3623395000-1979276552-681064105-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{382EC222-490C-4376-97AE-F62CB2FB4AFF}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{5E072DDC-6372-4EDE-B7C2-9827D92319FB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79358AE9-ED47-47E4-9AB9-E1B151EFA1D0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95B13C2F-9A21-49B7-A71F-691E4A543FDF}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{B544D40E-A459-425C-93D8-FFF4DAD1A35C}" = dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"3D6F095EF616C719D1E72E6EA2681F3CFA0AE7B8" = Windows Driver Package - NVIDIA Corporation (nvstor32) HDC (07/02/2007 5.10.2600.0995)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Uninstall_is1" = Uninstall 1.0.0.1
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2011 11:13:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/28/2011 11:13:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1061

Error - 1/28/2011 11:13:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

Error - 1/28/2011 11:13:07 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/28/2011 11:13:07 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2059

Error - 1/28/2011 11:13:07 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2059

Error - 1/28/2011 11:13:08 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/28/2011 11:13:08 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3167

Error - 1/28/2011 11:13:08 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3167

Error - 1/29/2011 7:24:23 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application mDNSResponder.exe, version 2.0.4.0, time stamp
0x4cae1be1, faulting module mDNSResponder.exe, version 2.0.4.0, time stamp 0x4cae1be1,
exception code 0xc0000005, fault offset 0x0000110a, process id 0xd48, application
start time 0x01cbbf403ca396f3.

[ System Events ]
Error - 11/14/2010 2:15:13 AM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 11/14/2010 2:15:13 AM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.

Error - 11/14/2010 2:15:13 AM | Computer Name = Owner-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
12, function 0. Please contact your system vendor for technical assistance.

Error - 11/14/2010 2:20:46 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =


< End of report >


OTL logfile created on: 1/30/2011 11:16:50 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 374.98 Gb Free Space | 80.51% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/30 11:04:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/11/14 09:35:37 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2010/09/02 09:21:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/09/02 07:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/09/02 07:26:14 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/23 17:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (SafeList) ==========

MOD - [2011/01/30 11:04:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/11/23 15:59:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010/11/23 15:59:10 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
MOD - [2010/09/02 07:26:22 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/29 10:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/09/02 07:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/02 07:26:10 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/04/10 21:42:56 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/06/20 00:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/12/06 09:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/04/23 20:13:22 | 001,769,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3623395000-1979276552-681064105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3623395000-1979276552-681064105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3623395000-1979276552-681064105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3623395000-1979276552-681064105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 D0 72 08 4E 9A CB 01 [binary data]
IE - HKU\S-1-5-21-3623395000-1979276552-681064105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3623395000-1979276552-681064105-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3623395000-1979276552-681064105-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3623395000-1979276552-681064105-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/01/11 06:32:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3623395000-1979276552-681064105-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3623395000-1979276552-681064105-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/30 11:04:06 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/27 13:01:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2011/01/27 12:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/27 12:43:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/12 05:56:50 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/12 05:56:48 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/01/11 07:44:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2011/01/11 07:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/01/11 07:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/11 07:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

========== Files - Modified Within 30 Days ==========

[2011/01/30 11:04:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/01/30 10:10:49 | 000,004,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/30 10:10:49 | 000,004,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/30 10:00:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/28 18:12:33 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/28 18:12:33 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/28 18:07:13 | 2546,479,104 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/28 17:07:52 | 000,727,216 | ---- | M] () -- C:\Users\Owner\Desktop\DSCN3044.JPG
[2011/01/27 17:21:30 | 000,002,523 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2011/01/27 13:01:52 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2011/01/27 12:41:59 | 001,402,880 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.msi
[2011/01/22 14:49:36 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/01/18 06:16:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/01/28 17:05:44 | 000,727,216 | ---- | C] () -- C:\Users\Owner\Desktop\DSCN3044.JPG
[2011/01/27 12:43:56 | 000,002,523 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2011/01/27 12:41:49 | 001,402,880 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.msi
[2011/01/16 11:33:29 | 2546,479,104 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/11 07:43:49 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/01/11 07:43:49 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/11/24 13:21:54 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/11/21 12:09:25 | 000,007,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/14 01:38:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2006/11/22 14:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 10:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/11/14 02:44:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CheckPoint
[2010/11/23 16:08:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/01/28 18:06:31 | 000,024,388 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Maruquani
Active Member
 
Posts: 9
Joined: January 27th, 2011, 2:17 pm

Re: Diconnected internet

Unread postby Bob4 » January 30th, 2011, 5:23 pm

Adobe Acrobat Reader update

You are using an older vulnerable version of Adobe Acrobat Reader(8.*). Please go here
to download Adobe Acrobat Reader 10 (click on the big red banner)
NOTE: Be sure to uncheck include McAfee security be fore you download.

