Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly Infected, won't boot. Next move?


  • This topic is locked This topic is locked
25 replies to this topic

#1 Guppie

Guppie

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 14 October 2010 - 02:26 PM

Hi folks,

Have a problem with my parent's computer, for which I'm usually the tech support (when I go home to visit). It's an old PC that's been continuously upgraded, currently a modern dual-core Athlon II machine, WinXP SP3 machine, has Norton AV installed. My step-mom's not too computer savvy and runs every slideshow her friends send her, so I'd be amazed if it wasn't infected with something. whistling.gif

Anyway, about two weeks ago it started running very slowly (no hardware config changes, no noticeable software changes aside from auto-updates). Very slow to boot up, desktop responds sluggishly -- but task manager shows idle process most of the time. Graph of CPU activity shows neither core locked up. Norton AV shows nothing, I ran rkill/Malwarebytes both booting normally and booting safe mode, nothing aside from a bunch of tracking cookies. I re-installed Norton (no change), defragged the HD (no change), and left it at that, having run out of time that weekend.

Anyway, it was working fine but slowly after that for a while, then got a call this week from them saying it won't finish boot-up at all now. System POSTs fine, goes into Windows boot-up screen for a while , then hangs. Same thing if booting with Last Known Good Config option, or Safe mode. So, looks like I'll have to make a trip home this weekend or next. Any suggestions on what I can do next? I have Recovery Console installed on their machine, plus have a copy of UBCD4WIN.

I am reluctant to flatten the drive and rebuild, as they have a bunch of software on there -- some of which was expensive and installed many years ago, so I can no longer find disks. Any advice on what I should do next?






BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:24 AM

Posted 14 October 2010 - 04:05 PM

Hello there, does the computer hang, or crash (see below)? What is the last driver you see loaded when trying safe mode?

We Need to Diagnose Your BlueScreen
  1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  2. Select "Disable Automatic Restart on System Failure", as shown here:
  3. When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
Please post me the error(s).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Guppie

Guppie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 14 October 2010 - 07:58 PM

QUOTE(elise025 @ Oct 14 2010, 05:05 PM) View Post
[*]Select "Disable Automatic Restart on System Failure", as shown here:


Thanks, however we do not have this option at all on the boot options selection screen. It is completely absent from the list of choices (possibly because this is a very old installation of WinXP?)

Also, currently, the system does not hang, it just reboots and returns to BIOS POST screen with no BSOD.

Edit: I know there's a registry key that can change this option (Set HKLM\System\CurrentControlSet\Control\CrashControl\AutoReboot = 0), and UBCD4WIN RegEdit-Remote should let me fix it. Unfortunately, I'm still talking my father through this over the phone, and I'm just not getting anywhere. So looks like I'll have to change myself next time I can get down to his place.

Edited by Guppie, 14 October 2010 - 08:22 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:24 AM

Posted 15 October 2010 - 11:41 AM

Choose the option to start windows normally, press enter, then start immediately tapping the F8 key. That should bring up the advanced options menu with more possibilities.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Guppie

Guppie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 16 October 2010 - 04:21 PM

Finally got back to my parent's place, and got physical access to the PC. I am already in the Advanced Options Menu, there simply is no option to disable rebooting.



Anyway, as it turns out, the rebooting error was an Unmountable Boot Volume, due to a CRC error on the drive. Checked the disk with a Norton emergency boot disk, and fixed some problems. The system now boots up and starts Windows correctly again without crashing. As a precaution, I'm cloning my Windows partition to a new hard drive right now.

However, I am back to the original issue, with an unusually slow boot, unusually slow operation.

Edited by Guppie, 16 October 2010 - 04:40 PM.


#6 Guppie

Guppie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 16 October 2010 - 06:35 PM

Well, some news. Booted from UBCD4WIN with a copy of SuperAntiSpyware portable burned, and it found a couple pieces of malware:

System.BrokenFilesAssociation
Security.Hijack [ImageFileExecutionOptions]
Rootkit.Unclassified/USBHubB
Malware.Trace

It's still running right now, but hopefully that's what has been causing me problems.

Edit: The following were successfully removed:

QUOTE
System.BrokenFileAssociation
HKCR\.exe

Rootkit.Unclassified/USBHubB
HKLM\SYSTEM\CurrentControlSet\Services\usbhubb
HKLM\SYSTEM\CurrentControlSet\Services\usbhubb#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\usbhubb#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\usbhubb#Type
HKLM\SYSTEM\CurrentControlSet\Services\usbhubb#Start
HKLM\SYSTEM\CurrentControlSet\Services\usbhubb#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\usbhubb#Tag
HKLM\SYSTEM\CurrentControlSet\Services\usbhubb#Group

Security.HiJack[ImageFileExecutionOptions]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TASKMGR.EXE
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TASKMGR.EXE#Debugger


Following removal, system returned to normal speed, but IE7 and Windows Search System Tray began crashing. Reinstalled IE7 and Windows Search 4.0, crashes stopped. System appears to be working well at the moment.

Edited by Guppie, 17 October 2010 - 12:38 AM.


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:24 AM

Posted 17 October 2010 - 05:15 AM

That is good to hear. smile.gif

A general note of warning here: by using an offline scanner (as you did from ubcd4win), you can remove virtually anything you want. This has an advantage, but also brings with it a danger, because you might remove things necessary for windows.

Lets have a look at what else is hiding here.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Guppie

Guppie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 17 October 2010 - 10:56 AM

OTL.txt
QUOTE
OTL logfile created on: 10/17/2010 11:44:52 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Jesse\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 94.17 Gb Free Space | 63.18% Space Free | Partition Type: NTFS

Computer Name: CHANG-AMD | User Name: Jesse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/17 11:15:17 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe
PRC - [2010/09/21 01:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/03/12 23:06:48 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2008/05/08 21:16:54 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 10:58:20 | 001,773,568 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\support.com\bin\tgcmd.exe
PRC - [2006/12/21 11:50:08 | 000,184,320 | ---- | M] (Anoto AB) -- C:\Documents and Settings\All Users\Application Data\Penpower\CPenManager\CPenDesk.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/09/19 16:05:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/01/30 12:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe


========== Modules (SafeList) ==========

MOD - [2010/10/17 11:15:17 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2010/03/12 23:08:29 | 000,118,784 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/03/12 23:06:56 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2010/03/12 23:06:56 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2009/08/13 09:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/10/04 22:07:12 | 000,144,936 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
MOD - [2006/01/09 17:42:08 | 000,045,056 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\support.com\bin\sdchook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wins\DLLHOST.EXE -- (RpcPatch)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Jesse\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Jesse\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\13.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2010/10/13 15:59:29 | 000,341,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101015.003\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/10/03 14:03:39 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/02 01:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101016.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/02 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/10/02 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/10/02 01:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101016.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/01 21:39:20 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/27 13:37:06 | 004,830,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 23:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/08/05 17:38:22 | 005,874,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/29 19:59:14 | 000,142,592 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/05 04:33:22 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/06/16 09:02:34 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/11 21:40:00 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/16 17:29:43 | 000,020,504 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - [2007/07/16 17:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/08/10 06:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/02/16 09:53:20 | 000,014,382 | ---- | M] (Anoto) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\minsceye.sys -- (MiniScanEye)
DRV - [2005/02/14 16:27:42 | 000,032,408 | ---- | M] (Anoto AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pendfu.sys -- (pendfu) PenDfu (pendfu.sys)
DRV - [2005/02/01 14:46:00 | 000,056,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atineuxx.sys -- (ATITUNEP)
DRV - [2005/02/01 14:45:12 | 000,074,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinesxx.sys -- (ATIXSAudio)
DRV - [2005/02/01 14:42:58 | 000,165,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinevxx.sys -- (atinevxx)
DRV - [2005/02/01 14:41:58 | 000,014,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2005/02/01 14:41:40 | 000,015,360 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2005/02/01 14:37:46 | 000,055,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2004/08/03 21:08:30 | 000,105,984 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2004/04/13 17:03:46 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/08/28 22:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/10/24 17:16:10 | 000,036,224 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)
DRV - [2001/10/03 13:47:04 | 000,148,352 | ---- | M] (3dfx Interactive, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3dfxvsm.sys -- (3dfxvs)
DRV - [2001/08/10 07:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv)
DRV - [1998/08/12 12:54:24 | 000,131,804 | ---- | M] (Plustek Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SCANDEV.SYS -- (SCANDEV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-299502267-1708537768-854245398-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/home.html
IE - HKU\S-1-5-21-299502267-1708537768-854245398-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.61
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 23:08:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/10/05 22:35:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/10/03 14:07:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 23:11:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/07 22:24:34 | 000,000,000 | ---D | M]

