RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntoskrnl.exe-->NtAlertResumeThread, Type: Address change 0x80637AD6-->86F5E220 [Unknown module filename]
ntoskrnl.exe-->NtAlertThread, Type: Address change 0x8058395D-->86F51150 [Unknown module filename]
ntoskrnl.exe-->NtAllocateVirtualMemory, Type: Address change 0x80570BC5-->86DB5E78 [Unknown module filename]
ntoskrnl.exe-->NtAssignProcessToJobObject, Type: Address change 0x805E8E34-->86DF57D8 [Unknown module filename]
ntoskrnl.exe-->NtConnectPort, Type: Address change 0x80584D73-->87090FB0 [Unknown module filename]
ntoskrnl.exe-->NtCreateKey, Type: Address change 0x80578710-->F7E133BE [Unknown module filename]
ntoskrnl.exe-->NtCreateMutant, Type: Address change 0x80582EA8-->86D00788 [Unknown module filename]
ntoskrnl.exe-->NtCreateSymbolicLinkObject, Type: Address change 0x805E78DA-->86D3D008 [Unknown module filename]
ntoskrnl.exe-->NtCreateThread, Type: Address change 0x805959DF-->F7E133B4 [Unknown module filename]
ntoskrnl.exe-->NtDebugActiveProcess, Type: Address change 0x80662889-->86DE3340 [Unknown module filename]
ntoskrnl.exe-->NtDeleteKey, Type: Address change 0x80599783-->F7E133C3 [Unknown module filename]
ntoskrnl.exe-->NtDeleteValueKey, Type: Address change 0x805983A2-->F7E133CD [Unknown module filename]
ntoskrnl.exe-->NtDuplicateObject, Type: Address change 0x8057EDE5-->86DB6478 [Unknown module filename]
ntoskrnl.exe-->NtEnumerateKey, Type: Address change 0x8057EC5A-->F772CA92 [sptd.sys]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Address change 0x80594DB6-->F772CE20 [sptd.sys]
ntoskrnl.exe-->NtFreeVirtualMemory, Type: Address change 0x805710BF-->86D46C70 [Unknown module filename]
ntoskrnl.exe-->NtImpersonateAnonymousToken, Type: Address change 0x8059EA22-->86F0EE08 [Unknown module filename]
ntoskrnl.exe-->NtImpersonateThread, Type: Address change 0x8058D42E-->86F5F450 [Unknown module filename]
ntoskrnl.exe-->NtLoadDriver, Type: Address change 0x805AEDE2-->86FD0A70 [Unknown module filename]
ntoskrnl.exe-->NtLoadKey, Type: Address change 0x805D45C5-->F7E133D2 [Unknown module filename]
ntoskrnl.exe-->NtMapViewOfSection, Type: Address change 0x8057A879-->86D46808 [Unknown module filename]
ntoskrnl.exe-->NtOpenEvent, Type: Address change 0x8058E7F1-->872EB3E8 [Unknown module filename]
ntoskrnl.exe-->NtOpenKey, Type: Address change 0x80572BDF-->F7727090 [sptd.sys]
ntoskrnl.exe-->NtOpenProcess, Type: Address change 0x8057F592-->F7E133A0 [Unknown module filename]
ntoskrnl.exe-->NtOpenProcessToken, Type: Address change 0x80578148-->86EE0158 [Unknown module filename]
ntoskrnl.exe-->NtOpenSection, Type: Address change 0x80578DEE-->86E017D8 [Unknown module filename]
ntoskrnl.exe-->NtOpenThread, Type: Address change 0x80584849-->F7E133A5 [Unknown module filename]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Address change 0x8057F1C3-->86E9E050 [Unknown module filename]
ntoskrnl.exe-->NtQueryKey, Type: Address change 0x8057E85A-->F772CEF8 [sptd.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Address change 0x80572F19-->F772CD78 [sptd.sys]
ntoskrnl.exe-->NtReplaceKey, Type: Address change 0x806567FE-->F7E133DC [Unknown module filename]
ntoskrnl.exe-->NtRestoreKey, Type: Address change 0x80656395-->F7E133D7 [Unknown module filename]
ntoskrnl.exe-->NtResumeThread, Type: Address change 0x80596056-->86F11070 [Unknown module filename]
ntoskrnl.exe-->NtSetContextThread, Type: Address change 0x80635C83-->86FEDE20 [Unknown module filename]
ntoskrnl.exe-->NtSetInformationProcess, Type: Address change 0x80574B1F-->86DF0C20 [Unknown module filename]
ntoskrnl.exe-->NtSetSystemInformation, Type: Address change 0x805B0A14-->86E76E08 [Unknown module filename]
ntoskrnl.exe-->NtSetValueKey, Type: Address change 0x8057FCE0-->F7E133C8 [Unknown module filename]
ntoskrnl.exe-->NtSuspendProcess, Type: Address change 0x80637A1B-->86F96B30 [Unknown module filename]
ntoskrnl.exe-->NtSuspendThread, Type: Address change 0x80637937-->86F7AB78 [Unknown module filename]
ntoskrnl.exe-->NtTerminateProcess, Type: Address change 0x80593435-->F54F7F20 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys]
ntoskrnl.exe-->NtTerminateThread, Type: Address change 0x8059560C-->86EE84A0 [Unknown module filename]
ntoskrnl.exe-->NtUnmapViewOfSection, Type: Address change 0x8057A401-->87060038 [Unknown module filename]
ntoskrnl.exe-->NtWriteVirtualMemory, Type: Address change 0x8058D363-->86E86FC0 [Unknown module filename]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserAttachThreadInput, Type: Address change 0xBF8F556E-->86E86E08 [Unknown module filename]
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF83C845-->86FBA638 [Unknown module filename]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF8A0C8F-->87011AF8 [Unknown module filename]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF81C763-->86DE5C70 [Unknown module filename]
win32k.sys-->NtUserGetRawInputData, Type: Address change 0xBF916210-->871A8120 [Unknown module filename]
win32k.sys-->NtUserMessageCall, Type: Address change 0xBF80EE8D-->8719FA00 [Unknown module filename]
win32k.sys-->NtUserPostMessage, Type: Address change 0xBF808306-->86F158D8 [Unknown module filename]
win32k.sys-->NtUserPostThreadMessage, Type: Address change 0xBF8B9E23-->87193258 [Unknown module filename]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF8A0D4F-->86DC0A00 [Unknown module filename]
win32k.sys-->NtUserSetWinEventHook, Type: Address change 0xBF8F98FA-->86D81DA0 [Unknown module filename]
==============================================
>Processes
==============================================
0x873C4490 [4] System
0x86D90BA0 [236] C:\WINDOWS\system32\WLTRYSVC.EXE
0x85F8E020 [252] C:\WINDOWS\system32\BCMWLTRY.EXE (Broadcom Corporation, Broadcom 802.11 Network Adapter Wireless Network Controller)
0x86D64570 [392] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x86A2F728 [528] C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc., Camera Control Interface)
0x85EE7DA0 [536] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86D7F368 [564] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85F88988 [620] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x85F5D728 [700] C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation, Automatic LiveUpdate Scheduler Service)
0x86FC6500 [736] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x86FC5288 [772] C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation, Media Center Receiver Service)
0x85E9C998 [824] C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation, ViewMgr)
0x85EE7B20 [940] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85F3B900 [1028] C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation, Media Center Scheduler Service)
0x86A66528 [1108] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x871551E8 [1180] C:\Program Files\Java\jre6\bin\jqs.exe (Oracle, Java(TM) Quick Starter Service)
0x862EADA0 [1252] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8695DDA0 [1276] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x85F2F428 [1300] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation, LiveUpdate Notice Service)
0x86A43950 [1324] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x862FEB78 [1336] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x85FDD728 [1532] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85FAEB78 [1600] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85F80020 [1640] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85F2A020 [1684] C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation, MCRD Device Service)
0x857C1950 [1748] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x85F99B78 [1828] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86D37DA0 [1856] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85EE72D8 [1948] C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation, Symantec Service Framework)
0x85EE8728 [1988] C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 54.05)
0x85E8EDA0 [2100] C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Development Company, L.P., hpqwmiex Module)
0x8569F9F0 [2308] C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Logitech Inc., LVCom Server)
0x85745DA0 [2772] C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation, Symantec Service Framework)
0x8575EDA0 [2872] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation, Media Center Tray Applet)
0x857405B8 [2924] C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc., Roxio AudioCentral Media Manager Tray App)
0x85E745B8 [2932] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation, LiveUpdate Notice Service)
0x857D3020 [2964] C:\WINDOWS\system32\bcmntray.EXE (Broadcom Corporation, Broadcom 802.11 Network Adapter Wireless Network Tray Applet)
0x85746470 [3020] C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation, Media Center Media Status Aggregator Service)
0x857E7A18 [3096] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc., RealNetworks Scheduler)
0x857E2DA0 [3132] C:\Program Files\QuickTime\QTTask.exe (Apple Inc., QuickTime Task)
0x85E5D950 [3196] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper Module)
0x85E6C950 [3248] C:\Program Files\Winamp\winampa.exe
0x85E62B28 [3308] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc., Communications Manager)
0x85721728 [3412] C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation, COM Surrogate)
0x86F52DA0 [3416] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe (-, -)
0x85E3EDA0 [3452] C:\Program Files\AIM6\aolsoftware.exe (AOL LLC, AOL)
0x85E39DA0 [3660] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd., Virtual DAEMON Manager)
0x856A7950 [3800] C:\Program Files\AIM6\aim6.exe (AOL LLC, AIM)
0x8569DDA0 [3832] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd., System settings protector)
0x8569B508 [3940] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x85FAB740 [4008] C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe (Roxio, Inc., Roxio AudioCentral Media Manager Playlist)
0x85221290 [4136] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x856B2738 [4464] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x85E68020 [4772] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x857DC020 [4872] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x85D48DA0 [5916] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x85F33DA0 [6020] C:\Documents and Settings\Francisco Lee\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\V7hwsrksA15.exe (UG North, RKULE, SR2 Normandy)
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3772416 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 54.05 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xF5004000 C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys 1957888 bytes (Logitech Inc., Logitech Machine Vision Engine Loader)
0xF4E2C000 C:\WINDOWS\system32\DRIVERS\lvuvc.sys 1933312 bytes (Logitech Inc., Logitech USB Video Class Driver)
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF4B21000 C:\WINDOWS\system32\DRIVERS\LVcKap.sys 1687552 bytes (-, -)
0xF6CFA000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 1552384 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 54.05 )
0xF4CBD000 C:\WINDOWS\system32\DRIVERS\lvpopflt.sys 1503232 bytes (Logitech Inc., Logitech AudioProcessing Filter Driver)
0xEFD3C000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100806.002\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0xF69BD000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1110016 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF7726000 PCI_NTPNP4560 892928 bytes
0xF7726000 sptd.sys 892928 bytes
0xF6BF9000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 823296 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF6924000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 626688 bytes (Conexant Systems, Inc., WinACHSF driver)
0xF752F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF52E6000 C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xF5454000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF53F6000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF67B3000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF5643000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF1D1A000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF555A000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100805.004\IDSxpx86.sys 348160 bytes (Symantec Corporation, IDS Core Driver)
0xF08AE000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS 339968 bytes (Symantec Corporation, Symantec AutoProtect)
0xF75D3000 SYMEFA.SYS 323584 bytes (Symantec Corporation, Symantec Extended File Attributes)
0xF68DA000 C:\WINDOWS\System32\Drivers\attw2n3g.SYS 303104 bytes
0xF6B19000 C:\WINDOWS\system32\drivers\camcaud.sys 294912 bytes (Conexant Systems Inc., Conexant WDM AC97 Audio Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF6B61000 C:\WINDOWS\system32\drivers\camchal.sys 278528 bytes (Conexant Systems Inc., Conexant AmcHal Driver)
0xF52A4000 C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
0xF1E61000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF572E000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 249856 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xF560F000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
0xF56E9000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xF6839000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF76E0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF28C7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7502000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEFBBD000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF54C4000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6ACC000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 167936 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF5532000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF766C000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF55E9000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF55C4000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xF6AF5000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6CC2000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6BC2000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF5510000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF5282000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF54EF000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7634000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7692000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF76B1000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF53D9000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF6BA5000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 118784 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xF74E8000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7654000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF4ABE000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF770E000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF75BC000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF687A000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF2BC4000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xF2C52000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xF55AF000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
0xF1FC2000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xEFD28000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100806.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xF6BE5000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6CE6000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF569C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7622000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF76CF000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6869000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF79A1000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7A01000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF79D1000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7821000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7911000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7A31000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7A11000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF2914000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7991000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xF6EC5000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7831000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7881000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF79E1000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7A91000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7861000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF6F05000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF78A1000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7941000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF79F1000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7851000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF78C1000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7841000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF6ED5000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7891000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7931000 C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xF6EE5000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7871000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF79C1000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7961000 C:\WINDOWS\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0xF6EF5000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7921000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF169A000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7901000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7BE1000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7B81000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7AF1000 C:\WINDOWS\system32\DRIVERS\strmdisp.sys 32768 bytes (Conexant Systems, Inc., Conexant Stream Dispatcher)
0xF7B09000 C:\WINDOWS\system32\DRIVERS\SymIM.sys 32768 bytes (Symantec Corporation, NDIS Intermediate Driver)
0xF7B89000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS 32768 bytes (Symantec Corporation, NDIS Filter Driver)
0xF7C11000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7BB1000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7B69000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7BD1000 C:\WINDOWS\system32\DRIVERS\nscirda.sys 28672 bytes (National Semiconductor Corporation, NSC Fast Infrared Driver.)
0xF7AA1000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7B91000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS 28672 bytes (Symantec Corporation, IDS Filter Driver)
0xF7BC1000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7B11000 C:\WINDOWS\System32\Drivers\mmc_2K.SYS 24576 bytes (Roxio, CD-R/RW AddOn MMC Driver (W2K))
0xF7BC9000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7BB9000 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xF7BA1000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7B99000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7BA9000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7B71000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7BD9000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 20480 bytes (GEAR Software Inc., CD DVD Filter)
0xF7B79000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AA9000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7AF9000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7AD9000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF7B01000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7C01000 C:\Program Files\SUPERAntiSpyware\SASENUM.SYS 20480 bytes ( SUPERAdBlocker.com and SUPERAntiSpyware.com, SASENUM.SYS)
0xF7AE1000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B51000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF2C7F000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF7C39000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF74AC000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF579B000 C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 16384 bytes (Logitech Inc., Logitech USB Video Class Filter Driver)
0xF705E000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF2C73000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7C3D000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7C31000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7C35000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF5365000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF74A8000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xF1EA2000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF707A000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6825000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF746B000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7DD3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D27000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7D53000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7DD1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D25000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D21000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7DD5000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D41000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7DD7000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D79000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D83000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D23000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7EE6000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7EDA000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xF7EE3000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7F64000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7EE4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DEA000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7DE9000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8735C1E8 unknown_irp_handler 3608 bytes
0x873CE1E8 unknown_irp_handler 3608 bytes
0x8735E1E8 unknown_irp_handler 3608 bytes
0x8711B1E8 unknown_irp_handler 3608 bytes
0x8705E778 unknown_irp_handler 2184 bytes
0x8708C7B8 unknown_irp_handler 2120 bytes
0x87110980 unknown_irp_handler 1664 bytes
0x86FB6980 unknown_irp_handler 1664 bytes
0x87088980 unknown_irp_handler 1664 bytes
0x86A44980 unknown_irp_handler 1664 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D914, Type: Inline - RelativeJump 0x804E4914-->804E4978 [ntoskrnl.exe]
ntoskrnl.exe+0x0000D9E0, Type: Inline - RelativeJump 0x804E49E0-->804E4A4A [ntoskrnl.exe]
ntoskrnl.exe+0x0000D9F4, Type: Inline - RelativeJump 0x804E49F4-->804E49F3 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DA1C, Type: Inline - RelativeJump 0x804E4A1C-->804E4A8E [ntoskrnl.exe]
ntoskrnl.exe+0x0000DA54, Type: Inline - RelativeJump 0x804E4A54-->804E4A64 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DA98, Type: Inline - RelativeCall 0x804E4A98-->AFD57950 [unknown_code_page]
ntoskrnl.exe+0x0000DAAC, Type: Inline - RelativeJump 0x804E4AAC-->804E4B25 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DB52, Type: Inline - RelativeJump 0x804E4B52-->804E4B4F [ntoskrnl.exe]
ntoskrnl.exe+0x0000DB94, Type: Inline - RelativeJump 0x804E4B94-->804E4B67 [ntoskrnl.exe]
ntoskrnl.exe+0x0000DC08, Type: Inline - RelativeJump 0x804E4C08-->804E4C1E [ntoskrnl.exe]
[1748]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1748]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1748]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1748]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1748]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1748]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1748]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3452]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77DD115C-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77F1102C-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7C9C13DC-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [tbdiag.dll]
[3452]aolsoftware.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7E411304-->00000000 [tbdiag.dll]
[3800]aim6.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [tbdiag.dll]
[3800]aim6.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [tbdiag.dll]
[3800]aim6.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [tbdiag.dll]
[3800]aim6.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77DD115C-->00000000 [tbdiag.dll]
[3800]aim6.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [tbdiag.dll]
[3800]aim6.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [tbdiag.dll]
[3800]aim6.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [tbdiag.dll]
[3800]aim6.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77F1102C-->00000000 [tbdiag.dll]
[3800]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [tbdiag.dll]
[3800]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [tbdiag.dll]
[3800]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [tbdiag.dll]
[3800]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [tbdiag.dll]
[3800]aim6.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7C9C13DC-->00000000 [tbdiag.dll]
[3800]aim6.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [tbdiag.dll]
[3800]aim6.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [tbdiag.dll]
[3800]aim6.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [tbdiag.dll]
[3800]aim6.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x7E411304-->00000000 [tbdiag.dll]
[4772]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [unknown_code_page]
[5916]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)