Then go to Programs and features (through control panel) and uninstall adobe reader Adobe Reader 8.2.5


_________________________________________
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.



______________________________________________
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the contents of that log.

If you accidently close it you may find it here.
Start -> All Programs -> Malwarebytes' Anti-Malware -> Logs

___________________________________
GMER
Please download GMER Rootkit Scanner from Here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from Malwarebytes
  • The report from GMER
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Diconnected internet

Unread postby Maruquani » February 1st, 2011, 12:20 pm

The GMER stopped during scan after a few minutes.I tried it twice the second time it froze immediately thereafter and a bluescreen occured ,I didn't see what it said . On The 3rd attempt the PC froze. The pc is operating normally as of now.
Maruquani
Active Member
 
Posts: 9
Joined: January 27th, 2011, 2:17 pm

Re: Diconnected internet

Unread postby Bob4 » February 1st, 2011, 4:56 pm

How about the Malwarebytes scan ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Diconnected internet

Unread postby Maruquani » February 1st, 2011, 6:06 pm

Malware bytes worked fine with no freezes

www.malwarebytes.org

Database version: 5643

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/30/2011 8:35:25 PM
mbam-log-2011-01-30 (20-35-25).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 204164
Time elapsed: 25 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Maruquani
Active Member
 
Posts: 9
Joined: January 27th, 2011, 2:17 pm

Re: Diconnected internet

Unread postby Bob4 » February 1st, 2011, 6:54 pm

Maruquani wrote: The pc is operating normally as of now.


Internet also?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Diconnected internet

Unread postby Maruquani » February 1st, 2011, 7:22 pm

no
Maruquani
Active Member
 
Posts: 9
Joined: January 27th, 2011, 2:17 pm

Re: Diconnected internet

Unread postby Bob4 » February 1st, 2011, 9:52 pm

Let's try gmer in safe mode.
Print these instructions out as the internet won't be available in safe mode.



_________________________________
  • Double click gmer's exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Reboot to normal mode and post.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Diconnected internet

Unread postby Maruquani » February 1st, 2011, 11:23 pm

I tried several times with the program in safe mode and kept ending up getting blue screen after the scan stopped at \Device\Harddidsk volume shadow copy 1 .
Maruquani
Active Member
 
Posts: 9
Joined: January 27th, 2011, 2:17 pm

Re: Diconnected internet

Unread postby Bob4 » February 2nd, 2011, 8:17 am

You can delete GMER.

Let's try this one.

RootRepeal
Download RootRepeal.zip & unzip it to your Desktop.

    Double click RootRepeal.exe to start the program
  • Click the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

Note: The scan can take some time. DO NOT run any other programs while the scan is running
  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File then Exit to close the program

Post that log for me.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Diconnected internet

Unread postby Maruquani » February 2nd, 2011, 2:07 pm

I tried in normal and safe mode pc froze C:\system VOlume locked to the windows API
Maruquani
Active Member
 
Posts: 9
Joined: January 27th, 2011, 2:17 pm

Re: Diconnected internet

Unread postby Bob4 » February 3rd, 2011, 1:34 pm

Well! Let's try one more and if that doesn't work I'll ask around for another idea or 2.

_________________________________________
Rootkit UnHooker (RkU)
Please download Rootkit Unhooker ... Save it to your Desktop.
Note: The log can be very long, you may need to post it separately.
  1. Double-click on RKUnhookerLE.exe to execute it.
  2. Click the Report tab, then click Scan.
  3. Check Drivers, Stealth Code, Files and Code Hooks. Uncheck the rest. then Click OK. (See image below...)
    Image
    The scanning will toggle through the checked items "tabs" ... it will take a while, so please be patient.
  4. When the scanner is finished... click File, Save Report.
  5. Save the file "Report.txt" to your Desktop... Press Close... then press Yes
  6. Copy the entire contents of the Report.txt file in you're next reply.


_____________________________________
  • Also let me know about your internet connection.
  • Wired or wireless..
  • Do you have a router?
  • Are therer other machines on this network?
    If so are they exibiting the same symptoms as you.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Diconnected internet

Unread postby Maruquani » February 3rd, 2011, 6:12 pm

my pc is wired I don't have any other computers .I am stumped on the router answer after searching long and hard. I would say no. This is the description of the modem model. http://www.arrisi.com/product_catalog/l ... asp?id=418 .




RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8D601000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7471104 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.30 )
0x82451000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82451000 PnpManager 3903488 bytes
0x82451000 RAW 3903488 bytes
0x82451000 WMIxWDM 3903488 bytes
0x94CD0000 Win32k 2109440 bytes
0x94CD0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8E04B000 C:\Windows\system32\drivers\RTKVHDA.sys 1765376 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x83205000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82A73000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8CC7A000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x83007000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)
0x8046A000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9FE5D000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8D209000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x81808000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8DD21000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8D2E9000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E512000 C:\Windows\system32\DRIVERS\vsdatant.sys 569344 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0x8054A000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82A02000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x818EC000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9FE04000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8CC04000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x8D394000 C:\Windows\system32\DRIVERS\yk60x86.sys 311296 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0x806A9000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8E493000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8E661000 C:\Windows\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)
0x8060D000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80429000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8074B000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x83173000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8E604000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82BA9000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8E791000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x83315000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8E74F000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8E005000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8241E000 ACPI_HAL 208896 bytes
0x8241E000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807A9000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8E4E0000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8DDCE000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x805D3000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82B7E000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8CC50000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9FFAD000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8E7CA000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x83365000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80664000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x831D8000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8CD94000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8339D000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x819A4000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8E40C000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x819C5000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x80720000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8E6BF000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0x8078C000 C:\Windows\system32\DRIVERS\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0x81959000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x830F4000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8E734000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x81976000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8D376000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x819E4000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x83133000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x8E64A000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8CD7D000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9FF80000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8E59D000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8E45F000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8198F000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8CDDA000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8E706000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9FF51000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8CDC6000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E47F000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8314B000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x818C8000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E5C1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9FF66000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8338C000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8E03A000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80410000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x83123000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x807DB000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8E6E5000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x818B8000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80708000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8D2CB000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8CDEF000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8E725000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x83356000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8068B000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8CDB7000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x831B1000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8069A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8D2DB000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x94F10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8E5B3000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8E448000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806FA000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8E6A8000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D2BE000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8073E000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0x831CB000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805C6000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9FF45000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x82BEB000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8DDC2000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8315E000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x831C0000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8E43D000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D3EB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8D3E0000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x9FFF2000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E475000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x8E6B5000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8E71B000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8D3F6000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8E640000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9FF3B000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x83169000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x818DB000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x833BE000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D200000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8E6DC000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9FF96000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8E456000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x94EF0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8311A000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80653000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80718000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80421000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x818E4000 C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 32768 bytes (Check Point Software Technologies, ZoneAlarm Browser Security)
0x8E6FE000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8065C000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8E42D000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8E435000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8334E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9FF78000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x82BE4000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8E6F5000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80409000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x83000000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9FE52000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x806F3000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8D38E000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8E4DB000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x9FE59000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8E786000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8DDFD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8E6FC000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IGTK50ZG\collapse_hvr[1]
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF1D6C.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF2800.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF30EA.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF30FE.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF316E.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF317E.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF31C2.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF31D2.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF36C2.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF426A.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF77B9.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF7B99.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF7BAE.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF7C50.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF7C71.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF7CBF.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF7CD1.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DF9E2B.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFA009.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFA2AE.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFA2C3.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFA358.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFA36D.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFA3B7.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFA3CF.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFB200.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFB609.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFBBD.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFC2C.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFD50.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFD60.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFDB7.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFDC7.tmp::$DATA
!-->[Hidden] C:\Users\Owner\AppData\Local\Temp\~DFFAD7.tmp::$DATA
!-->[Hidden] C:\Windows\Prefetch\RUNDLL32.EXE-7768279B.pf
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x824F97AA-->824F97B1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000AC8A0, Type: Inline - RelativeJump 0x824FD8A0-->824FD88B [ntkrnlpa.exe]