[2008/07/06 17:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Extensions
[2010/10/17 00:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\kgy1kftz.default\extensions
[2010/10/17 00:48:36 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\kgy1kftz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/03 15:31:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Jesse\Application Data\Mozilla\Firefox\Profiles\kgy1kftz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/02 22:16:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-299502267-1708537768-854245398-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-299502267-1708537768-854245398-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-299502267-1708537768-854245398-1007\..\Toolbar\WebBrowser: (no name) - {4194307F-65BB-454A-81D4-9E8A9D7CBAEA} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-299502267-1708537768-854245398-1007\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-21-299502267-1708537768-854245398-1007..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-299502267-1708537768-854245398-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CPenDesk.lnk = C:\Documents and Settings\All Users\Application Data\Penpower\CPenManager\CPenDesk.exe (Anoto AB)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-299502267-1708537768-854245398-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {470A6E01-15A3-49B3-B8B9-8EDF4AC1A480} http://sp.ask.com/docs/teoma/toolbar/downl...teomab-inst.cab (Reg Error: Value error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7920.4384027778 (Reg Error: Key error.)
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} https://remote-us.albemarle.com/nortel_cacheable/iewiper.cab (Iewiper Control)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://remote-us.albemarle.com/http/clearl...intra/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/27 00:01:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7b34fd80-49d6-11db-8351-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7b34fd80-49d6-11db-8351-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 11:16:03 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe
[2010/10/17 01:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Application Data\ElevatedDiagnostics
[2010/10/17 01:14:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/10/03 14:09:46 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2010/10/03 14:03:39 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/10/03 14:03:39 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/10/03 14:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/10/03 14:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/10/03 14:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/10/03 13:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/10/03 11:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Application Data\SUPERAntiSpyware.com
[2010/10/03 11:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/01 19:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jesse\Application Data\Windows Search
[2010/07/20 21:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/07/20 20:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/07/20 20:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/07/20 20:00:25 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/07/20 16:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2010/07/20 16:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Soluto
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/17 11:36:36 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/17 11:36:31 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1708537768-854245398-1007.job
[2010/10/17 11:36:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/17 11:36:28 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1708537768-854245398-1004.job
[2010/10/17 11:36:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1708537768-854245398-1006.job
[2010/10/17 11:36:28 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1708537768-854245398-1005.job
[2010/10/17 11:30:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/17 11:30:28 | 2146,750,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 11:15:19 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\RKUnhookerLE.EXE
[2010/10/17 11:15:17 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jesse\Desktop\OTL.exe
[2010/10/17 10:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/17 10:48:25 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1708537768-854245398-1004.job
[2010/10/17 10:22:11 | 000,003,259 | ---- | M] () -- C:\WINDOWS\twinnt50.ini
[2010/10/17 01:34:25 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1708537768-854245398-1007.job
[2010/10/17 01:26:14 | 000,001,483 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\Windows Explorer.lnk
[2010/10/17 01:25:21 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1708537768-854245398-1005.job
[2010/10/17 01:14:03 | 000,756,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/10/17 01:00:08 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Jesse\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/17 00:43:03 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/16 18:47:52 | 000,000,327 | -H-- | M] () -- C:\boot.ini
[2010/10/13 10:13:38 | 000,557,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/07 22:57:16 | 000,456,634 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 22:57:16 | 000,075,414 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/07 22:24:36 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/05 22:23:34 | 000,002,029 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/10/03 14:03:39 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/10/03 14:03:39 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/10/03 14:03:39 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/10/03 14:03:39 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/10/03 13:59:33 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Jesse\Desktop\Norton Installation Files.lnk
[2010/09/17 13:06:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1708537768-854245398-1006.job
[2010/07/28 22:26:02 | 000,000,717 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/07/20 17:35:52 | 000,000,193 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/17 11:16:04 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\RKUnhookerLE.EXE
[2010/10/07 22:24:35 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/05 22:23:10 | 000,002,029 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/10/03 14:03:39 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/10/03 14:03:39 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/10/03 13:59:32 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\Jesse\Desktop\Norton Installation Files.lnk
[2010/10/03 13:54:44 | 2146,750,464 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/14 19:09:43 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1708537768-854245398-1006.job
[2010/09/14 19:09:41 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1708537768-854245398-1006.job
[2010/07/20 20:00:37 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/07/20 17:27:10 | 003,008,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/20 16:41:49 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/29 15:23:10 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/04/30 21:35:04 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Jesse\Application Data\$_hpcst$.hpc
[2010/03/24 22:14:12 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/03/24 21:31:39 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/03/24 21:28:31 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/04/12 20:54:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/04/12 20:53:30 | 000,000,141 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/04/12 20:53:29 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/08/01 19:12:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1018.DLL
[2008/03/07 23:17:01 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\PPWORDW.DLL
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/04 18:34:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/05/04 18:32:42 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/05/04 18:30:42 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/03/30 18:59:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Lanting_Setup.INI
[2006/08/31 23:05:27 | 000,000,098 | ---- | C] () -- C:\WINDOWS\VPPLAYS.INI
[2006/08/02 20:50:02 | 000,000,717 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/12 21:27:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/12/08 18:19:24 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/09/19 22:06:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/05/07 21:03:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2005/03/24 14:16:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2005/02/09 20:34:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2004/12/09 14:57:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/12/09 14:57:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2004/12/04 19:03:18 | 000,000,185 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/12/04 19:03:17 | 000,001,045 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/04/09 20:18:57 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
[2003/12/14 22:27:11 | 000,000,043 | ---- | C] () -- C:\WINDOWS\twinnt30.ini
[2003/11/08 18:18:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Jesse\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/11/08 18:02:14 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/08 17:24:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/11/08 15:02:56 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/11/08 15:02:40 | 000,000,122 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2003/11/07 21:57:18 | 000,003,259 | ---- | C] () -- C:\WINDOWS\twinnt50.ini
[2003/11/06 14:00:45 | 000,000,401 | ---- | C] () -- C:\WINDOWS\SCANFX.INI
[2002/10/27 00:24:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/10/26 19:47:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/12/03 16:50:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 16:50:20 | 000,708,608 | R--- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2000/07/07 06:49:30 | 000,069,120 | R--- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/12 16:28:12 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 16:24:10 | 000,338,944 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

========== LOP Check ==========

[2004/11/08 21:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2008/03/07 23:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CHEXP
[2003/11/06 15:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/05/29 15:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/03/07 23:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Penpower
[2007/05/04 18:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/07/20 17:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2010/04/03 15:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2007/05/24 17:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chiang-Tung\Application Data\Canon
[2003/11/08 17:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chiang-Tung\Application Data\InterTrust
[2005/09/16 21:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chiang-Tung\Application Data\MailFrontier
[2008/05/12 22:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chiang-Tung\Application Data\NewSoft
[2009/04/23 10:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chiang-Tung\Application Data\pdf995
[2003/11/06 10:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chiang-Tung\Application Data\RHpS
[2007/05/04 18:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chiang-Tung\Application Data\ScanSoft
[2010/04/03 15:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chiang-Tung\Application Data\TaxCut
[2010/06/04 08:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chiang-Tung\Application Data\Windows Desktop Search
[2010/10/04 15:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Windows Desktop Search
[2006/04/30 20:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\.bittorrent
[2008/07/07 10:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Canon
[2010/10/17 01:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\ElevatedDiagnostics
[2008/12/15 00:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Emulators
[2005/05/07 21:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\InterTrust
[2003/11/08 12:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Kontiki
[2009/04/14 18:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\NewSoft
[2009/04/12 20:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\pdf995
[2010/05/29 15:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\TaxCut
[2010/06/03 23:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Windows Desktop Search
[2010/08/01 19:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\Windows Search
[2006/10/25 00:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jesse\Application Data\X10 Commander
[2006/08/02 21:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\.bittorrent
[2008/12/08 04:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\Canon
[2004/12/27 17:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\MailFrontier
[2009/04/12 21:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\NewSoft
[2009/04/13 14:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\TaxCut
[2010/06/03 20:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Judy\Application Data\Windows Desktop Search
[2008/09/30 23:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Memi\Application Data\NewSoft
[2010/07/05 16:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Memi\Application Data\Windows Desktop Search
[2003/11/06 09:04:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA(1).DAT

========== Purity Check ==========



< End of report >



#9 Guppie

Guppie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 17 October 2010 - 10:57 AM

Extras.txt:

QUOTE
OTL Extras logfile created on: 10/17/2010 11:44:52 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Jesse\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 94.17 Gb Free Space | 63.18% Space Free | Partition Type: NTFS