ntkrnlpa.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x825BCDF0-->8E67E790 [aswSP.SYS]
ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump 0x82681063-->8E67BC88 [aswSP.SYS]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x8262828F-->8E67A1EE [aswSP.SYS]
ntkrnlpa.exe-->TmInitSystem, Type: Inline - PushRet 0x827AA1DE-->C3A1E4C7 [unknown_code_page]
[1000]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[1000]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[1000]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[1000]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[1000]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[1000]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[1000]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[1000]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[1000]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[1000]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[1000]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[1000]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[1000]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[1000]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[1000]svchost.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[1000]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[1000]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[1000]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[1000]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[1000]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[1000]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[1000]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[1000]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[1000]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[1000]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[1088]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[1088]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[1088]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[1088]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[1088]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[1088]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[1088]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[1088]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[1088]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[1088]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[1088]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[1088]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[1088]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[1088]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[1088]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[1088]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[1132]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[1132]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[1132]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[1132]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[1132]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[1132]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[1132]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[1132]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[1132]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[1132]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[1132]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[1132]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[1132]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[1132]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[1132]svchost.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[1132]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[1132]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[1132]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[1132]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[1132]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[1132]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[1132]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[1132]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[1132]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[1132]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[1172]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[1172]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[1172]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[1172]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[1172]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[1172]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[1172]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[1172]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[1172]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[1172]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[1172]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[1172]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[1172]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[1172]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[1172]svchost.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[1172]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[1172]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[1172]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[1172]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[1172]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[1172]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[1172]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[1172]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[1172]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[1172]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[1276]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[1276]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[1276]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[1276]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[1276]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[1276]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[1276]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[1276]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[1276]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[1276]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[1276]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[1276]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[1276]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[1276]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[1276]svchost.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[1276]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[1276]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[1276]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[1276]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[1276]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[1324]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[1324]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[1324]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[1324]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[1324]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[1324]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[1324]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[1324]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[1324]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[1324]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[1324]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[1324]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[1324]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[1324]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[1324]svchost.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[1324]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[1324]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[1324]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[1324]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[1324]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[1324]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[1324]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[1324]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[1324]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[1324]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[1428]rundll32.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[1428]rundll32.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[1428]rundll32.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[1428]rundll32.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[1428]rundll32.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[1428]rundll32.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[1428]rundll32.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[1428]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[1428]rundll32.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[1428]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[1428]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[1428]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[1428]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[1428]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[1428]rundll32.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[1428]rundll32.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[1428]rundll32.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[1428]rundll32.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[1428]rundll32.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[1428]rundll32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[1548]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[1548]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[1548]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[1548]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[1548]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[1548]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[1548]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[1548]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[1548]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[1548]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[1548]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[1548]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[1548]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[1548]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[1548]svchost.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[1548]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[1548]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[1548]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[1548]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[1548]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[1548]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[1548]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[1548]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[1548]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[1548]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[1724]RtHDVCpl.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[1724]RtHDVCpl.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[1724]RtHDVCpl.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[1724]RtHDVCpl.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[1724]RtHDVCpl.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[1724]RtHDVCpl.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[1724]RtHDVCpl.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[1724]RtHDVCpl.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[1724]RtHDVCpl.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[1724]RtHDVCpl.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[1724]RtHDVCpl.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[1856]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x773FA84F-->00000000 [unknown_code_page]
[2316]AvastUI.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[2316]AvastUI.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[2316]AvastUI.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[2316]AvastUI.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[2316]AvastUI.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[2316]AvastUI.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[2316]AvastUI.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[2316]AvastUI.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[2316]AvastUI.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[2316]AvastUI.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[2388]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[2388]spoolsv.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[2388]spoolsv.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[2388]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[2388]spoolsv.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[2388]spoolsv.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[2388]spoolsv.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[2388]spoolsv.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[2388]spoolsv.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[2388]spoolsv.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[2388]spoolsv.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[2388]spoolsv.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[2428]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[2428]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[2428]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[2428]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[2428]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[2428]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[2428]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[2428]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[2428]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[2428]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[2428]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[2428]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[2428]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[2428]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[2428]svchost.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[2428]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[2428]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[2428]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[2428]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[2428]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[2428]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[2428]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[2428]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[2428]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[2428]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[2456]taskeng.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[2456]taskeng.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[2456]taskeng.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[2456]taskeng.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[2456]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[2456]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[2456]taskeng.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[2456]taskeng.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[2456]taskeng.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[2456]taskeng.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[2456]taskeng.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[2456]taskeng.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[2456]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[2456]taskeng.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[2456]taskeng.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[2456]taskeng.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[2456]taskeng.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[2456]taskeng.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[2456]taskeng.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[2456]taskeng.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[2456]taskeng.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[2456]taskeng.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[2456]taskeng.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[2456]taskeng.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[2456]taskeng.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[2484]sidebar.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[2484]sidebar.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[2484]sidebar.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[2484]sidebar.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[2484]sidebar.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[2484]sidebar.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[2484]sidebar.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[2484]sidebar.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[2484]sidebar.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[2484]sidebar.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[2484]sidebar.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[2484]sidebar.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[2484]sidebar.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[2484]sidebar.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[2484]sidebar.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[2484]sidebar.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[2484]sidebar.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[2484]sidebar.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[2484]sidebar.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[2484]sidebar.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[2484]sidebar.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[2484]sidebar.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[2484]sidebar.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[2484]sidebar.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[2484]sidebar.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[264]dwm.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[264]dwm.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[264]dwm.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[264]dwm.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[264]dwm.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[264]dwm.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[264]dwm.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[264]dwm.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[264]dwm.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[264]dwm.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[264]dwm.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[264]dwm.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[264]dwm.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[264]dwm.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[264]dwm.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[2872]taskeng.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[2872]taskeng.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[2872]taskeng.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[2872]taskeng.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[2872]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[2872]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[2872]taskeng.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[2872]taskeng.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[2872]taskeng.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[2872]taskeng.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[2872]taskeng.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[2872]taskeng.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[2872]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[2872]taskeng.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[2872]taskeng.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[2872]taskeng.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[2872]taskeng.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[2872]taskeng.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[2872]taskeng.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[2872]taskeng.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[2872]taskeng.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[2872]taskeng.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[2872]taskeng.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[2872]taskeng.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[2872]taskeng.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[3172]AppleMobileDeviceService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[3172]AppleMobileDeviceService.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[3172]AppleMobileDeviceService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[3172]AppleMobileDeviceService.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[3172]AppleMobileDeviceService.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[3172]AppleMobileDeviceService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[3172]AppleMobileDeviceService.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[3172]AppleMobileDeviceService.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[3172]AppleMobileDeviceService.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[3172]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[3172]AppleMobileDeviceService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[3208]mDNSResponder.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[3208]mDNSResponder.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[3208]mDNSResponder.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[3208]mDNSResponder.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[3208]mDNSResponder.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[3208]mDNSResponder.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[3208]mDNSResponder.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[3208]mDNSResponder.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[3208]mDNSResponder.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[3208]mDNSResponder.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[3208]mDNSResponder.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[3244]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[3244]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[3244]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[3244]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[3244]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[3244]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[3244]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[3244]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[3244]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[3244]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[3244]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[3244]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[3244]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[3244]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[3244]svchost.