Computer Name: CHANG-AMD | User Name: Jesse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-299502267-1708537768-854245398-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe" = C:\Program Files\PlayOnline\SquareEnix\PlayOnlineViewer\pol.exe:*:Enabled:PlayOnline Viewer -- (SQUARE ENIX CO., LTD.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{056BE8EE-ED63-E41A-BB10-2837D8062589}" = ccc-core-static
"{0928B2C5-0B16-C2FB-7BAE-A25901414687}" = ATI Catalyst Install Manager
"{0FC0C607-5539-FBBD-4D92-B42FDE4302E2}" = CCC Help English
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{16BD54E2-0A2F-4CAD-8AA1-6D2220FDA6CF}" = SmartFTP Client
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}" = PowerQuest PartitionMagic 7.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28359586-3409-4435-8302-B8D93BB78625}" = Penpower Chinese Expert
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A915D43-FD4F-4e4f-BEF7-B75C160B0236}" = HP LaserJet M2727 MFP Series 5.0
"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"{41369F9D-FF51-464F-9FFB-33198BA24CC9}" = USB Modem Driver
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D228AA-4284-467A-9DB6-942B92BFF656}" = DVDDec
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{4F02C4F5-0FE6-42E0-B440-0E5D3F939790}" = DataPilot USB Driver Pack
"{51FC5315-20D4-4B6D-89B4-8776DC5A12CA}" = H&R Block Pennsylvania 2009
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{5672A10E-1B21-4C2F-85D3-3542D0BC8246}" = hppscanM2727
"{5AA47460-846F-1470-8FBE-4B1ACF372CB7}" = Catalyst Control Center Graphics Full Existing
"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"{5DD67ADC-2182-5BC5-8D24-83D1B9444260}" = ccc-utility
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{698F5CB3-784C-44C9-BD86-B12839EDB48E}" = miniScanEYE II driver
"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = SAS10
"{79207BEE-6CD3-483C-824C-944663BACAC4}" = TaxCut Premium + Efile 2008
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6D15B89B-EFAD-40D8-A9BB-205094F21698}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A071EC00-49C6-9F73-E925-E4B0C2C311C8}" = Catalyst Control Center Graphics Full New
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{A86C2C36-268E-4972-28D2-58ED934EB1F6}" = Catalyst Control Center Graphics Light
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B00690AD-B4F5-4730-9110-5C495B89E647}" = Scan
"{B58436F5-EEC6-4005-A1B7-26597CD4B644}" = DataPilot
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CBBB0EB1-7EB3-5755-7085-C580236B4935}" = Catalyst Control Center Graphics Previews Common
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1F868C4-382B-452B-87D7-7CA4C52A06DB}" = Penpower Chinese Expert
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D697132F-44BA-4E82-B682-A0E40466DC38}" = Penpower miniScanEYE II
"{D8AE6C92-FE90-011B-9D79-6056E9E64CEA}" = ccc-core-preinstall
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E8626A59-FD0E-449C-A23A-C52FC0733629}" = Tseries BIOS Update
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{F0B0D1F8-45EA-8487-9724-1132E6C103C3}" = Catalyst Control Center Core Implementation
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FCC07EEA-FA18-4A21-9105-9666603C6885}" = McAfee Virtual Technician
"7-Zip" = 7-Zip 4.42
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 6.5" = Adobe PageMaker 6.5
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Canon CanoScan LiDE 600F User Registration" = Canon CanoScan LiDE 600F User Registration
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Combined Community Codec Pack" = Combined Community Codec Pack 2006-07-28 (Remove Only)
"comcastDD" = Desktop Doctor
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow" = ffdshow
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HP OrderReminder" = HP OrderReminder
"HP-LaserJet 1018" = LaserJet 1018
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"InstallShield_{41369F9D-FF51-464F-9FFB-33198BA24CC9}" = USB Modem Driver
"InstallShield_{45D228AA-4284-467A-9DB6-942B92BFF656}" = ATI DVD Decoder 2.2.0.0
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"InstallShield_{4F02C4F5-0FE6-42E0-B440-0E5D3F939790}" = DataPilot USB Driver Pack
"InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"InstallShield_{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = AuthorScript Engine 1.0
"InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"InstallShield_{B58436F5-EEC6-4005-A1B7-26597CD4B644}" = DataPilot
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MuseScore" = MuseScore 0.9.6 MuseScore score typesetter
"N360" = Norton Security Suite
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NetMos Technology" = NetMos Multi-IO Controller
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpticPro Key" = Color Flatbed Scanner
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"Quicken 2002 Basic" = Quicken 2002 Basic
"RealPlayer 12.0" = RealPlayer
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Tera Term Pro" = Tera Term Pro
"TwinBridge Chinese Partner V6.0" = TwinBridge Chinese Partner V6.0
"VSFilter_is1" = VSFilter 2.36
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZHTIELangPack" = Chinese (Traditional) Language Support

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-299502267-1708537768-854245398-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/7/2010 10:51:22 PM | Computer Name = CHANG-AMD | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CHIANG-TUNG\MY DOCUMENTS\???????.DOCX>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 9/14/2010 7:08:50 PM | Computer Name = CHANG-AMD | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 9/15/2010 11:14:17 AM | Computer Name = CHANG-AMD | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/15/2010 11:14:17 AM | Computer Name = CHANG-AMD | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/20/2010 5:48:32 PM | Computer Name = CHANG-AMD | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 9/20/2010 7:54:56 PM | Computer Name = CHANG-AMD | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Program Files\MuseScore\bin\mscore.exe
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program mscore.exe because of this error.

Program:
mscore.exe File: C:\Program Files\MuseScore\bin\mscore.exe The error value is listed
in the Additional Data section. User Action 1. Open the file again. This situation
might be a temporary problem that corrects itself when the program runs again. 2.
If the file still cannot be accessed and - It is on the network, your network administrator
should verify that there is not a problem with the network and that the server
can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM,
verify that the disk is fully inserted into the computer. 3. Check and repair the
file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD,
and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4.
If the problem persists, restore the file from a backup copy. 5. Determine whether
other files on the same disk can be opened. If not, the disk might be damaged.
If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance. Additional Data Error value: C000009C Disk type: 3

Error - 9/20/2010 7:56:23 PM | Computer Name = CHANG-AMD | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 108.1.1.10, faulting module
ncwTrust.dll, version 16.8.0.41, fault address 0x0007d2ea.

Error - 9/21/2010 12:01:13 PM | Computer Name = CHANG-AMD | Source = Application Error | ID = 1004
Description = Faulting application ccSvcHst.exe, version 108.1.1.10, faulting module
ncwTrust.dll, version 16.8.0.41, fault address 0x0007d2ea.

Error - 10/1/2010 2:56:06 PM | Computer Name = CHANG-AMD | Source = ESENT | ID = 485
Description = wuauclt (2452) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 10/1/2010 2:56:06 PM | Computer Name = CHANG-AMD | Source = ESENT | ID = 485
Description = wuauclt (2452) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

[ System Events ]
Error - 10/17/2010 12:59:47 AM | Computer Name = CHANG-AMD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 10/17/2010 1:10:06 AM | Computer Name = CHANG-AMD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 10/17/2010 1:10:06 AM | Computer Name = CHANG-AMD | Source = Service Control Manager | ID = 7000
Description = The ATI Smart service failed to start due to the following error:
%%2

Error - 10/17/2010 1:10:15 AM | Computer Name = CHANG-AMD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 10/17/2010 1:20:31 AM | Computer Name = CHANG-AMD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 10/17/2010 1:20:31 AM | Computer Name = CHANG-AMD | Source = Service Control Manager | ID = 7000
Description = The ATI Smart service failed to start due to the following error:
%%2

Error - 10/17/2010 1:20:38 AM | Computer Name = CHANG-AMD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 10/17/2010 11:31:11 AM | Computer Name = CHANG-AMD | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 10/17/2010 11:31:11 AM | Computer Name = CHANG-AMD | Source = Service Control Manager | ID = 7000
Description = The ATI Smart service failed to start due to the following error:
%%2

Error - 10/17/2010 11:31:16 AM | Computer Name = CHANG-AMD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >


#10 Guppie

Guppie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 17 October 2010 - 11:04 AM

Report.txt:

QUOTE
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xAC1F7000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6066176 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xF2D1B000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 5165056 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBD20B000 C:\WINDOWS\System32\ati3duag.dll 3702784 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D4000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D4000 PnpManager 2260992 bytes
0x804D4000 RAW 2260992 bytes
0x804D4000 WMIxWDM 2260992 bytes
0xBD593000 C:\WINDOWS\System32\ativvaxx.dll 2256896 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA8774000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101016.003\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine)
0xABCAF000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0xBD060000 C:\WINDOWS\System32\ati2cqag.dll 692224 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBD109000 C:\WINDOWS\System32\atikvmag.dll 643072 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF7297000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xABD5B000 C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xABE55000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBD1A6000 C:\WINDOWS\System32\atiok3x2.dll 413696 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
0xABDF7000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF2BEF000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAC11B000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAC021000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101015.003\IDSxpx86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0xA8D79000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA88EA000 C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0xAC0C4000 C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS 356352 bytes (Symantec Corporation, Network Dispatch Driver)
0xF737A000 SYMDS.SYS 352256 bytes
0xBD012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA807E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7438000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8E21000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF726A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF733B000 SYMEFA.SYS 184320 bytes
0xABEC5000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF2CDF000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xABFF9000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAC09E000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAC079000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xA86EC000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAC7C0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF2C98000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF2C75000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF2CBC000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 143360 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xABFD7000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806FC000 ACPI_HAL 134400 bytes
0x806FC000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73D0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7408000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xABF18000 C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0xABDDA000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xAC7E4000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 106496 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xF7250000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73F0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xABC6F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7324000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF2C5E000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8637000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA8760000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101016.003\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xF2D07000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAC174000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7368000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7427000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF2C4D000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF76E7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7547000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7587000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF75E7000 C:\WINDOWS\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
0xF7637000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7557000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA8A81000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF75F7000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7537000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF74C7000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7577000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7597000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74A7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF75B7000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76B7000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7567000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7497000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF75A7000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF74D7000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7607000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76A7000 C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xF75D7000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74B7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7667000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF75C7000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7677000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xABFC7000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7657000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF784F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF780F000 C:\WINDOWS\System32\Drivers\SCANDEV.SYS 32768 bytes (Plustek Corporation., Plustek Parallel Port Class Driver.)
0xF776F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7797000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF786F000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF788F000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF771F000 viaagp1.sys 28672 bytes (VIA Technologies, Inc., VIA NT AGP Filter)
0xF7787000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF77A7000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77EF000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF782F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF775F000 C:\WINDOWS\system32\drivers\BS_I2cIo.sys 20480 bytes (BIOSTAR Group, I/O Interface driver file)
0xF7817000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF783F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77D7000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7717000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF77E7000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77C7000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7767000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF77B7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAC1CB000 C:\WINDOWS\system32\drivers\BIOS.sys 16384 bytes (BIOSTAR Group, I/O Interface driver file)
0xF795B000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9122000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7937000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF2B2B000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF2B3F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF2B47000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7977000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7947000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7933000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF793F000 C:\WINDOWS\System32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF2B33000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF79BB000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79DB000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79B7000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79BF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79C3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79A9000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79AD000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A50000 amdide.sys 4096 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver)
0xF7A86000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AD5000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7ADF000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7B66000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes
==============================================
>Stealth
==============================================
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891A7DA8 ] TID: 116
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8919CB30 ] TID: 144, 3211318 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8919C020 ] TID: 156, 4194368 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8919CDA8 ] TID: 160
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8919A588 ] TID: 168
0x8055F520 Faked ServiceTable-->realsched.exe [ ETHREAD 0x88E77020 ] TID: 172
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8919D518 ] TID: 176
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891D9BA0 ] TID: 200
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8918E400 ] TID: 268
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x88A1D490 ] TID: 288
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8916FBA0 ] TID: 296
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E5B9A8 ] TID: 300
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x887EE020 ] TID: 392
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89190590 ] TID: 408, 8781826 bytes
0x8055F520 Faked ServiceTable-->WindowsSearch.exe [ ETHREAD 0x887F2020 ] TID: 440
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89161020 ] TID: 460, 8781828 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x891727C8 ] TID: 464
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890B1DA8 ] TID: 500, 8781851 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8916C7B0 ] TID: 516
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89151020 ] TID: 524
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891677A0 ] TID: 528
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8926DAF8 ] TID: 532
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89152DA8 ] TID: 536
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8926D5D0 ] TID: 540
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89161BA0 ] TID: 544
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89161928 ] TID: 548
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8914E790 ] TID: 556
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8914F380 ] TID: 564
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89151390 ] TID: 568
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89152B30 ] TID: 608
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891528B8 ] TID: 612
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89153DA8 ] TID: 616
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89153B30 ] TID: 620
0x8055F520 Faked ServiceTable-->smss.exe [ ETHREAD 0x893B7020 ] TID: 628
0x8055F520 Faked ServiceTable-->smss.exe [ ETHREAD 0x893B8020 ] TID: 632
0x8055F520 Faked ServiceTable-->smss.exe [ ETHREAD 0x893B8A90 ] TID: 636
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89153640 ] TID: 640
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891538B8 ] TID: 644
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88817C70 ] TID: 652
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89154DA8 ] TID: 656
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89148DA8 ] TID: 660
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89141998 ] TID: 664
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89149998 ] TID: 684
0x8055F520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8930BDA8 ] TID: 688
0x8055F520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8934D680 ] TID: 708
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89170BA8 ] TID: 732
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x892FC928 ] TID: 740
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8930ADA8 ] TID: 744
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x892BCDA8 ] TID: 752
0x8055F520 Faked ServiceTable-->realsched.exe [ ETHREAD 0x88F1E9C0 ] TID: 760
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x892AFDA8 ] TID: 780
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x892AFB30 ] TID: 784
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x892AF8B8 ] TID: 788
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x892ACBA0 ] TID: 792
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x892A4BA0 ] TID: 796
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x892A4928 ] TID: 800
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x892A46B0 ] TID: 804
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x892A3998 ] TID: 808
0x8055F520 Faked ServiceTable-->WindowsSearch.exe [ ETHREAD 0x88E85588 ] TID: 820
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89299380 ] TID: 824
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x888D06F0 ] TID: 828
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89144BA0 ] TID: 832
0x8055F520 Faked ServiceTable-->tgcmd.exe [ ETHREAD 0x88E68020 ] TID: 836
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89281B30 ] TID: 844
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8928BBE8 ] TID: 852
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88E12888 ] TID: 856, 10 bytes
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89282BE8 ] TID: 864
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x89292DA8 ] TID: 884
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x89280020 ] TID: 892
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x8929CDA8 ] TID: 900
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8927D590 ] TID: 904
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x8927ABA0 ] TID: 908
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89146520 ] TID: 912
0x8055F520 Faked ServiceTable-->msmsgs.exe [ ETHREAD 0x88F0CDA8 ] TID: 920
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8926EBC8 ] TID: 932
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8925A998 ] TID: 936, 34209804 bytes
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8925A720 ] TID: 940
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8899B9A8 ] TID: 948, 3145776 bytes
0x8055F520 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x892725D8 ] TID: 964
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x89256DA8 ] TID: 972, 33816585 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89132DA8 ] TID: 988
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x890F9388 ] TID: 1000, 196611 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8924A998 ] TID: 1016
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8924B720 ] TID: 1024
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x8926BDA8 ] TID: 1036
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8924DBD0 ] TID: 1048, 7536761 bytes
0x8055F520 Faked ServiceTable-->tgcmd.exe [ ETHREAD 0x88F50BA0 ] TID: 1068
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89243DA8 ] TID: 1084, 4456523 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892409E8 ] TID: 1088, 935368 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89240770 ] TID: 1092
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892404F8 ] TID: 1096
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892282E8 ] TID: 1108
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x891327E0 ] TID: 1128
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x891322F0 ] TID: 1136
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89131808 ] TID: 1140
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x89127DA8 ] TID: 1152
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8912C7A8 ] TID: 1164
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89243B30 ] TID: 1168
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89239460 ] TID: 1180
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8924A720 ] TID: 1184
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89214020 ] TID: 1196
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8910E998 ] TID: 1220
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89222020 ] TID: 1224
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89119588 ] TID: 1236
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89115DA8 ] TID: 1240, 7536751 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8911A020 ] TID: 1244
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8911ADA8 ] TID: 1248
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8911AB30 ] TID: 1252
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8911A8B8 ] TID: 1256
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89218588 ] TID: 1272
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89115B30 ] TID: 1276
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x8911EDA8 ] TID: 1280
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x887DCDA8 ] TID: 1284, 7536751 bytes
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x89125DA8 ] TID: 1288
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892164A8 ] TID: 1292
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8921F6F0 ] TID: 1296
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x89125B30 ] TID: 1300
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89249930 ] TID: 1304
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89222568 ] TID: 1308
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x89108BA0 ] TID: 1316
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89104790 ] TID: 1320, 2097245 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89100720 ] TID: 1332
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E62DA8 ] TID: 1352
0x8055F520 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x88E5CDA8 ] TID: 1364
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89205380 ] TID: 1376
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8910F998 ] TID: 1380
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89223648 ] TID: 1392
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89200020 ] TID: 1400
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891FBDA8 ] TID: 1424, 32 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891F6998 ] TID: 1444
0x8055F520 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x8920F7D8 ] TID: 1448
0x8055F520 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x891F76B8 ] TID: 1464
0x8055F520 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x891F3020 ] TID: 1472
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891FFDA8 ] TID: 1484
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891E53A8 ] TID: 1488, 7536686 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892005D8 ] TID: 1492
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891D8BA0 ] TID: 1496
0x8055F520 Faked ServiceTable-->rapimgr.exe [ ETHREAD 0x88E495F0 ] TID: 1516
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x891DC9F0 ] TID: 1536
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89086020 ] TID: 1544
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88E4DB30 ] TID: 1548
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A57020 ] TID: 1552
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891C1450 ] TID: 1560, 3276849 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891BB020 ] TID: 1564
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891BB718 ] TID: 1572
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89204BA0 ] TID: 1584
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88E73020 ] TID: 1588
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x891C2DA8 ] TID: 1604
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891AADA8 ] TID: 1624
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x891A17D8 ] TID: 1632
0x8055F520 Faked ServiceTable-->alg.exe [ ETHREAD 0x89086790 ] TID: 1652, 6357091 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890F7388 ] TID: 1684
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F08BA0 ] TID: 1692
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890ED790 ] TID: 1700
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890EB020 ] TID: 1704
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x890EDBA0 ] TID: 1708
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890FFDA8 ] TID: 1720
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890ED518 ] TID: 1724
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8911B7D8 ] TID: 1728, 7536686 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890F05C0 ] TID: 1732
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x890DCDA8 ] TID: 1736
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x890DCB30 ] TID: 1740
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x890F8DA8 ] TID: 1744
0x8055F520 Faked ServiceTable-->alg.exe [ ETHREAD 0x891C16D0 ] TID: 1748
0x8055F520 Faked ServiceTable-->alg.exe [ ETHREAD 0x89081020 ] TID: 1752
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890F5BA8 ] TID: 1780
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89097BC8 ] TID: 1784, 48 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8906E998 ] TID: 1788
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890092E8 ] TID: 1792
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890D2DA8 ] TID: 1800
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890E4428 ] TID: 1808
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890C5DA8 ] TID: 1840
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FE6998 ] TID: 1876
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FE6720 ] TID: 1880
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8903D328 ] TID: 1904, 6815842 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8903E2C8 ] TID: 1908
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890D0930 ] TID: 1912
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89058AF8 ] TID: 1928
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890739A0 ] TID: 1932
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8906B720 ] TID: 1936
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x890E9DA8 ] TID: 1944
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x890C0BA0 ] TID: 1952
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x890C0928 ] TID: 1956, 8061020 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890BF790 ] TID: 1968
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890C6998 ] TID: 1972
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890C6720 ] TID: 1976
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890C64A8 ] TID: 1980
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x890BD588 ] TID: 1984
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x890BCDA8 ] TID: 1988
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x890DDBA0 ] TID: 1992
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8907C020 ] TID: 1996, 3145776 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890C7720 ] TID: 2000
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890C8790 ] TID: 2008
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890AABA0 ] TID: 2016
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890E8DA8 ] TID: 2028
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890B5380 ] TID: 2032
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891A98B8 ] TID: 2036
0x8055F520 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x88F03BA0 ] TID: 2052
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FE4500 ] TID: 2060, 3538999 bytes
0x8055F520 Faked ServiceTable-->rapimgr.exe [ ETHREAD 0x88F36730 ] TID: 2088
0x8055F520 Faked ServiceTable-->wcescomm.exe [ ETHREAD 0x8A68A020 ] TID: 2092
0x8055F520 Faked ServiceTable-->rapimgr.exe [ ETHREAD 0x88E3CDA8 ] TID: 2096
0x8055F520 Faked ServiceTable-->rapimgr.exe [ ETHREAD 0x88E35538 ] TID: 2100
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89001430 ] TID: 2112
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FE52E0 ] TID: 2120
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FDFDA8 ] TID: 2168
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8905CBA0 ] TID: 2176
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FF7020 ] TID: 2180
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FE4998 ] TID: 2184
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FE7020 ] TID: 2188
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FF6320 ] TID: 2192
0x8055F520 Faked ServiceTable-->CPenDesk.exe [ ETHREAD 0x88EEC588 ] TID: 2196
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89250388 ] TID: 2216
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FE7BA8 ] TID: 2220
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x8887B020 ] TID: 2228, 939976 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FE6DA8 ] TID: 2232
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8929BBA8 ] TID: 2236
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FDEBB8 ] TID: 2244
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A6829A0 ] TID: 2248
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8907C588 ] TID: 2268
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88FDFB30 ] TID: 2288
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x88843020 ] TID: 2300
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88FDF6B0 ] TID: 2332
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88FE4DA8 ] TID: 2336
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8905FAF8 ] TID: 2340
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88FA5790 ] TID: 2352
0x8055F520 Faked ServiceTable-->GoogleToolbarNotifier.exe [ ETHREAD 0x88E1D590 ] TID: 2368
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89F16020 ] TID: 2472
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89247428 ] TID: 2488
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89101020 ] TID: 2504
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8883D610 ] TID: 2516
0x8055F520 Faked ServiceTable-->WindowsSearch.exe [ ETHREAD 0x88F44BC8 ] TID: 2568
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E03BA0 ] TID: 2580
0x8055F520 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x88E07DA8 ] TID: 2584
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88E03928 ] TID: 2592
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x887EDC60 ] TID: 2668, 5832704 bytes
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88F2A798 ] TID: 2684
0x8055F520 Faked ServiceTable-->ONENOTEM.EXE [ ETHREAD 0x88F89DA8 ] TID: 2712
0x8055F520 Faked ServiceTable-->wcescomm.exe [ ETHREAD 0x89248A10 ] TID: 2716
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8929F020 ] TID: 2720
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8929AC00 ] TID: 2724
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89248588 ] TID: 2728, 6881357 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E4A998 ] TID: 2736
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89F70AE0 ] TID: 2748
0x8055F520 Faked ServiceTable-->tgcmd.exe [ ETHREAD 0x88E26020 ] TID: 2808
0x8055F520 Faked ServiceTable-->tgcmd.exe [ ETHREAD 0x890F8388 ] TID: 2824
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A71DB30 ] TID: 2836
0x8055F520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x892B2B08 ] TID: 2844
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8938A770 ] TID: 2848
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F9B020 ] TID: 2912
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x891F5318 ] TID: 2928
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88EAF020 ] TID: 2960
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88F17BA8 ] TID: 2984
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89F0FBA8 ] TID: 3020
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88F905C8 ] TID: 3028, 6029362 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E9A020 ] TID: 3056
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x890A3588 ] TID: 3060
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89102790 ] TID: 3064, 130 bytes
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x890AD798 ] TID: 3108
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x891F33D8 ] TID: 3128
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FFF790 ] TID: 3176, 962568 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89098420 ] TID: 3188
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F88790 ] TID: 3204
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FE0BA0 ] TID: 3232
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FE06B0 ] TID: 3240
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FBD020 ] TID: 3260
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FEB588 ] TID: 3264
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8908C020 ] TID: 3268
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FD0DA8 ] TID: 3280
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8A678998 ] TID: 3284
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8A678518 ] TID: 3288
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x887F59C8 ] TID: 3296
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890807A0 ] TID: 3300
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FB9020 ] TID: 3324
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FEBBA8 ] TID: 3336
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FB8020 ] TID: 3360
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89098020 ] TID: 3380
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8909A998 ] TID: 3388
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88F7A7A0 ] TID: 3404
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x89098998 ] TID: 3412
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x891359A0 ] TID: 3456
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8910B7A0 ] TID: 3472
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88E39020 ] TID: 3488
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88E945B8 ] TID: 3492
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x888C52A8 ] TID: 3516
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88EE97B8 ] TID: 3544
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88E15DA8 ] TID: 3636
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C00548 ] TID: 3676
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FBFBA0 ] TID: 3696
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FBF928 ] TID: 3700
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FBF380 ] TID: 3708
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88F66330 ] TID: 3732
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88DF8DA8 ] TID: 3744
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F43998 ] TID: 3768
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89338598 ] TID: 3772
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88FFC998 ] TID: 3776
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A66FDA8 ] TID: 3796
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FD2AF8 ] TID: 3820
0x8055F520 Faked ServiceTable-->realsched.exe [ ETHREAD 0x888179F8 ] TID: 3872
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x887ACDA8 ] TID: 3892
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x887DC848 ] TID: 3900
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x891AED40 ] TID: 3908
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8881F020 ] TID: 3924
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88AD82F8 ] TID: 3932
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x8A6684E0 ] TID: 3936
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88AD5020 ] TID: 3944
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88C1BDA8 ] TID: 3956
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88E9FA00 ] TID: 3964
0x8055F520 Faked ServiceTable-->OrderReminder.exe [ ETHREAD 0x88E8E380 ] TID: 3996


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:24 AM

Posted 17 October 2010 - 11:06 AM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Guppie

Guppie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 17 October 2010 - 11:57 AM

Combofix log.txt:
QUOTE
ComboFix 10-10-16.04 - Jesse 10/17/2010 12:38:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1425 [GMT -4:00]
Running from: c:\documents and settings\Jesse\Desktop\ComboFix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\driver
c:\windows\command
c:\windows\command\UTILITY\GZIP.DOC
c:\windows\Downloaded Program Files\Install.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RPCPATCH
-------\Service_RpcPatch


((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.

2010-10-17 05:15 . 2010-10-17 05:15 -------- d-----w- c:\documents and settings\Jesse\Application Data\ElevatedDiagnostics
2010-10-13 02:36 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 02:36 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 02:36 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-05 02:42 . 2010-10-06 02:20 -------- d-----w- c:\windows\system32\drivers\N360\0402000.00C
2010-10-04 19:57 . 2010-10-04 19:57 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Identities
2010-10-04 19:57 . 2010-10-04 19:57 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Desktop Search
2010-10-03 18:09 . 2010-10-03 18:09 -------- d-----w- C:\N360_BACKUP
2010-10-03 18:03 . 2010-10-03 18:03 -------- d-----w- c:\program files\Symantec
2010-10-03 18:03 . 2010-10-03 18:03 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-03 18:03 . 2010-10-03 18:03 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-03 18:01 . 2010-10-03 18:01 -------- d-----w- c:\program files\Norton Security Suite
2010-10-03 18:01 . 2010-10-03 18:01 -------- d-----w- c:\program files\NortonInstaller
2010-10-03 15:56 . 2010-10-03 15:56 -------- d-----w- c:\documents and settings\Jesse\Application Data\SUPERAntiSpyware.com
2010-10-03 15:56 . 2010-10-03 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-13 202256]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-04 18702336]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\Chiang-Tung\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Jesse\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CPenDesk.lnk - c:\documents and settings\All Users\Application Data\Penpower\CPenManager\CPenDesk.exe [2008-3-7 184320]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [10/4/2010 10:44 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [10/4/2010 10:44 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [10/5/2010 10:38 PM 692272]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [3/24/2010 9:20 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [3/24/2010 10:19 PM 17024]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [10/4/2010 10:44 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [10/4/2010 10:44 PM 116784]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [10/4/2010 10:43 PM 126392]
R2 SCANDEV;SCANDEV;c:\windows\system32\drivers\SCANDEV.SYS [11/6/2003 3:28 PM 131804]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/4/2010 3:32 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101015.003\IDSXpx86.sys [10/13/2010 3:59 PM 341880]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Jesse\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Jesse\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Jesse\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\Jesse\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [10/3/2001 1:47 PM 148352]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/24/2010 10:17 PM 1684736]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 6:26 PM 135664]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [5/29/2010 3:23 PM 20504]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [11/13/2004 10:42 PM 36224]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/25/2010 9:46 AM 38224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?]
S3 MiniScanEye;MiniScanEye;c:\windows\system32\drivers\minsceye.sys [3/7/2008 11:06 PM 14382]
S3 Normandy;Normandy SR2; [x]
S3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\drivers\pendfu.sys [3/7/2008 11:05 PM 32408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 22:26]

2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 22:26]

2010-10-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1708537768-854245398-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-10-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1708537768-854245398-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-10-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1708537768-854245398-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-10-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1708537768-854245398-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-10-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1708537768-854245398-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-10-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1708537768-854245398-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-09-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1708537768-854245398-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-10-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1708537768-854245398-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://comcast.net/home.html
mWindow Title = Microsoft Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {470A6E01-15A3-49B3-B8B9-8EDF4AC1A480} - hxxp://sp.ask.com/docs/teoma/toolbar/download/teomab-inst.cab
DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} - hxxps://remote-us.albemarle.com/nortel_cacheable/iewiper.cab
FF - ProfilePath - c:\documents and settings\Jesse\Application Data\Mozilla\Firefox\Profiles\kgy1kftz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Jesse\Application Data\Mozilla\Firefox\Profiles\kgy1kftz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
SafeBoot-MCODS
AddRemove-OpticPro Key - c:\scanner\UNINSTAL\SETUP.EXE



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\13.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-10-17 12:50:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-17 16:50

Pre-Run: 102,345,621,504 bytes free
Post-Run: 106,117,165,056 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /usepmtimer
[spybotsd]
timeout.old=30

- - End Of File - - 258343A6B03F6F9D723FC49910EB2C7C


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:24 AM

Posted 17 October 2010 - 12:05 PM

Could you now please rerun Rootkit Unhooker and make sure Norton is disabled before doing so?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Guppie

Guppie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 17 October 2010 - 12:18 PM

Also, got this BSOD earlier today (But not while running Combofix or any of the other utilities, this happened prior to those):
QUOTE
STOP 0x0000008E (0xC0000005, 0x00000000, 0xA89A0670, 0x00000000)




#15 Guppie

Guppie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 17 October 2010 - 12:38 PM

QUOTE(elise025 @ Oct 17 2010, 01:05 PM) View Post
Could you now please rerun Rootkit Unhooker and make sure Norton is disabled before doing so?


QUOTE
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xAC1F7000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6066176 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xF2D1B000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 5165056 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBD20B000 C:\WINDOWS\System32\ati3duag.dll 3702784 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D4000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D4000 PnpManager 2260992 bytes
0x804D4000 RAW 2260992 bytes
0x804D4000 WMIxWDM 2260992 bytes
0xBD593000 C:\WINDOWS\System32\ativvaxx.dll 2256896 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA7799000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101017.003\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine)
0xABCAF000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0xBD060000 C:\WINDOWS\System32\ati2cqag.dll 692224 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBD109000 C:\WINDOWS\System32\atikvmag.dll 643072 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF7297000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xABD5B000 C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xABE55000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBD1A6000 C:\WINDOWS\System32\atiok3x2.dll 413696 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
0xABDF7000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF2BEF000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAC11B000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAC021000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101015.003\IDSxpx86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0xA8B84000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA7CB2000 C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0xAC0C4000 C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS 356352 bytes (Symantec Corporation, Network Dispatch Driver)
0xF737A000 SYMDS.SYS 352256 bytes
0xBD012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA83C3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7438000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8DBE000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF726A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF733B000 SYMEFA.SYS 184320 bytes
0xA775A000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xABEC5000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF2CDF000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xABFF9000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAC09E000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAC079000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xA7E74000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAC7C0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF2C98000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF2C75000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF2CBC000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 143360 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xABFD7000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806FC000 ACPI_HAL 134400 bytes
0x806FC000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73D0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7408000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xABF18000 C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0xABDDA000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xAC7E4000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 106496 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xF7250000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73F0000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xABC6F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7324000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF2C5E000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8E39000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA7785000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101017.003\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xF2D07000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAC174000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7368000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7427000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF2C4D000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF76D7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7537000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7577000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF75D7000 C:\WINDOWS\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
0xF7627000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7547000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA8F3E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF75E7000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7527000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF74C7000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7567000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7587000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74A7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF75A7000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76A7000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7557000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7497000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7597000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF74D7000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF75F7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7697000 C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xF75C7000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74B7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7657000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF75B7000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7667000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA8444000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7647000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7857000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF788F000 C:\WINDOWS\System32\Drivers\SCANDEV.SYS 32768 bytes (Plustek Corporation., Plustek Parallel Port Class Driver.)
0xF7777000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF779F000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7877000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF772F000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF775F000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF771F000 viaagp1.sys 28672 bytes (VIA Technologies, Inc., VIA NT AGP Filter)
0xF778F000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF77AF000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF782F000 C:\DOCUME~1\Jesse\LOCALS~1\Temp\mbr.sys 24576 bytes
0xF77F7000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7837000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7787000 C:\WINDOWS\system32\drivers\BS_I2cIo.sys 20480 bytes (BIOSTAR Group, I/O Interface driver file)
0xF781F000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7847000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77DF000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7717000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF77EF000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77CF000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF776F000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF77E7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAC1D7000 C:\WINDOWS\system32\drivers\BIOS.sys 16384 bytes (BIOSTAR Group, I/O Interface driver file)
0xF795B000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA913E000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7937000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF2B2B000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF792B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF2B3F000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF7977000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7947000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7933000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF793F000 C:\WINDOWS\System32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF2B33000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF79AB000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79C7000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79A7000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79AF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79D9000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xF79B3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7999000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF799D000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A50000 amdide.sys 4096 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver)
0xF7BA9000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7B9F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A81000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7AFC000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes
==============================================
>Stealth
==============================================
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x888A0020 ] TID: 144
0x8055F520 Faked ServiceTable-->tgcmd.exe [ ETHREAD 0x88E009B0 ] TID: 152, 6619182 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88B44798 ] TID: 164, 6881394 bytes
0x8055F520 Faked ServiceTable-->WindowsSearch.exe [ ETHREAD 0x88D40DA8 ] TID: 168
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88FD1DA8 ] TID: 188
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8915E998 ] TID: 200
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8907A588 ] TID: 216, 4194368 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8911DBA0 ] TID: 220
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8911D928 ] TID: 224
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8902C7A0 ] TID: 272
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F02020 ] TID: 292
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88B12020 ] TID: 300
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89155DA8 ] TID: 304
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x891187A8 ] TID: 308
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88D4E488 ] TID: 392
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8915B020 ] TID: 420, 8781826 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89155B30 ] TID: 424
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x890787A8 ] TID: 432, 8781831 bytes
0x8055F520 Faked ServiceTable-->rapimgr.exe [ ETHREAD 0x88E90518 ] TID: 452
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x890E6980 ] TID: 456, 8781840 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89119BA8 ] TID: 464
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89115DA8 ] TID: 468, 8781861 bytes
0x8055F520 Faked ServiceTable-->wcescomm.exe [ ETHREAD 0x892EF020 ] TID: 472
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89034720 ] TID: 476
0x8055F520 Faked ServiceTable-->rapimgr.exe [ ETHREAD 0x89172DA8 ] TID: 480
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89E9FDA8 ] TID: 488
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A49798 ] TID: 496
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x8893FDA8 ] TID: 508
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FB2DA8 ] TID: 512
0x8055F520 Faked ServiceTable-->rapimgr.exe [ ETHREAD 0x88F1DDA8 ] TID: 524
0x8055F520 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x88E8FA38 ] TID: 536
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88FC3830 ] TID: 564
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889892A8 ] TID: 568
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890DE998 ] TID: 612
0x8055F520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8937D020 ] TID: 628
0x8055F520 Faked ServiceTable-->smss.exe [ ETHREAD 0x89391DA8 ] TID: 632
0x8055F520 Faked ServiceTable-->smss.exe [ ETHREAD 0x89391B30 ] TID: 636
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89070DA8 ] TID: 648
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89023530 ] TID: 660
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x88A0C020 ] TID: 664
0x8055F520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x89300DA8 ] TID: 684
0x8055F520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x892D7380 ] TID: 704
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x892A6A90 ] TID: 740
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x892C96F8 ] TID: 748
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A1C020 ] TID: 756, 3014767 bytes
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x8927DDA8 ] TID: 776
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x8927DB30 ] TID: 780, 3145796 bytes
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x8927D8B8 ] TID: 784, 3145780 bytes
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8926F020 ] TID: 788
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8927BBA0 ] TID: 792
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8927B928 ] TID: 796, 508808 bytes
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89282DA8 ] TID: 800, 6553667 bytes
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8926CDA8 ] TID: 804
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x88FBE928 ] TID: 812
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89265998 ] TID: 816
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88FE8A48 ] TID: 836
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89261B30 ] TID: 844
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89272DA8 ] TID: 848
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89272B30 ] TID: 852
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89253928 ] TID: 864
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x89270BA8 ] TID: 884
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x89258BD0 ] TID: 892
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x89251820 ] TID: 904
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x8924E5D8 ] TID: 912
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89007998 ] TID: 920
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89247DA8 ] TID: 936
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8923F998 ] TID: 940
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8923F720 ] TID: 944
0x8055F520 Faked ServiceTable-->CPenDesk.exe [ ETHREAD 0x8920EDA8 ] TID: 952
0x8055F520 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x8923DBA0 ] TID: 968
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x89228BA0 ] TID: 980
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x89069020 ] TID: 1000
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88FE87D0 ] TID: 1004
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x89076DA8 ] TID: 1008
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89218BA0 ] TID: 1024, 7209074 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89218928 ] TID: 1028
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892186B0 ] TID: 1032, 33816579 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88AFD020 ] TID: 1040
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x89229998 ] TID: 1044, 5374020 bytes
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8923EB30 ] TID: 1052
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8907DB28 ] TID: 1068, 7471204 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891FFBA0 ] TID: 1080
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891FF720 ] TID: 1084, 4259907 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891FF4A8 ] TID: 1088
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89236DA8 ] TID: 1092, 5177410 bytes
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88A7FBF0 ] TID: 1096
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89202020 ] TID: 1104
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891463F8 ] TID: 1128
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88938B78 ] TID: 1164
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891ED020 ] TID: 1176
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891F0DA8 ] TID: 1180
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x892599A8 ] TID: 1184
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892009A0 ] TID: 1196
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8900DDA8 ] TID: 1216
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8900E5E8 ] TID: 1228
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891DF378 ] TID: 1232
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88D41580 ] TID: 1236
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x891EDB30 ] TID: 1240
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89005DA8 ] TID: 1244
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8901A788 ] TID: 1248
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89231DA8 ] TID: 1252
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x890B2DA8 ] TID: 1256
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892315B0 ] TID: 1268
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890098B8 ] TID: 1276
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891DB998 ] TID: 1280
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890F0518 ] TID: 1288, 2097184 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89163020 ] TID: 1300
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890F75C8 ] TID: 1304
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890C3998 ] TID: 1308
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89009DA8 ] TID: 1312
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89009B30 ] TID: 1316
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891E57B8 ] TID: 1324
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891DA928 ] TID: 1328
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8900FDA8 ] TID: 1340
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8900FA70 ] TID: 1344
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FC5DA8 ] TID: 1348
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8900C938 ] TID: 1352
0x8055F520 Faked ServiceTable-->tgcmd.exe [ ETHREAD 0x88E3C9A0 ] TID: 1356
0x8055F520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x890F5DA8 ] TID: 1360
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x891EADA8 ] TID: 1372
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x891CD998 ] TID: 1388
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x891CD720 ] TID: 1396, 2097184 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x891B7020 ] TID: 1400
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x89113810 ] TID: 1404
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890B4A20 ] TID: 1420
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891BE998 ] TID: 1424
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890AF790 ] TID: 1428
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FFE020 ] TID: 1432
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891CF998 ] TID: 1440
0x8055F520 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x891EF518 ] TID: 1444
0x8055F520 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x891C6020 ] TID: 1460
0x8055F520 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x891DCB88 ] TID: 1464
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FF6BA8 ] TID: 1476
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889168B8 ] TID: 1480
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8A65B580 ] TID: 1484
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FFDDA8 ] TID: 1488
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89194288 ] TID: 1496
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891C78D8 ] TID: 1500
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891AEBA0 ] TID: 1504
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891B7998 ] TID: 1508
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8918BDA8 ] TID: 1528
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88AA15B8 ] TID: 1540
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89188020 ] TID: 1548
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89188DA8 ] TID: 1552, 7143539 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891886B0 ] TID: 1560
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891803F0 ] TID: 1564
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88EFFDA8 ] TID: 1576
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89179020 ] TID: 1588
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8905E020 ] TID: 1596
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FCC588 ] TID: 1612
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89173DA8 ] TID: 1616
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88938900 ] TID: 1624, 7536686 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FEF380 ] TID: 1628
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88952870 ] TID: 1632
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89141020 ] TID: 1636
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x888D1DA8 ] TID: 1652
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890A4720 ] TID: 1656
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89012318 ] TID: 1660
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8913A510 ] TID: 1688
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A10968 ] TID: 1692, 5963776 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FEB998 ] TID: 1696
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FEEC68 ] TID: 1700
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x889C1DA8 ] TID: 1708
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890A9BC8 ] TID: 1712
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A24DA8 ] TID: 1716
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89099DA8 ] TID: 1728
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FE7DA8 ] TID: 1732
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89180AF8 ] TID: 1736, 6815842 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89132DA8 ] TID: 1740
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8909BDA8 ] TID: 1744
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8909B740 ] TID: 1748
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8909A998 ] TID: 1752
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89131DA8 ] TID: 1756
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FDE998 ] TID: 1768
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FD6BA0 ] TID: 1796
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88FD6020 ] TID: 1800
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88FE2498 ] TID: 1820
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x89128DA8 ] TID: 1824
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x89095DA8 ] TID: 1828
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89064588 ] TID: 1852
0x8055F520 Faked ServiceTable-->GoogleToolbarNotifier.exe [ ETHREAD 0x89F372F8 ] TID: 1856
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x889049B0 ] TID: 1864
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88908020 ] TID: 1876
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A60CD8 ] TID: 1884, 4587640 bytes
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88A33020 ] TID: 1904
0x8055F520 Faked ServiceTable-->WindowsSearch.exe [ ETHREAD 0x89051B30 ] TID: 1912
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889B0DA8 ] TID: 1932
0x8055F520 Faked ServiceTable-->wcescomm.exe [ ETHREAD 0x8A68B518 ] TID: 1940
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89075900 ] TID: 1948
0x8055F520 Faked ServiceTable-->WindowsSearch.exe [ ETHREAD 0x88E41DA8 ] TID: 1968
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89169020 ] TID: 1972
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x891149B0 ] TID: 1980
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88DE66B0 ] TID: 1996
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8908CDA8 ] TID: 2000
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8890E4A8 ] TID: 2016
0x8055F520 Faked ServiceTable-->rapimgr.exe [ ETHREAD 0x89223BC8 ] TID: 2032
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FD5DA8 ] TID: 2036
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x889C0B78 ] TID: 2040
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88FBBBA0 ] TID: 2056
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x89134998 ] TID: 2060
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88FB0398 ] TID: 2064
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88991DA8 ] TID: 2072
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8907DDA8 ] TID: 2080
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89021BA8 ] TID: 2088
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88E49930 ] TID: 2104
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8A685DA8 ] TID: 2108
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88967DA8 ] TID: 2116
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890666F8 ] TID: 2132, 20022712 bytes
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x88E993B8 ] TID: 2140
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88A52020 ] TID: 2152
0x8055F520 Faked ServiceTable-->ONENOTEM.EXE [ ETHREAD 0x8A668728 ] TID: 2156
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89020A70 ] TID: 2176
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88B39DA8 ] TID: 2188
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F05020 ] TID: 2204
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88E83390 ] TID: 2212
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x888B6620 ] TID: 2228
0x8055F520 Faked ServiceTable-->tgcmd.exe [ ETHREAD 0x88DEFBA0 ] TID: 2244
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FB9BC0 ] TID: 2248
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x888EC370 ] TID: 2256
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8907E928 ] TID: 2264
0x8055F520 Faked ServiceTable-->alg.exe [ ETHREAD 0x88FB1998 ] TID: 2288
0x8055F520 Faked ServiceTable-->alg.exe [ ETHREAD 0x890545C0 ] TID: 2296
0x8055F520 Faked ServiceTable-->alg.exe [ ETHREAD 0x8903EDA8 ] TID: 2300
0x8055F520 Faked ServiceTable-->alg.exe [ ETHREAD 0x88FA2A08 ] TID: 2304, 750864 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A54DA8 ] TID: 2312
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8923CBA8 ] TID: 2332, 5439575 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890B1DA8 ] TID: 2336
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8903ADA8 ] TID: 2348
0x8055F520 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x8A683DA8 ] TID: 2364
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889A5B38 ] TID: 2380
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88A28928 ] TID: 2392
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FF54E0 ] TID: 2412
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88B1F580 ] TID: 2428
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89039998 ] TID: 2436
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F9B998 ] TID: 2440
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88EE3B38 ] TID: 2448
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89060878 ] TID: 2456
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89044998 ] TID: 2460
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F92790 ] TID: 2464
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8896FB88 ] TID: 2468
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88DE7380 ] TID: 2488
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89044DA8 ] TID: 2504
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88DE6928 ] TID: 2508
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88DE6BA0 ] TID: 2512
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F3BAF8 ] TID: 2516
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F92DA8 ] TID: 2520
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88DE6020 ] TID: 2524, 393229 bytes
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8895EB78 ] TID: 2528, 20101360 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88DE6438 ] TID: 2536
0x8055F520 Faked ServiceTable-->services.exe [ ETHREAD 0x88C2BDA8 ] TID: 2556, 7602226 bytes
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88942DA8 ] TID: 2560
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F3ADA8 ] TID: 2572
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F25DA8 ] TID: 2584
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x888B4DA8 ] TID: 2612
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F36BA0 ] TID: 2624, 5963776 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F29020 ] TID: 2628
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8934A020 ] TID: 2636
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A23DA8 ] TID: 2644, 130 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F24B30 ] TID: 2648
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F387B8 ] TID: 2656
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F29588 ] TID: 2664, 999056 bytes
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F913B0 ] TID: 2668
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F36928 ] TID: 2672
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F18DA8 ] TID: 2676
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F225E0 ] TID: 2696, 2097196 bytes
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F1B998 ] TID: 2700
0x8055F520 Faked ServiceTable-->tgcmd.exe [ ETHREAD 0x88E3F020 ] TID: 2704
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F08588 ] TID: 2720
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F27B30 ] TID: 2728
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F05790 ] TID: 2748
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8899C5E8 ] TID: 2756
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88F1FDA8 ] TID: 2768
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F19790 ] TID: 2780
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F04398 ] TID: 2788
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F04790 ] TID: 2800
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F06DA8 ] TID: 2804
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EF1BA0 ] TID: 2808
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EFDDA8 ] TID: 2812
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F06B30 ] TID: 2816
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EFDB30 ] TID: 2820
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EE9DA8 ] TID: 2836
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EB4BA8 ] TID: 2840
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EDFBB0 ] TID: 2852
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x889D3DA8 ] TID: 2864
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F0D848 ] TID: 2880
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EF8DA8 ] TID: 2884
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EF7DA8 ] TID: 2908
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EEF6C0 ] TID: 2932
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EE5790 ] TID: 2960
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E069A8 ] TID: 2964
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88E757E8 ] TID: 2968
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EC8928 ] TID: 2980
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EB2DA8 ] TID: 2984
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EBC8D8 ] TID: 2988
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x888C25A0 ] TID: 3032
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88B393A0 ] TID: 3052
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EA4BA0 ] TID: 3060
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x890889B0 ] TID: 3064
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F18940 ] TID: 3068
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89055020 ] TID: 3072
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EC2BA8 ] TID: 3076
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EB6998 ] TID: 3080
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EA6588 ] TID: 3084
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88972C08 ] TID: 3100
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88940020 ] TID: 3132
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88AA7618 ] TID: 3164
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x8896A020 ] TID: 3172
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x8899C020 ] TID: 3176
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889315E0 ] TID: 3188
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8920FBA8 ] TID: 3212
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88EACDA8 ] TID: 3244
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88E6E430 ] TID: 3248
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88A03DA8 ] TID: 3256
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88A6AB08 ] TID: 3268
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88933668 ] TID: 3284
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E6BB30 ] TID: 3364
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E84DA8 ] TID: 3372
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E799B8 ] TID: 3376
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E769C0 ] TID: 3380
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88A50DA8 ] TID: 3388
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88992B90 ] TID: 3408
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E67DA8 ] TID: 3424
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E54020 ] TID: 3428
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B04538 ] TID: 3468
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E6A7F0 ] TID: 3492
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88DC6718 ] TID: 3496
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E54DA8 ] TID: 3520
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B58BA8 ] TID: 3536
0x8055F520 Faked ServiceTable-->CPenDesk.exe [ ETHREAD 0x890AC798 ] TID: 3540
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B40898 ] TID: 3544
0x8055F520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88973DA8 ] TID: 3556
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88F90658 ] TID: 3616
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x888E9328 ] TID: 3628
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B40020 ] TID: 3668
0x8055F520 Faked ServiceTable-->OrderReminder.exe [ ETHREAD 0x8A632790 ] TID: 3728
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B30DA8 ] TID: 3744
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B305A0 ] TID: 3748
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88B35BB0 ] TID: 3820
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88A05020 ] TID: 3832
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88A15BC8 ] TID: 3840
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A632DA8 ] TID: 3848
0x8055F520 Faked ServiceTable-->wscntfy.exe [ ETHREAD 0x888B5558 ] TID: 3868
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88AFFDA8 ] TID: 3888
0x8055F520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88B65B40 ] TID: 3908
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88AE0020 ] TID: 3912
0x8055F520 Faked ServiceTable-->realsched.exe [ ETHREAD 0x890BE5A0 ] TID: 3916
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88964518 ] TID: 3928
0x8055F520 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x890F2360 ] TID: 3936
0x8055F520 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x889EADA8 ] TID: 3944
0x8055F520 Faked ServiceTable-->realsched.exe [ ETHREAD 0x890DDDA8 ] TID: 3956
0x8055F520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88937020 ] TID: 3968
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8909DBA0 ] TID: 3976
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88B92020 ] TID: 4000
0x8055F520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88958880 ] TID: 4032
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x889B7020 ] TID: 4040
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x888AADA8 ] TID: 4044
0x8055F520 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88E85B30 ] TID: 4068
0x8055F520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89199020 ] TID: 4072
0x8055F520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x889CC858 ] TID: 4080





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users