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[3244]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[3244]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[3244]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[3244]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[3244]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[3244]svchost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[3244]svchost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[3244]svchost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[3244]svchost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[3244]svchost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[3360]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[3360]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[3360]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[3360]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[3360]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[3360]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[3360]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[3360]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[3360]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[3360]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[3360]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[3360]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[3360]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[3360]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[3360]svchost.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[3360]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[3360]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[3360]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[3360]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[3360]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[3432]svchost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[3432]svchost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[3432]svchost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[3432]svchost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[3432]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[3432]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[3432]svchost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[3432]svchost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[3432]svchost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[3432]svchost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[3432]svchost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[3432]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[3432]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[3432]svchost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[3432]svchost.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[3432]svchost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[3432]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[3432]svchost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[3432]svchost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[3432]svchost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[3480]SearchIndexer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[3480]SearchIndexer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[3480]SearchIndexer.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[3480]SearchIndexer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[3480]SearchIndexer.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[3480]SearchIndexer.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[3480]SearchIndexer.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[3480]SearchIndexer.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[3480]SearchIndexer.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[3480]SearchIndexer.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[3480]SearchIndexer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[3480]SearchIndexer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[3552]XAudio.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[3552]XAudio.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[3552]XAudio.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[3552]XAudio.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[3552]XAudio.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[3552]XAudio.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[3552]XAudio.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[3552]XAudio.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[3552]XAudio.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[3552]XAudio.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[3552]XAudio.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[3552]XAudio.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[3552]XAudio.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[3552]XAudio.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[3552]XAudio.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[3552]XAudio.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[3552]XAudio.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[3552]XAudio.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[3552]XAudio.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[3552]XAudio.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[3552]XAudio.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[3552]XAudio.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[3552]XAudio.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[3552]XAudio.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[3552]XAudio.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[3796]WUDFHost.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[3796]WUDFHost.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[3796]WUDFHost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[3796]WUDFHost.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[3796]WUDFHost.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[3796]WUDFHost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[3796]WUDFHost.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[3796]WUDFHost.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[3796]WUDFHost.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[3796]WUDFHost.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[3796]WUDFHost.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[380]explorer.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[380]explorer.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[380]explorer.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[380]explorer.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[380]explorer.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[380]explorer.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[380]explorer.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[380]explorer.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[380]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[380]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[380]explorer.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[380]explorer.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[380]explorer.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[380]explorer.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[380]explorer.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[5052]notepad.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[5052]notepad.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[5052]notepad.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[5052]notepad.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[5052]notepad.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[5052]notepad.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[5052]notepad.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[5052]notepad.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[5052]notepad.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[5052]notepad.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[5052]notepad.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[5052]notepad.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[5052]notepad.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[5052]notepad.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[5052]notepad.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[5052]notepad.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[5052]notepad.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[5052]notepad.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[5052]notepad.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[5052]notepad.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[5052]notepad.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[5052]notepad.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[5052]notepad.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[5052]notepad.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[5052]notepad.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
[624]iPodService.exe-->advapi32.dll-->ChangeServiceConfig2A, Type: Inline - RelativeJump 0x767C7099-->00000000 [snxhk.dll]
[624]iPodService.exe-->advapi32.dll-->ChangeServiceConfig2W, Type: Inline - RelativeJump 0x767C71E1-->00000000 [snxhk.dll]
[624]iPodService.exe-->advapi32.dll-->ChangeServiceConfigA, Type: Inline - RelativeJump 0x767C6DD9-->00000000 [snxhk.dll]
[624]iPodService.exe-->advapi32.dll-->ChangeServiceConfigW, Type: Inline - RelativeJump 0x767C6F81-->00000000 [snxhk.dll]
[624]iPodService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x767C72A1-->00000000 [snxhk.dll]
[624]iPodService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76789EB4-->00000000 [snxhk.dll]
[624]iPodService.exe-->advapi32.dll-->DeleteService, Type: Inline - RelativeJump 0x7678A07E-->00000000 [snxhk.dll]
[624]iPodService.exe-->advapi32.dll-->ImpersonateNamedPipeClient, Type: Inline - RelativeJump 0x76753A48-->00000000 [ISWSHEX.dll]
[624]iPodService.exe-->advapi32.dll-->SetServiceObjectSecurity, Type: Inline - RelativeJump 0x767C6CD9-->00000000 [snxhk.dll]
[624]iPodService.exe-->advapi32.dll-->SetThreadToken, Type: Inline - RelativeJump 0x76768E21-->00000000 [ISWSHEX.dll]
[624]iPodService.exe-->kernel32.dll-->OpenProcess, Type: Inline - RelativeJump 0x77417267-->00000000 [ISWSHEX.dll]
[624]iPodService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77A99390-->00000000 [snxhk.dll]
[624]iPodService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x77AABA50-->00000000 [snxhk.dll]
[624]iPodService.exe-->ntdll.dll-->NtAccessCheckByType, Type: Inline - RelativeJump 0x77AD4044-->00000000 [ISWSHEX.dll]
[624]iPodService.exe-->ntdll.dll-->NtAlpcImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD4214-->00000000 [ISWSHEX.dll]
[624]iPodService.exe-->ntdll.dll-->NtImpersonateClientOfPort, Type: Inline - RelativeJump 0x77AD49E4-->00000000 [ISWSHEX.dll]
[624]iPodService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x77AD5324-->00000000 [ISWSHEX.dll]
[624]iPodService.exe-->user32.dll-->FindWindowA, Type: Inline - RelativeJump 0x778E9D76-->00000000 [ISWSHEX.dll]
[624]iPodService.exe-->user32.dll-->FindWindowW, Type: Inline - RelativeJump 0x778FA441-->00000000 [ISWSHEX.dll]
[624]iPodService.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [ISWSHEX.dll]
[624]iPodService.exe-->user32.dll-->SetWindowsHookExA, Type: Inline - RelativeJump 0x778E6322-->00000000 [snxhk.dll]
[624]iPodService.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x778E87AD-->00000000 [snxhk.dll]
[624]iPodService.exe-->user32.dll-->SetWinEventHook, Type: Inline - RelativeJump 0x778E9F3A-->00000000 [snxhk.dll]
[624]iPodService.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x778E98DB-->00000000 [snxhk.dll]
[624]iPodService.exe-->user32.dll-->UnhookWinEvent, Type: Inline - RelativeJump 0x778EC06F-->00000000 [snxhk.dll]
Maruquani
Active Member
 
Posts: 9
Joined: January 27th, 2011, 2:17 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware