Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect problem


  • This topic is locked This topic is locked
31 replies to this topic

#1 raindrop

raindrop

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 01 November 2010 - 11:09 AM

Hello,

I am being redirected to different search sites when I try to open a new window when searching for something from Bing.
Also and more important my bank login is being redirected to a page that asks for my card numbers...I have already run combo-fix as I went to other sites before coming to this one,and was asked to do that. I have saved the log. Can I get help even though I have run combo-fix? I read your "read this before you ask anything page" and I did the required checks. I am new to posting, so I hope I have chosen the appropriate topic.

Thank you,
raindrop

Edited by raindrop, 01 November 2010 - 11:14 AM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:52 PM

Posted 08 November 2010 - 05:03 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 raindrop

raindrop
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 09 November 2010 - 12:36 PM

Thank you for your help. I still have the redirect problem and when I ran AVG before i disabled it I was told I have a root-kit and a Trojan. I am having crashes and blue screens in software and on the web. I use IE6 because it is the only version I can get to stay running without crashing (most of the time) and Firefox will usually run, but it crashes often also. I have tried to run the gmer but I can't get it to finish. My computer freezes and says windows cannot save the file try to save it somewhere else, then I have to shut the computer down with the button as nothing will respond...or I get a blue screen before it can finish and I have to shut it down. I have tried to run it 4 times and same results. I appreciate anything you can tell me. Thank you again...
Raindrop
.


DDS (Ver_10-11-09.01) - NTFSx86
Run by sandra white at 22:35:55.41 on Mon 11/08/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.72 [GMT -5:00]


============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\sandra white\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page =
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Uniblue SpyEraser] "c:\program files\uniblue\spyeraser\SpyEraser.exe" -m
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: netflix.com\www
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sandra~1\applic~1\mozilla\firefox\profiles\n93xee7p.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb5a11f&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-3-9 146904]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-11-5 67584]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-9-20 54760]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2010-10-31 125304]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-1 136176]
S3 7ByteIo;7ByteIo; [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\sandra~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\sandra~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]

=============== Created Last 30 ================

2010-11-08 15:05:16 -------- d-----w- c:\windows\Performance
2010-11-08 15:05:06 -------- d-----w- c:\docume~1\sandra~1\locals~1\applic~1\Microsoft Corporation
2010-11-08 15:03:41 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-11-08 14:40:51 -------- d-----w- C:\3abfa7ee487cc29cd4d290
2010-11-08 13:31:10 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2010-11-08 13:27:40 -------- d-----w- c:\program files\Application Verifier
2010-11-06 23:55:19 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-11-06 23:55:19 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-11-06 23:55:19 25600 ----a-w- c:\windows\system32\dllcache\dc210_32.dll
2010-11-06 23:55:19 25600 ----a-w- c:\windows\system32\dc210_32.dll
2010-11-06 23:55:18 80896 ----a-w- c:\windows\system32\dllcache\dc210usd.dll
2010-11-06 23:55:18 80896 ----a-w- c:\windows\system32\dc210usd.dll
2010-11-05 14:33:38 -------- d-----w- c:\program files\Nick Arcade
2010-11-05 12:09:58 -------- d-----w- c:\docume~1\sandra~1\locals~1\applic~1\Safe mirror
2010-11-05 12:07:30 -------- d-----w- c:\program files\Cobian Backup 10
2010-11-04 23:07:26 88064 ----a-w- C:\mbr(2).exe
2010-11-04 17:06:38 15256 ----a-w- c:\docume~1\sandra~1\applic~1\microsoft\identitycrl\production\ppcrlconfig.dll
2010-11-01 15:00:20 -------- d-sha-r- C:\cmdcons
2010-10-31 19:41:36 125304 ----a-w- c:\windows\system32\drivers\dwprot.sys
2010-10-31 14:01:22 -------- d-----w- c:\docume~1\sandra~1\applic~1\Malwarebytes
2010-10-31 14:01:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 14:01:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 14:01:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-31 14:01:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-29 17:17:12 -------- d-----w- c:\program files\My RingTone Maker
2010-10-29 01:32:30 -------- d-----w- c:\docume~1\sandra~1\locals~1\applic~1\DFX
2010-10-27 15:13:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\DFX
2010-10-27 15:13:13 -------- d-----w- c:\program files\common files\DFX
2010-10-20 19:38:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-10-20 19:10:48 -------- d-----w- c:\docume~1\sandra~1\applic~1\Toolbar4
2010-10-20 13:15:44 -------- d-----w- c:\docume~1\sandra~1\locals~1\applic~1\VueSoft
2010-10-14 23:50:08 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-10-31 14:34:25 85504 -c--a-w- c:\windows\MBR.exe
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-15 08:50:37 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 -c--a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 22:36:54.36 ===============

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:52 PM

Posted 11 November 2010 - 01:08 PM

Hello there, my apologies for the delay.

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 raindrop

raindrop
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 11 November 2010 - 07:15 PM

Thank you so much for your help. the file is posted below.


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4497408 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 91.47 )
0xF5B3C000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3960832 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 91.47 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF57C7000 C:\WINDOWS\system32\drivers\P17.sys 1404928 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xF59D1000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xEB1E2000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 778240 bytes
0xF7429000 iaStor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xF591E000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF565A000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF72F6000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF09F6000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5590000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF0ADB000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEB45D000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xECAC1000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF5AE6000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 270336 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xEB4B5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF570D000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xECB39000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF5F27000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 221184 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xF5773000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 196608 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xF55EE000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7555000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF72C9000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF73CC000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xED170000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF0A66000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xECA99000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xF0AB3000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF574D000 C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 155648 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xF74FF000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF09D0000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF57A3000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5F03000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5AC3000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEB903000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xF0A91000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF09AE000 C:\WINDOWS\system32\drivers\cbfs.sys 139264 bytes (EldoS Corporation, Callback File System Driver)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73AC000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7525000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF72AF000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73F8000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF7411000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF74E7000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7383000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF562F000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEB039000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xEBA21000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5646000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF5B28000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF0B34000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF739A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7544000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF561E000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEC3A4000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF6BA7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF6BC7000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF6BD7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7814000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF0D60000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6BF7000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7604000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF75D4000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF7664000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF0DC0000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF7257000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75C4000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xECB85000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF0D70000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xF7644000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7634000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7237000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76A4000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF76D4000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF76B4000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF76C4000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF1472000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF6BB7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75B4000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7247000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7694000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xEBE71000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xECA0A000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xF75A4000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7714000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7674000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7624000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF75F4000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF7684000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF7217000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xECC35000 C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xF7654000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF46C7000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF6BE7000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF77C4000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF7227000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF3EBA000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEC9B1000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF75E4000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7614000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF1462000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF799C000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF171F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7854000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7864000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF16E7000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7994000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF783C000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF4194000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF788C000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF7824000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7884000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF785C000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF4A97000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF11A1000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF786C000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7874000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF11A9000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF78B4000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78BC000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF79A4000 C:\WINDOWS\system32\drivers\nchssvad.sys 24576 bytes (NCH Swift Sound, Virtual Audio Device)
0xF794C000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF798C000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF418C000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF790C000 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xF787C000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF784C000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF61E0000 C:\WINDOWS\system32\DRIVERS\irsir.sys 20480 bytes (Microsoft Corporation, Serial Infrared Driver)
0xF7844000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF1727000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78C4000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF782C000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78A4000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF79AC000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF78AC000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7834000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF7894000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xEC9CD000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF79BC000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF79CC000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF79D4000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF79B8000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF79C4000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF0B8B000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF79D0000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF0B8F000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xEB2FA000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xF556C000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7A88000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7A9C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF6C6F000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF79C0000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF0B97000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF79C8000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF79B4000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEC53F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF40C6000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF4B27000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF7A8C000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xF539F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A74000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF4B1F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xEB529000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 12288 bytes
0xF7AA8000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7B44000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AB4000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7AAA000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF7AB2000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B42000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AB0000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7AA4000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B46000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AB6000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7B48000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7AF6000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AAC000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF7B2A000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7AAE000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7AA6000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BBE000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF11B8000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xEB30B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C06000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B6C000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x85EC72D8 unknown_irp_handler 3368 bytes
==============================================
>Stealth
==============================================
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BBD020 ] TID: 188, 20116056 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CD1DA8 ] TID: 196
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85810898 ] TID: 200
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D8C020 ] TID: 216, 393227 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D56DA8 ] TID: 220, 1410504 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CD1928 ] TID: 232, 3145776 bytes
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85990B50 ] TID: 240
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E0DB98 ] TID: 244
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E0D020 ] TID: 248
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CD16B0 ] TID: 252
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85BD4C00 ] TID: 268
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x86DF1020 ] TID: 272
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85BFAA30 ] TID: 284
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D8A868 ] TID: 288
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BE2930 ] TID: 304, 19804824 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BB7020 ] TID: 308, 512 bytes
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x8574EA28 ] TID: 312
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85BA0020 ] TID: 324, 8781826 bytes
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85C00468 ] TID: 328
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x859B3A50 ] TID: 336, 8781826 bytes
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x84952AB8 ] TID: 344
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x86DFA358 ] TID: 352, 8781826 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85D7DDA8 ] TID: 356
0x80562520 Faked ServiceTable-->avgcsrvx.exe [ ETHREAD 0x84CF2628 ] TID: 368, 8781826 bytes
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85816C18 ] TID: 376
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85BA1DA8 ] TID: 396, 8781826 bytes
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85B00020 ] TID: 400
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x84983618 ] TID: 452, 8781827 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85861660 ] TID: 456
0x80562520 Faked ServiceTable-->msjkKbjAwnn.exe [ ETHREAD 0x84810BB0 ] TID: 464
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85A71368 ] TID: 472, 19804776 bytes
0x80562520 Faked ServiceTable-->wmpnscfg.exe [ ETHREAD 0x85A87C00 ] TID: 476, 4390995 bytes
0x80562520 Faked ServiceTable-->WLIDSVC.EXE [ ETHREAD 0x85BB77C0 ] TID: 480
0x80562520 Faked ServiceTable-->wmpnscfg.exe [ ETHREAD 0x85AA5468 ] TID: 484
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x858823A8 ] TID: 496
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85D8ABF8 ] TID: 504
0x80562520 Faked ServiceTable-->WLIDSVCM.EXE [ ETHREAD 0x858A7A28 ] TID: 508
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x8570F908 ] TID: 524, 8781854 bytes
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85CF8518 ] TID: 532
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85CE3B30 ] TID: 536, 8781855 bytes
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85DBB7C0 ] TID: 540
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DB3020 ] TID: 548
0x80562520 Faked ServiceTable-->avgnsx.exe [ ETHREAD 0x8588CA90 ] TID: 556
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85745380 ] TID: 564
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85894BA8 ] TID: 568
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x86D15788 ] TID: 572
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84952020 ] TID: 580
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DABB28 ] TID: 584
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85CD5328 ] TID: 588
0x80562520 Faked ServiceTable-->wmpnscfg.exe [ ETHREAD 0x85B34378 ] TID: 604
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85A49518 ] TID: 640
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x85F33660 ] TID: 656
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x86D83668 ] TID: 660
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x86D739D8 ] TID: 664
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85CE07B8 ] TID: 684
0x80562520 Faked ServiceTable-->avgnsx.exe [ ETHREAD 0x8564D2C0 ] TID: 688
0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x860717D0 ] TID: 724
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x8489ECE0 ] TID: 752
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F30C90 ] TID: 756
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85FEF9F0 ] TID: 760
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x86D73538 ] TID: 764
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F29DA8 ] TID: 768
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86066C90 ] TID: 780, 28901379 bytes
0x80562520 Faked ServiceTable-->wmpnscfg.exe [ ETHREAD 0x85B376D8 ] TID: 784, 3735609 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85FE5020 ] TID: 804, 12845073 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85F1FDA8 ] TID: 808, 29753347 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x86A8BCD0 ] TID: 812, 4325441 bytes
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86AE27E0 ] TID: 816
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86031DA8 ] TID: 820
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86CEC858 ] TID: 824
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86116DA8 ] TID: 828
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86069638 ] TID: 832
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8602E2C0 ] TID: 844
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x8597F890 ] TID: 856
0x80562520 Faked ServiceTable-->avgemcx.exe [ ETHREAD 0x858BE438 ] TID: 868
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85830558 ] TID: 872
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86920DA8 ] TID: 876
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85BAA0E0 ] TID: 880
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x86A57308 ] TID: 884
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85F1F020 ] TID: 888
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x85659A00 ] TID: 892
0x80562520 Faked ServiceTable-->WLIDSVC.EXE [ ETHREAD 0x85BCE868 ] TID: 900
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86ACDBF8 ] TID: 904
0x80562520 Faked ServiceTable-->avgcsrvx.exe [ ETHREAD 0x85AE2CA0 ] TID: 908
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x849766A0 ] TID: 912
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x86D7E300 ] TID: 920
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x8575B020 ] TID: 924
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85F339E0 ] TID: 928
0x80562520 Faked ServiceTable-->msjkKbjAwnn.exe [ ETHREAD 0x85A1D020 ] TID: 932
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x86A8C4F0 ] TID: 936, 7536686 bytes
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85902DA8 ] TID: 940
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x86D707B8 ] TID: 944, 7274612 bytes
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85AB9580 ] TID: 952
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x86DF7398 ] TID: 980, 262147 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x860308A0 ] TID: 984
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x854A2438 ] TID: 988
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x86A732E0 ] TID: 996
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x859C59B0 ] TID: 1000, 196611 bytes
0x80562520 Faked ServiceTable-->avgnsx.exe [ ETHREAD 0x86CFC818 ] TID: 1008
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E04020 ] TID: 1012, 3145776 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E06BE8 ] TID: 1024
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F2ADA8 ] TID: 1028
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F2A8B8 ] TID: 1036
0x80562520 Faked ServiceTable-->WLIDSVCM.EXE [ ETHREAD 0x85891390 ] TID: 1044, 3801155 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x86DA8C08 ] TID: 1048
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F25868 ] TID: 1060
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F2B6A8 ] TID: 1064
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F2B430 ] TID: 1068
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86062A28 ] TID: 1080
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D783D0 ] TID: 1084
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D82360 ] TID: 1088
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86062DA8 ] TID: 1092
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8611D798 ] TID: 1104
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E034E8 ] TID: 1108, 7274573 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E04438 ] TID: 1116
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85480DA8 ] TID: 1124
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85915AC8 ] TID: 1128
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x8593B550 ] TID: 1136
0x80562520 Faked ServiceTable-->rbmonitor.exe [ ETHREAD 0x851E3920 ] TID: 1152
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A80B18 ] TID: 1176
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A6E868 ] TID: 1180
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85BC2DA8 ] TID: 1188
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85E00868 ] TID: 1196
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A6EDA8 ] TID: 1200
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DFEDA8 ] TID: 1204, 7929971 bytes
0x80562520 Faked ServiceTable-->wmpnscfg.exe [ ETHREAD 0x85AA3020 ] TID: 1208
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D07B78 ] TID: 1212
0x80562520 Faked ServiceTable-->uphclean.exe [ ETHREAD 0x85C82478 ] TID: 1244
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BC2590 ] TID: 1252
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DF6DA8 ] TID: 1256
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x8581FDA8 ] TID: 1260
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D1CB28 ] TID: 1264
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x86D1C638 ] TID: 1272
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85DF0DA8 ] TID: 1276
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85DF0928 ] TID: 1280
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85DF06B0 ] TID: 1284
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D8F020 ] TID: 1292
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D1C3C0 ] TID: 1296
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A40B30 ] TID: 1300
0x80562520 Faked ServiceTable-->uphclean.exe [ ETHREAD 0x85E0A718 ] TID: 1304
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x8581EBF8 ] TID: 1308
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F2EDA8 ] TID: 1312
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x858E3740 ] TID: 1316
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D8F6B0 ] TID: 1324
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8602F540 ] TID: 1328
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8602F2C8 ] TID: 1332
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85ED9350 ] TID: 1336
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A422C8 ] TID: 1348
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A887A0 ] TID: 1352
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A88528 ] TID: 1356
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E00278 ] TID: 1360
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D04020 ] TID: 1364
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85E054E8 ] TID: 1368
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x8581C898 ] TID: 1380
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A893C0 ] TID: 1384
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B03DA8 ] TID: 1392
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FECB30 ] TID: 1396, 2097245 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BDCA08 ] TID: 1404
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D8F438 ] TID: 1408
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A88DA8 ] TID: 1412
0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x85BF0DA8 ] TID: 1424
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85160020 ] TID: 1428
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86A72020 ] TID: 1432
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x858DF268 ] TID: 1436
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86037020 ] TID: 1440
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D07020 ] TID: 1444
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86A80478 ] TID: 1448
0x80562520 Faked ServiceTable-->avgnsx.exe [ ETHREAD 0x8593EDA8 ] TID: 1452
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BEDDA8 ] TID: 1456
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84B8D020 ] TID: 1460
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x856DF918 ] TID: 1464
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x86DE2020 ] TID: 1472
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x857F6020 ] TID: 1484, 7536686 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AD8890 ] TID: 1492
0x80562520 Faked ServiceTable-->rbmonitor.exe [ ETHREAD 0x8495C020 ] TID: 1496
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x858168F8 ] TID: 1500
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x8576C7A0 ] TID: 1504
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x858EFA70 ] TID: 1508
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BB2970 ] TID: 1512
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FF8300 ] TID: 1516
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85ECA020 ] TID: 1520, 7209051 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85ECADA8 ] TID: 1524
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85A29538 ] TID: 1540
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8495D020 ] TID: 1544
0x80562520 Faked ServiceTable-->avgemcx.exe [ ETHREAD 0x858556D0 ] TID: 1564
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D07698 ] TID: 1572
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86CFFB30 ] TID: 1588
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86D77690 ] TID: 1600
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BDA880 ] TID: 1620, 5439555 bytes
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85945280 ] TID: 1628
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85BE36A8 ] TID: 1632
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x8774E878 ] TID: 1640
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85A086C0 ] TID: 1648
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x849EC9E8 ] TID: 1696
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85E34DA8 ] TID: 1700
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85ED0DA8 ] TID: 1704
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x859A7DA8 ] TID: 1708
0x80562520 Faked ServiceTable-->MDM.EXE [ ETHREAD 0x85868A48 ] TID: 1712
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x857E79A8 ] TID: 1716
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85E11518 ] TID: 1724
0x80562520 Faked ServiceTable-->avgcsrvx.exe [ ETHREAD 0x8595F020 ] TID: 1728
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85D5A6B8 ] TID: 1732
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85F35DA8 ] TID: 1744
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D576C8 ] TID: 1748
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E33830 ] TID: 1760, 7929971 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E335B8 ] TID: 1764
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x85648020 ] TID: 1768
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85BED600 ] TID: 1788
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D1EDA8 ] TID: 1792
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x8591F278 ] TID: 1796
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84890B18 ] TID: 1800
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D586F8 ] TID: 1804, 3801155 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F209F8 ] TID: 1812, 7274612 bytes
0x80562520 Faked ServiceTable-->WLIDSVC.EXE [ ETHREAD 0x85BCC550 ] TID: 1828
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84884A58 ] TID: 1832
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x860364A8 ] TID: 1840
0x80562520 Faked ServiceTable-->avgemcx.exe [ ETHREAD 0x85A45360 ] TID: 1844
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85DD75D8 ] TID: 1848
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85DF8DA8 ] TID: 1852
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84AB09E8 ] TID: 1860
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x85AB0020 ] TID: 1872
0x80562520 Faked ServiceTable-->cbVSCService.exe [ ETHREAD 0x85EC94E8 ] TID: 1876
0x80562520 Faked ServiceTable-->cbVSCService.exe [ ETHREAD 0x85DB8458 ] TID: 1880
0x80562520 Faked ServiceTable-->cbVSCService.exe [ ETHREAD 0x85DED690 ] TID: 1884
0x80562520 Faked ServiceTable-->cbVSCService.exe [ ETHREAD 0x85DB95D0 ] TID: 1896
0x80562520 Faked ServiceTable-->cbVSCService.exe [ ETHREAD 0x85CD73A8 ] TID: 1900
0x80562520 Faked ServiceTable-->CTSVCCDA.EXE [ ETHREAD 0x85D87868 ] TID: 1904
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x84AF9CE0 ] TID: 1908
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D86430 ] TID: 1916
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D5A440 ] TID: 1924
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85880020 ] TID: 1928
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x86CD11A0 ] TID: 1932
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D55DA8 ] TID: 1956
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85BE8B58 ] TID: 1960
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x857CE020 ] TID: 1984, 5111881 bytes
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85C2B878 ] TID: 1992, 81 bytes
0x80562520 Faked ServiceTable-->avgcsrvx.exe [ ETHREAD 0x858A4AC0 ] TID: 2036, 5374021 bytes
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x857BE3E8 ] TID: 2040
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DAFBE8 ] TID: 2044, 7471204 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DF6A28 ] TID: 2056
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x858C9C00 ] TID: 2060
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85A3A500 ] TID: 2068
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C1AD10 ] TID: 2084
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A9D990 ] TID: 2088
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85E1C2B0 ] TID: 2096
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x858D68A0 ] TID: 2104
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85DAD978 ] TID: 2108
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x8569F9D0 ] TID: 2112
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x84D25020 ] TID: 2120
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x858D76D8 ] TID: 2124
0x80562520 Faked ServiceTable-->AVGIDSMonitor.exe [ ETHREAD 0x856C8020 ] TID: 2132
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x858E7A98 ] TID: 2156
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84A63608 ] TID: 2168
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x847F63F0 ] TID: 2176
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x85B13368 ] TID: 2188
0x80562520 Faked ServiceTable-->avgcsrvx.exe [ ETHREAD 0x85862020 ] TID: 2192
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x85733020 ] TID: 2196, 130 bytes
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85644020 ] TID: 2200, 3145784 bytes
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85788DA8 ] TID: 2212, 33816582 bytes
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85BA9020 ] TID: 2216, 20055624 bytes
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85BF9710 ] TID: 2220
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x859B3620 ] TID: 2224
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85CDC638 ] TID: 2228
0x80562520 Faked ServiceTable-->avgcsrvx.exe [ ETHREAD 0x85651020 ] TID: 2240
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85680020 ] TID: 2244
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x8606B020 ] TID: 2248
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x856CA020 ] TID: 2276
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85A506D8 ] TID: 2284
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x869611F0 ] TID: 2288
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85640020 ] TID: 2292
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x857D6020 ] TID: 2300
0x80562520 Faked ServiceTable-->avgcsrvx.exe [ ETHREAD 0x8597F060 ] TID: 2308
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8487BBD0 ] TID: 2312
0x80562520 Faked ServiceTable-->MsPMSPSv.exe [ ETHREAD 0x85AE9DA8 ] TID: 2324
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x859C9578 ] TID: 2336
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AD64E8 ] TID: 2348
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x84870BA0 ] TID: 2356
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85A42188 ] TID: 2364
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AECAD8 ] TID: 2368
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AE4868 ] TID: 2376
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x859B3DA8 ] TID: 2384
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x86D33AE8 ] TID: 2388
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AD3600 ] TID: 2392
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85ACA020 ] TID: 2396
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85B42350 ] TID: 2400
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B40338 ] TID: 2404
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AD3388 ] TID: 2408
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x858DDD08 ] TID: 2412
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B49398 ] TID: 2416
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85AD24A0 ] TID: 2420
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85ADDA48 ] TID: 2424
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x84BEBDA8 ] TID: 2432
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BBBBE8 ] TID: 2436
0x80562520 Faked ServiceTable-->avgemcx.exe [ ETHREAD 0x85830C18 ] TID: 2440
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x86A97BF0 ] TID: 2444
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85DB2610 ] TID: 2452
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x84952708 ] TID: 2464
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85BB8708 ] TID: 2468
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85A14888 ] TID: 2472
0x80562520 Faked ServiceTable-->avgnsx.exe [ ETHREAD 0x85633D68 ] TID: 2480
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x854EC938 ] TID: 2500
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85CA0020 ] TID: 2504
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85898908 ] TID: 2508
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x857BB9B0 ] TID: 2512
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x859A8518 ] TID: 2524
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x856B7020 ] TID: 2528
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x854A55E0 ] TID: 2532
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8498BAE8 ] TID: 2536
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x84A398A0 ] TID: 2540
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x856F35A8 ] TID: 2552
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x856E8350 ] TID: 2564
0x80562520 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85AC8970 ] TID: 2572
0x80562520 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85AD2DA8 ] TID: 2576
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x857D7D00 ] TID: 2580
0x80562520 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85ACF868 ] TID: 2584
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x86DF76C0 ] TID: 2588
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85AD3990 ] TID: 2592
0x80562520 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85AC6BF8 ] TID: 2608
0x80562520 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85AD5DA8 ] TID: 2616
0x80562520 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85ACA7B0 ] TID: 2620
0x80562520 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85AC4680 ] TID: 2640
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84807808 ] TID: 2644, 881288 bytes
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85A14B50 ] TID: 2652
0x80562520 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85AC1020 ] TID: 2664
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AC1DA8 ] TID: 2668
0x80562520 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85AC1B30 ] TID: 2672
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B44DA8 ] TID: 2680
0x80562520 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85AAFC70 ] TID: 2684
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AF2DA8 ] TID: 2688
0x80562520 Faked ServiceTable-->msjkKbjAwnn.exe [ ETHREAD 0x84AEB998 ] TID: 2696
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x858D1400 ] TID: 2708
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84AD3AA0 ] TID: 2716
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D8A278 ] TID: 2720
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85801B10 ] TID: 2728
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85DB66F0 ] TID: 2732
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x8585D020 ] TID: 2752
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85B100F8 ] TID: 2760
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AE6DA8 ] TID: 2768
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x857A4020 ] TID: 2796
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85650020 ] TID: 2804
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x858077F0 ] TID: 2812
0x80562520 Faked ServiceTable-->avgemcx.exe [ ETHREAD 0x85A10020 ] TID: 2816
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85582778 ] TID: 2820
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x848D9828 ] TID: 2824
0x80562520 Faked ServiceTable-->avgnsx.exe [ ETHREAD 0x858D2020 ] TID: 2828
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85AC4C78 ] TID: 2836
0x80562520 Faked ServiceTable-->avgnsx.exe [ ETHREAD 0x85A78B38 ] TID: 2840
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85A48DA8 ] TID: 2868
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85A48500 ] TID: 2872
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85B935A0 ] TID: 2880
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85B0ED38 ] TID: 2884
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85ACBDA8 ] TID: 2896
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x8477EBA8 ] TID: 2900
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x857A9838 ] TID: 2904
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85ED5908 ] TID: 2912
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85821020 ] TID: 2932
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x856E7940 ] TID: 2936
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BF8AC0 ] TID: 2948
0x80562520 Faked ServiceTable-->avgnsx.exe [ ETHREAD 0x859AD488 ] TID: 2956
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85C393B0 ] TID: 2960
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x8592D6D0 ] TID: 2964, 7536751 bytes
0x80562520 Faked ServiceTable-->avgnsx.exe [ ETHREAD 0x8577C3E0 ] TID: 2968
0x80562520 Faked ServiceTable-->avgnsx.exe [ ETHREAD 0x85995588 ] TID: 2972, 6619240 bytes
0x80562520 Faked ServiceTable-->avgemcx.exe [ ETHREAD 0x85A09020 ] TID: 2988
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85AC5DA8 ] TID: 2992
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CD9020 ] TID: 2996
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x85BD6020 ] TID: 3004
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85C80358 ] TID: 3008
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x859764C8 ] TID: 3012
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85A2FDA8 ] TID: 3016
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85AB2390 ] TID: 3020
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85C36338 ] TID: 3028
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85A995D0 ] TID: 3032
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85BAF2B8 ] TID: 3036
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85A987B0 ] TID: 3040
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85B39020 ] TID: 3044
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85ACF348 ] TID: 3048
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x86A62C98 ] TID: 3052
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85AEC5A8 ] TID: 3056
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85AB6DA8 ] TID: 3060
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85A95190 ] TID: 3064
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85C80DA8 ] TID: 3068
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85C80B30 ] TID: 3072
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85AAD6D8 ] TID: 3076
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85A95DA8 ] TID: 3088
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85A9BDA8 ] TID: 3092
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x849F8020 ] TID: 3096
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85C36DA8 ] TID: 3100
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85C368B8 ] TID: 3108
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85A94020 ] TID: 3116
0x80562520 Faked ServiceTable-->avgcsrvx.exe [ ETHREAD 0x85951BF8 ] TID: 3120
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85DB8020 ] TID: 3128
0x80562520 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85FEEDA8 ] TID: 3136
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85A9B8B8 ] TID: 3140
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x86ADADA8 ] TID: 3148
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85A94DA8 ] TID: 3156
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85AB5DA8 ] TID: 3164
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85A95B30 ] TID: 3172
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85A958B8 ] TID: 3176
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B05020 ] TID: 3184
0x80562520 Faked ServiceTable-->rbmonitor.exe [ ETHREAD 0x85D14348 ] TID: 3196
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85AAE818 ] TID: 3204
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85B3AB30 ] TID: 3212
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85F1E920 ] TID: 3224
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85A934E8 ] TID: 3228
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85AC0A28 ] TID: 3240
0x80562520 Faked ServiceTable-->MDM.EXE [ ETHREAD 0x8598DC00 ] TID: 3252
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85860B98 ] TID: 3268
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85A64020 ] TID: 3276
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8489FAD0 ] TID: 3284
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86CE5020 ] TID: 3296
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85C26128 ] TID: 3304
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x854CD778 ] TID: 3312
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x848CD948 ] TID: 3320
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x84BB8378 ] TID: 3324
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85871DA8 ] TID: 3328
0x80562520 Faked ServiceTable-->MDM.EXE [ ETHREAD 0x858A9640 ] TID: 3344
0x80562520 Faked ServiceTable-->rbmonitor.exe [ ETHREAD 0x85B39328 ] TID: 3352
0x80562520 Faked ServiceTable-->rbmonitor.exe [ ETHREAD 0x85FEEB30 ] TID: 3356
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x84BA7560 ] TID: 3360
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x847DE358 ] TID: 3364
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E1C020 ] TID: 3368
0x80562520 Faked ServiceTable-->WLIDSVC.EXE [ ETHREAD 0x85A7FDA8 ] TID: 3376
0x80562520 Faked ServiceTable-->WLIDSVC.EXE [ ETHREAD 0x85AC0538 ] TID: 3380
0x80562520 Faked ServiceTable-->WLIDSVCM.EXE [ ETHREAD 0x85A7F020 ] TID: 3392
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85ACDD18 ] TID: 3396
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x858BC020 ] TID: 3412
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x8556AA40 ] TID: 3416
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x859AB1D0 ] TID: 3424
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85C97020 ] TID: 3428
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85B9EB70 ] TID: 3432
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A8EBA0 ] TID: 3440
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x85C31468 ] TID: 3472
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x85AA9A28 ] TID: 3476
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x85A8DA38 ] TID: 3480
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x8590A130 ] TID: 3484
0x80562520 Faked ServiceTable-->avgnsx.exe [ ETHREAD 0x85C233D0 ] TID: 3496
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x86CC3218 ] TID: 3504
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x84B89020 ] TID: 3516
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85DF5508 ] TID: 3524
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C27528 ] TID: 3532
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85A45C18 ] TID: 3536
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x856D0500 ] TID: 3548
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x858F01A0 ] TID: 3552
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x84B65338 ] TID: 3572
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86DF9698 ] TID: 3580
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85769A50 ] TID: 3584
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85B21A60 ] TID: 3588
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x847AD928 ] TID: 3592
0x80562520 Faked ServiceTable-->avgnsx.exe [ ETHREAD 0x8590C9E0 ] TID: 3608
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x855546D0 ] TID: 3612
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x84AD34C0 ] TID: 3616
0x80562520 Faked ServiceTable-->msjkKbjAwnn.exe [ ETHREAD 0x84881C98 ] TID: 3620
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85ABF970 ] TID: 3624
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x857FF8F8 ] TID: 3632
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x8564C020 ] TID: 3636
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8499B7A8 ] TID: 3644
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85A8A870 ] TID: 3652
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x8569E468 ] TID: 3656
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85CF4508 ] TID: 3668
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85AD3020 ] TID: 3676
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85885600 ] TID: 3684
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85B27960 ] TID: 3692
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85BCB988 ] TID: 3696
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BB9B68 ] TID: 3700
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A99880 ] TID: 3704
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x858C22F0 ] TID: 3708
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BCEBF8 ] TID: 3712
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AE8020 ] TID: 3724
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A948B8 ] TID: 3728
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x84E56418 ] TID: 3744
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x84BA5250 ] TID: 3748
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x857D81E0 ] TID: 3768
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x85908598 ] TID: 3772
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x86DF8A48 ] TID: 3780
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85762020 ] TID: 3808
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x8580ADA8 ] TID: 3812
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x849DDDA8 ] TID: 3824
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A9EDA8 ] TID: 3828
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x8481E020 ] TID: 3844
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x849EC020 ] TID: 3856
0x80562520 Faked ServiceTable-->WLIDSVC.EXE [ ETHREAD 0x85BE0330 ] TID: 3864
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85EC9870 ] TID: 3872
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85AD57C0 ] TID: 3880
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85A64A28 ] TID: 3884
0x80562520 Faked ServiceTable-->AVGIDSAgent.exe [ ETHREAD 0x85B39868 ] TID: 3900
0x80562520 Faked ServiceTable-->avgtray.exe [ ETHREAD 0x859B1240 ] TID: 3904
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x85A63570 ] TID: 3916
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x848EF9F0 ] TID: 3920
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85A3B790 ] TID: 3924
0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x85B34BE8 ] TID: 3928
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x859AB528 ] TID: 3932
0x80562520 Faked ServiceTable-->avgrsx.exe [ ETHREAD 0x856BA020 ] TID: 3940
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x859905A0 ] TID: 3944
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x859D1B38 ] TID: 3964
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85695378 ] TID: 3968
0x80562520 Faked ServiceTable-->avgcsrvx.exe [ ETHREAD 0x8576FB78 ] TID: 3972
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x84983C40 ] TID: 3984
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8497D020 ] TID: 3992
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x859A0A60 ] TID: 4028
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x8582DB98 ] TID: 4032
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x85C32AB8 ] TID: 4036
0x80562520 Faked ServiceTable-->avgwdsvc.exe [ ETHREAD 0x859735C0 ] TID: 4040
0x80562520 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85B32580 ] TID: 4044
0x80562520 Faked ServiceTable-->avgchsvx.exe [ ETHREAD 0x85F31B28 ] TID: 4052
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85474758 ] TID: 4056
0x80562520 Faked ServiceTable-->avgcsrvx.exe [ ETHREAD 0x86E04DA8 ] TID: 4064
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A80BE8 ] TID: 4080
WARNING: Virus alike driver modification [ndisip.sys]
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [ADPU160M.SYS]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [HSF_DP.sys]
WARNING: Virus alike driver modification [DXAPI.SYS]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [b57cdx.sys]
WARNING: Virus alike driver modification [ctoss2k.sys]
0x85F9DBC6 Unknown page with executable code, 1082 bytes
WARNING: Virus alike driver modification [slip.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [P17.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [bdasup.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [ACPIEC.SYS]
WARNING: Virus alike driver modification [ironx86.sys]
WARNING: Virus alike driver modification [CPQDAP01.SYS]
WARNING: Virus alike driver modification [E100B325.SYS]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [AMSINT.SYS]
WARNING: Virus alike driver modification [NIKEDRV.SYS]
WARNING: Virus alike driver modification [RIO8DRV.SYS]
WARNING: Virus alike driver modification [RIODRV.SYS]
WARNING: Virus alike driver modification [WS2IFSL.SYS]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [FSVGA.SYS]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [NWLNKFLT.SYS]
WARNING: Virus alike driver modification [FTDISK.SYS]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [AHA154X.SYS]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [Dot4Prt.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [afd.sys]
WARNING: Virus alike driver modification [ctsfm2k.sys]
WARNING: Virus alike driver modification [CBIDF2K.SYS]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [ks.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [usbport.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [kbdhid.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [SMCLIB.SYS]
WARNING: Virus alike driver modification [portcls.sys]
WARNING: Virus alike driver modification [cbfs.sys]
WARNING: Virus alike driver modification [DAC960NT.SYS]
WARNING: Virus alike driver modification [ASC3550.SYS]
WARNING: Virus alike driver modification [CPQARRAY.SYS]
WARNING: Virus alike driver modification [streamip.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [mpe.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [INI910U.SYS]
WARNING: Virus alike driver modification [MODEMCSA.sys]
WARNING: Virus alike driver modification [SYMC810.SYS]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [ccdecode.sys]
WARNING: Virus alike driver modification [HPZipr12.sys]
WARNING: Virus alike driver modification [RASPTI.SYS]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [omci.sys]
WARNING: Virus alike driver modification [kmixer.sys]
WARNING: Virus alike driver modification [symefa.sys]
WARNING: Virus alike driver modification [MRAID35X.SYS]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [PTILINK.SYS]
WARNING: Virus alike driver modification [DAC2W2K.SYS]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [mrxdav.sys]
WARNING: Virus alike driver modification [ndis.sys]
0x85F9E8DC Unknown page with executable code, 1828 bytes
WARNING: Virus alike driver modification [i2omp.sys]
WARNING: Virus alike driver modification [CDAUDIO.SYS]
WARNING: Virus alike driver modification [irsir.sys]
WARNING: Virus alike driver modification [wstcodec.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [SPARROW.SYS]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [rasirda.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [DPTI2O.SYS]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [usbuhci.sys]
WARNING: Virus alike driver modification [dot4.sys]
0x85F6D7EA Unknown page with executable code, 2070 bytes
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [b57xp32.sys]
WARNING: Virus alike driver modification [TSBVCAP.SYS]
WARNING: Virus alike driver modification [HPZius12.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [ASC3350P.SYS]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [mouclass.sys]
WARNING: Virus alike driver modification [ABP480N5.SYS]
WARNING: Virus alike driver modification [TVICHW32.SYS]
WARNING: Virus alike driver modification [nchssvad.sys]
WARNING: Virus alike driver modification [Dot4usb.sys]
WARNING: Virus alike driver modification [kbdclass.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [HPN.SYS]
WARNING: Virus alike driver modification [smwdm.sys]
WARNING: Virus alike driver modification [CINEMST2.SYS]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [usbstor.sys]
WARNING: Virus alike driver modification [ASC.SYS]
WARNING: Virus alike driver modification [http.sys]
WARNING: Virus alike driver modification [HSFHWBS2.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [PERC2.SYS]
WARNING: Virus alike driver modification [fdc.sys]
WARNING: Virus alike driver modification [iaStor.sys]
WARNING: Virus alike driver modification [SYM_HI.SYS]
0x00A20000 Hidden Image-->CobStringList.dll [ EPROCESS 0x85D53BE8 ] PID: 1820, 28672 bytes
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
0x85E5C453 Unknown page with executable code, 2989 bytes
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [SYM_U3.SYS]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [ATMEPVC.SYS]
0x85F5A39D Unknown page with executable code, 3171 bytes
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [NWLNKFWD.SYS]
WARNING: Virus alike driver modification [SYMC8XX.SYS]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [symds.sys]
WARNING: Virus alike driver modification [IPFLTDRV.SYS]
WARNING: Virus alike driver modification [QL10WNT.SYS]
WARNING: Virus alike driver modification [RAWWAN.SYS]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [ATMUNI.SYS]
WARNING: Virus alike driver modification [srv.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [ULTRA.SYS]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [update.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [QL1080.SYS]
WARNING: Virus alike driver modification [QL1240.SYS]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [ndproxy.sys]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [imapi.sys]
WARNING: Virus alike driver modification [BEEP.SYS]
WARNING: Virus alike driver modification [MNMDD.SYS]
WARNING: Virus alike driver modification [RDPCDD.SYS]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [WMILIB.SYS]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [QL12160.SYS]
WARNING: Virus alike driver modification [mrxsmb.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [irbus.sys]
WARNING: Virus alike driver modification [USBD.SYS]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [QL1280.SYS]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [TOSIDE.SYS]
WARNING: Virus alike driver modification [HPZid412.sys]
WARNING: Virus alike driver modification [cchpx86.sys]
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [TOSDVD.SYS]
WARNING: Virus alike driver modification [msdv.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [ALIIDE.SYS]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [dmusic.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [viaide.sys]
WARNING: Virus alike driver modification [fssfltr_tdi.sys]
WARNING: Virus alike driver modification [intelide.sys]
WARNING: Virus alike driver modification [mstee.sys]
WARNING: Virus alike driver modification [PERC2HIB.SYS]
WARNING: Virus alike driver modification [AIC78U2.SYS]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [NWLNKSPX.SYS]
WARNING: Virus alike driver modification [swmidi.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [AIC78XX.SYS]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [VDMINDVD.SYS]
WARNING: Virus alike driver modification [DMLOAD.SYS]
WARNING: Virus alike driver modification [ROOTMDM.SYS]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [usbhub.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
0x860B551C Unknown thread object [ ETHREAD 0x8606F760 ] , 600 bytes
0x85F42EAB Unknown thread object [ ETHREAD 0x8774E020 ] , 600 bytes
WARNING: Virus alike driver modification [USBAUDIO.sys]
WARNING: Virus alike driver modification [drmk.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [NWLNKNB.SYS]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [CMDIDE.SYS]
WARNING: Virus alike driver modification [PARVDM.SYS]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [HSF_CNXT.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [senfilt.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [CD20XRNT.SYS]
WARNING: Virus alike driver modification [MCD.SYS]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [FS_REC.SYS]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
WARNING: Virus alike driver modification [nabtsfec.sys]
WARNING: Virus alike driver modification [i2omgmt.sys]
WARNING: Virus alike driver modification [Dot4scan.sys]
WARNING: Virus alike driver modification [Pfmodnt.sys]
WARNING: Virus alike driver modification [irda.sys]
WARNING: Virus alike driver modification [RASACD.SYS]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [ndiswan.sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [atapi.sys]
WARNING: Virus alike driver modification [HSF_DPV.sys]

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:52 PM

Posted 12 November 2010 - 05:57 AM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 raindrop

raindrop
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 12 November 2010 - 04:02 PM

Hi Elise,
I do appreciate your kind help.
The combo Fix is copied below. Combo fix instructed me to uninstall AVG and would not proceed until I did! I used the AVG uninstaller tool. That worked and combo Fix ran. Shall I reinstall AVG now?
Raindrop



ComboFix 10-11-12.01 - sandra white 11/12/2010 15:38:45.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.635 [GMT -5:00]
Running from: c:\documents and settings\sandra white\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au.download.winj+|Cv+@J:NGD_DQ{zcxLJS@:yG3qZHPTM:HpUpdate:Download:16595
.
((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.

2010-11-11 23:47 . 2010-11-11 23:47 -------- d-----w- c:\program files\7-Zip
2010-11-08 15:05 . 2010-11-08 15:05 -------- d-----w- c:\windows\Performance
2010-11-08 15:05 . 2010-11-08 15:05 -------- d-----w- c:\documents and settings\sandra white\Local Settings\Application Data\Microsoft Corporation
2010-11-08 14:40 . 2010-11-08 14:40 -------- d-----w- C:\3abfa7ee487cc29cd4d290
2010-11-08 13:31 . 2010-11-08 13:31 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2010-11-08 13:27 . 2010-11-08 13:27 -------- d-----w- c:\program files\Application Verifier
2010-11-06 23:55 . 2001-08-18 02:36 25600 ----a-w- c:\windows\system32\dllcache\dc210_32.dll
2010-11-06 23:55 . 2001-08-18 02:36 25600 ----a-w- c:\windows\system32\dc210_32.dll
2010-11-06 23:55 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-11-06 23:55 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-11-06 23:55 . 2001-08-18 02:36 80896 ----a-w- c:\windows\system32\dllcache\dc210usd.dll
2010-11-06 23:55 . 2001-08-18 02:36 80896 ----a-w- c:\windows\system32\dc210usd.dll
2010-11-05 14:33 . 2010-11-05 14:33 -------- d-----w- c:\program files\Nick Arcade
2010-11-05 12:09 . 2010-11-05 12:09 -------- d-----w- c:\documents and settings\sandra white\Local Settings\Application Data\Safe mirror
2010-11-05 12:07 . 2010-11-05 12:17 -------- d-----w- c:\program files\Cobian Backup 10
2010-11-04 23:07 . 2010-11-04 23:07 88064 ----a-w- C:\mbr(2).exe
2010-10-31 19:41 . 2010-10-31 19:41 125304 ----a-w- c:\windows\system32\drivers\dwprot.sys
2010-10-31 14:01 . 2010-10-31 14:01 -------- d-----w- c:\documents and settings\sandra white\Application Data\Malwarebytes
2010-10-31 14:01 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 14:01 . 2010-10-31 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-31 14:01 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 14:01 . 2010-10-31 14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-29 17:17 . 2010-10-29 17:18 -------- d-----w- c:\program files\My RingTone Maker
2010-10-29 01:32 . 2010-10-29 01:32 -------- d-----w- c:\documents and settings\sandra white\Local Settings\Application Data\DFX
2010-10-27 15:13 . 2010-10-27 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX
2010-10-27 15:13 . 2010-10-27 15:13 -------- d-----w- c:\program files\Common Files\DFX
2010-10-20 19:38 . 2010-10-20 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-10-20 19:10 . 2010-10-29 17:25 -------- d-----w- c:\documents and settings\sandra white\Application Data\Toolbar4
2010-10-20 13:15 . 2010-10-20 13:19 -------- d-----w- c:\documents and settings\sandra white\Local Settings\Application Data\VueSoft
2010-10-17 12:32 . 2010-10-17 12:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-10-14 23:50 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 23:10 . 2010-11-04 23:10 84825 ----a-w- C:\mbr(2).zip
2010-09-18 16:23 . 2004-08-04 11:00 974848 -c--a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 11:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 11:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-15 08:50 . 2010-08-11 00:58 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2010-09-10 17:22 . 2010-09-10 17:22 388096 ----a-r- c:\documents and settings\sandra white\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-01 11:51 . 2004-08-04 11:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 11:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 11:00 119808 -c--a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 11:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-04 11:00 357248 -c--a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 22:34 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 11:00 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-21 16:19 . 2010-08-21 16:19 3584 ----a-r- c:\documents and settings\sandra white\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-08-17 13:17 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 1260296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ssiefr.e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 -csh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Documents and Settings\\sandra white\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"9473:TCP"= 9473:TCP:*:Disabled:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"8257:TCP"= 8257:TCP:*:Disabled:Services
"7741:TCP"= 7741:TCP:*:Disabled:Services
"3246:TCP"= 3246:TCP:Services
"8900:TCP"= 8900:TCP:*:Disabled:Services
"2010:TCP"= 2010:TCP:*:Disabled:Services
"9773:TCP"= 9773:TCP:*:Disabled:Services
"1903:TCP"= 1903:TCP:*:Disabled:Services
"8805:TCP"= 8805:TCP:*:Disabled:Services
"2619:TCP"= 2619:TCP:*:Disabled:Services
"4947:TCP"= 4947:TCP:*:Disabled:Services
"3369:TCP"= 3369:TCP:*:Disabled:Services
"7570:TCP"= 7570:TCP:*:Disabled:Services
"9696:TCP"= 9696:TCP:*:Disabled:Services
"1821:TCP"= 1821:TCP:*:Disabled:Services
"5261:TCP"= 5261:TCP:*:Disabled:Services
"3902:TCP"= 3902:TCP:*:Disabled:Services
"9134:TCP"= 9134:TCP:*:Disabled:Services
"5322:TCP"= 5322:TCP:*:Disabled:Services
"6088:TCP"= 6088:TCP:*:Disabled:Services
"9415:TCP"= 9415:TCP:*:Disabled:Services
"9903:TCP"= 9903:TCP:*:Disabled:Services
"4399:TCP"= 4399:TCP:*:Disabled:Services
"8977:TCP"= 8977:TCP:*:Disabled:Services
"7056:TCP"= 7056:TCP:*:Disabled:Services
"3259:TCP"= 3259:TCP:*:Disabled:Services
"6228:TCP"= 6228:TCP:*:Disabled:Services
"7384:TCP"= 7384:TCP:*:Disabled:Services

R1 CbFs;CbFs;c:\windows\SYSTEM32\DRIVERS\cbfs.sys [3/9/2010 12:57 PM 146904]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [11/5/2010 7:08 AM 67584]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 4:05 PM 266544]
S0 DwProt;DrWeb Protection;c:\windows\SYSTEM32\DRIVERS\dwprot.sys [10/31/2010 2:41 PM 125304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 10:27 AM 136176]
S3 7ByteIo;7ByteIo; [x]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\SANDRA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\SANDRA~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-12 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 21:05]

2010-11-12 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 21:05]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 15:27]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 15:27]

2010-11-11 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-11-06 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-11-12 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-09-11 12:25]

2009-10-10 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-01-27 16:14]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page =
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: netflix.com\www
FF - ProfilePath - c:\documents and settings\sandra white\Application Data\Mozilla\Firefox\Profiles\n93xee7p.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cb5a11f&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1 - c:\docume~1\SANDRA~1\LOCALS~1\Temp\7zOE5.tmp\MustBeRandomlyNamed\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 15:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3587518930-4245553325-3567179046-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3587518930-4245553325-3567179046-1007\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-3587518930-4245553325-3567179046-1007)
@Allowed: (Read) (S-1-5-21-3587518930-4245553325-3567179046-1007)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@DACL=(02 0010)
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@DACL=(02 0010)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@DACL=(02 0010)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-11-12 15:49:13
ComboFix-quarantined-files.txt 2010-11-12 20:48
ComboFix2.txt 2010-11-01 15:31
ComboFix3.txt 2010-05-17 23:10
ComboFix4.txt 2010-03-02 00:27

Pre-Run: 24,771,825,664 bytes free
Post-Run: 24,862,236,672 bytes free

- - End Of File - - 42E78280C217165B277476DA59292121

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:52 PM

Posted 13 November 2010 - 07:45 AM

I recommend you uninstall Uniblue SpyEraser, this program is no longer supported and updated.

I see some signs of a rootkit here.

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.


*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 raindrop

raindrop
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 13 November 2010 - 11:21 AM

Hi,
I uninstalled spy eraser. After it uninstalled there was a note saying that I would have to install the rest manually. I did delete the folder contents in program files.
In the other matter...I had to do the first run command you gave me. The tool didn't seem to open properly and didn't produce a log. The run command helpasst -mbrt
produced the following log.

Thanks again.
Raindrop





C:\Documents and Settings\sandra white\Desktop\HelpAsst_mebroot_fix(2).exe
Sat 11/13/2010 at 11:10:29.57

HelpAssistant account Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"6412:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"6412:TCP"=-

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Sat 11/13/2010 at 11:11:01.43

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x860B9BF8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\iaStor -> 0x860b9bf8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

Edited by raindrop, 13 November 2010 - 11:24 AM.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:52 PM

Posted 13 November 2010 - 11:28 AM

Hi, I think it should be okay, but to be sure, lets also check the MBR.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.Link 1
Link 2
Link 3
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 raindrop

raindrop
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 18 November 2010 - 08:24 AM

Hello,
I must apologize for not getting back to you sooner...for some reason the message didn't show up in my email. I decided to check this am and found your message. I should have checked sooner. The log you asked for follows.
Thank you and I am sorry about the missed email...raindrop

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 179):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7AA4000 \WINDOWS\system32\KDCOM.DLL
0xF79B4000 \WINDOWS\system32\BOOTVID.dll
0xF7555000 ACPI.sys
0xF7AA6000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7544000 pci.sys
0xF75A4000 isapnp.sys
0xF7B6C000 pciide.sys
0xF7824000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7AA8000 aliide.sys
0xF7AAA000 cmdide.sys
0xF7AAC000 toside.sys
0xF7AAE000 viaide.sys
0xF7AB0000 intelide.sys
0xF75B4000 MountMgr.sys
0xF7525000 ftdisk.sys
0xF7AB2000 dmload.sys
0xF74FF000 dmio.sys
0xF782C000 PartMgr.sys
0xF75C4000 VolSnap.sys
0xF79B8000 cpqarray.sys
0xF74E7000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7429000 iaStor.sys
0xF7411000 atapi.sys
0xF79BC000 aha154x.sys
0xF7834000 sparrow.sys
0xF79C0000 symc810.sys
0xF75D4000 aic78xx.sys
0xF79C4000 dac960nt.sys
0xF75E4000 ql10wnt.sys
0xF79C8000 amsint.sys
0xF783C000 asc.sys
0xF79CC000 asc3550.sys
0xF7844000 mraid35x.sys
0xF784C000 i2omp.sys
0xF79D0000 ini910u.sys
0xF75F4000 ql1240.sys
0xF7604000 aic78u2.sys
0xF7854000 symc8xx.sys
0xF785C000 sym_hi.sys
0xF7864000 sym_u3.sys
0xF786C000 ABP480N5.SYS
0xF7874000 asc3350p.sys
0xF7AB4000 cd20xrnt.sys
0xF7614000 ultra.sys
0xF73F8000 adpu160m.sys
0xF787C000 dpti2o.sys
0xF7624000 ql1080.sys
0xF7634000 ql1280.sys
0xF7644000 ql12160.sys
0xF7884000 perc2.sys
0xF7AB6000 perc2hib.sys
0xF788C000 hpn.sys
0xF79D4000 cbidf2k.sys
0xF73CC000 dac2w2k.sys
0xF7654000 disk.sys
0xF7664000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73AC000 fltmgr.sys
0xF739A000 sr.sys
0xF7674000 PxHelp20.sys
0xF7383000 KSecDD.sys
0xF72F6000 Ntfs.sys
0xF72C9000 NDIS.sys
0xF7684000 sisagp.sys
0xF7694000 viaagp.sys
0xF72AF000 Mup.sys
0xF76A4000 agp440.sys
0xF76B4000 alim1541.sys
0xF76C4000 amdagp.sys
0xF76D4000 agpCPQ.sys
0xF6B0E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6079000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF796C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6055000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7974000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5C8E000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF5C7A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF5C38000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF5C15000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5B23000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF5A70000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF797C000 \SystemRoot\System32\Drivers\Modem.SYS
0xF5919000 \SystemRoot\system32\drivers\P17.sys
0xF58F5000 \SystemRoot\system32\drivers\portcls.sys
0xF6AFE000 \SystemRoot\system32\drivers\drmk.sys
0xF58C5000 \SystemRoot\system32\DRIVERS\ctoss2k.sys
0xF589F000 \SystemRoot\system32\DRIVERS\ctsfm2k.sys
0xF585F000 \SystemRoot\system32\drivers\smwdm.sys
0xF57AC000 \SystemRoot\system32\drivers\senfilt.sys
0xF5798000 \SystemRoot\system32\DRIVERS\parport.sys
0xF6AEE000 \SystemRoot\system32\DRIVERS\serial.sys
0xF6D7C000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6ADE000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF6ACE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6ABE000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7984000 \SystemRoot\system32\drivers\nchssvad.sys
0xF7C32000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF798C000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7994000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF77C4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6D6C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5781000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77E4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF5770000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77F4000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF799C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79A4000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5740000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7804000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79AC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7894000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7AF6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF56E2000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A78000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF78A4000 \SystemRoot\system32\DRIVERS\omci.sys
0xF78AC000 \SystemRoot\system32\DRIVERS\irsir.sys
0xF7A7C000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF76F4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF54F4000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B26000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF56D2000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF29D9000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7AC8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF1F0C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ACA000 \SystemRoot\System32\Drivers\Beep.SYS
0xF41E6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF41DE000 \SystemRoot\System32\drivers\vga.sys
0xF7ACC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7ACE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF41D6000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF41CE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF29D1000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF1121000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF10C8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF1096000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF1074000 \SystemRoot\System32\drivers\afd.sys
0xF3EB6000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF1049000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF0FD9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF3EA6000 \SystemRoot\System32\Drivers\Fips.SYS
0xF0FB3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF3E96000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEF5B3000 \??\C:\WINDOWS\system32\drivers\cbfs.sys
0xF1EB4000 \SystemRoot\System32\Drivers\BANTExt.sys
0xF2A2E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF1E8D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF2972000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF1E31000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF1E21000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF21B3000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF21AB000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF21A3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF1E19000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF1F76000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF1E11000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xEEB2B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xED537000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xEF07D000 \SystemRoot\System32\drivers\Dxapi.sys
0xEF4FC000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF05B2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEE35A000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xEC98E000 \SystemRoot\system32\DRIVERS\irda.sys
0xF7A94000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEC8AD000 \SystemRoot\System32\Drivers\HTTP.sys
0xF5514000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xEC82D000 \SystemRoot\system32\DRIVERS\srv.sys
0xED81C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEC80D000 \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
0xF60E7000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xEC6CA000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xEC345000 \SystemRoot\system32\drivers\wdmaud.sys
0xF51FA000 \SystemRoot\system32\drivers\sysaudio.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 37):
0 System Idle Process
4 System
652 C:\WINDOWS\SYSTEM32\smss.exe
700 csrss.exe
728 C:\WINDOWS\SYSTEM32\winlogon.exe
772 C:\WINDOWS\SYSTEM32\services.exe
792 C:\WINDOWS\SYSTEM32\lsass.exe
964 C:\WINDOWS\SYSTEM32\svchost.exe
1072 svchost.exe
1164 C:\WINDOWS\SYSTEM32\svchost.exe
1232 svchost.exe
1556 C:\WINDOWS\SYSTEM32\spoolsv.exe
1760 svchost.exe
1788 C:\Program Files\Cobian Backup 10\cbVSCService.exe
1812 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
1884 C:\WINDOWS\SYSTEM32\svchost.exe
1944 C:\WINDOWS\SYSTEM32\svchost.exe
1984 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
504 C:\WINDOWS\SYSTEM32\svchost.exe
524 C:\WINDOWS\SYSTEM32\nvsvc32.exe
536 C:\WINDOWS\SYSTEM32\svchost.exe
592 C:\WINDOWS\SYSTEM32\svchost.exe
620 C:\Program Files\UPHClean\uphclean.exe
856 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1132 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
1364 wmpnetwk.exe
2292 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2544 alg.exe
3416 C:\WINDOWS\SYSTEM32\wscntfy.exe
3476 C:\WINDOWS\explorer.exe
252 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
320 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
396 C:\Program Files\Windows Media Player\wmpnscfg.exe
632 C:\WINDOWS\SYSTEM32\ctfmon.exe
2604 C:\Program Files\Mozilla Firefox\firefox.exe
3892 C:\Program Files\Mozilla Firefox\plugin-container.exe
3116 C:\Documents and Settings\sandra white\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: Maxtor6Y080M0, Rev: YAR51HW0

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 MBR Code Faked (known infection: Whistler / Black Internet)!
SHA1: 27AEF4C3FB1122ADE95054EB24FE2A94FDF4095D


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 3Dumping \\.\PhysicalDisk3...
Enter filename to dump to:

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:52 PM

Posted 18 November 2010 - 09:12 AM

Okay, that looks like an MBR rootkit.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 raindrop

raindrop
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 18 November 2010 - 05:28 PM

Hi, I ran the download...and found the following log where you said it would be. No trouble running it. However I noticed that there were 2 things found and only one cured or am I reading that wrong? Do I need to run it again?
I am also wondering if you might tell me if AVG is a good program? I have it on my other computer and it seems to work well.
Once again, thanks so much for the help.




2010/11/18 17:10:57.0515 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/18 17:10:57.0515 ================================================================================
2010/11/18 17:10:57.0515 SystemInfo:
2010/11/18 17:10:57.0515
2010/11/18 17:10:57.0515 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/18 17:10:57.0515 Product type: Workstation
2010/11/18 17:10:57.0515 ComputerName: SANDYSNEWONE
2010/11/18 17:10:57.0515 UserName: sandra white
2010/11/18 17:10:57.0515 Windows directory: C:\WINDOWS
2010/11/18 17:10:57.0515 System windows directory: C:\WINDOWS
2010/11/18 17:10:57.0515 Processor architecture: Intel x86
2010/11/18 17:10:57.0515 Number of processors: 1
2010/11/18 17:10:57.0515 Page size: 0x1000
2010/11/18 17:10:57.0515 Boot type: Normal boot
2010/11/18 17:10:57.0515 ================================================================================
2010/11/18 17:11:00.0281 Initialize success
2010/11/18 17:12:29.0859 ================================================================================
2010/11/18 17:12:29.0859 Scan started
2010/11/18 17:12:29.0859 Mode: Manual;
2010/11/18 17:12:29.0859 ================================================================================
2010/11/18 17:12:34.0937 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/18 17:12:35.0140 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/18 17:12:35.0343 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/18 17:12:35.0531 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/18 17:12:35.0703 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/18 17:12:35.0937 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/18 17:12:36.0140 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/18 17:12:36.0265 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/18 17:12:36.0421 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/18 17:12:36.0578 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/18 17:12:36.0656 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/18 17:12:36.0828 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/18 17:12:36.0984 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/18 17:12:37.0187 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/18 17:12:37.0375 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/18 17:12:37.0500 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/18 17:12:37.0687 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/18 17:12:37.0859 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/18 17:12:38.0000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/18 17:12:38.0156 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/18 17:12:38.0656 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/18 17:12:39.0218 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/18 17:12:39.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/18 17:12:39.0734 b57w2k (8143be3d94866258f0b93373830cef01) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/11/18 17:12:40.0093 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/11/18 17:12:40.0203 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/18 17:12:40.0906 CbFs (a975187f3c8867f8d00a698a5282672b) C:\WINDOWS\system32\drivers\cbfs.sys
2010/11/18 17:12:41.0218 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/18 17:12:41.0500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/18 17:12:41.0796 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/18 17:12:42.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/18 17:12:42.0390 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/18 17:12:42.0734 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/18 17:12:43.0234 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/18 17:12:43.0515 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/18 17:12:43.0812 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2010/11/18 17:12:44.0468 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/18 17:12:44.0687 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/18 17:12:45.0015 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/18 17:12:45.0546 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/18 17:12:45.0984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/18 17:12:46.0515 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/18 17:12:46.0718 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/18 17:12:47.0078 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/18 17:12:47.0218 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/18 17:12:47.0390 DwProt (8f9ebdfb0993bb1aaef305fe0e5d14b5) C:\WINDOWS\system32\drivers\dwprot.sys
2010/11/18 17:12:47.0390 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dwprot.sys. Real md5: 8f9ebdfb0993bb1aaef305fe0e5d14b5, Fake md5: 19611ff463648d4db9e99121ba6cba12
2010/11/18 17:12:47.0406 DwProt - detected Forged file (1)
2010/11/18 17:12:47.0578 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/18 17:12:48.0406 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/18 17:12:48.0546 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/18 17:12:48.0656 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/18 17:12:48.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/18 17:12:49.0109 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/18 17:12:49.0281 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/11/18 17:12:49.0406 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/18 17:12:49.0546 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/18 17:12:49.0734 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/18 17:12:50.0015 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/18 17:12:50.0171 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/18 17:12:50.0296 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/18 17:12:50.0593 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/18 17:12:50.0765 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/18 17:12:51.0281 HSFHWBS2 (663b895c3f8464339eacd1d9cf69d661) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/11/18 17:12:51.0750 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/18 17:12:52.0531 HSF_DPV (7340b4d13875c413a6229bba8e4913ca) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/11/18 17:12:53.0593 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/18 17:12:54.0093 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/18 17:12:54.0296 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/18 17:12:54.0468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/18 17:12:55.0125 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys
2010/11/18 17:12:55.0500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/18 17:12:55.0656 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/18 17:12:55.0875 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/18 17:12:56.0046 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/18 17:12:56.0437 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/18 17:12:56.0625 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/18 17:12:56.0812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/18 17:12:57.0328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/18 17:12:57.0625 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/18 17:12:57.0890 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/11/18 17:12:58.0421 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/18 17:12:58.0640 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/11/18 17:12:58.0875 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/18 17:12:59.0281 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/18 17:12:59.0578 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/18 17:12:59.0718 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/18 17:13:00.0015 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/18 17:13:00.0281 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/18 17:13:00.0406 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/18 17:13:00.0656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/18 17:13:00.0906 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/18 17:13:01.0218 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/18 17:13:01.0421 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/18 17:13:01.0687 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/18 17:13:02.0093 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/18 17:13:02.0343 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/18 17:13:02.0734 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/18 17:13:03.0406 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/18 17:13:03.0531 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/18 17:13:03.0703 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/18 17:13:03.0828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/18 17:13:03.0968 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/18 17:13:04.0156 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/18 17:13:04.0328 NCHSSVAD (4e822077f3ef30e34147767bbae8acd4) C:\WINDOWS\system32\drivers\nchssvad.sys
2010/11/18 17:13:04.0515 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/18 17:13:04.0968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/18 17:13:05.0593 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/18 17:13:05.0750 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/18 17:13:06.0203 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/18 17:13:06.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/18 17:13:06.0515 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/18 17:13:06.0671 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/18 17:13:07.0031 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/18 17:13:07.0140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/18 17:13:08.0312 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/18 17:13:09.0484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/18 17:13:09.0671 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/18 17:13:09.0781 omci (35bee961b7a0b24fd130fb8f65f50005) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/18 17:13:10.0109 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2010/11/18 17:13:10.0500 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
2010/11/18 17:13:10.0921 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/18 17:13:11.0218 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/18 17:13:11.0343 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/18 17:13:11.0453 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/18 17:13:11.0640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/18 17:13:11.0953 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/18 17:13:12.0484 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/18 17:13:12.0578 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/18 17:13:12.0718 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/18 17:13:13.0140 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/18 17:13:13.0265 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/18 17:13:13.0390 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/18 17:13:13.0500 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/18 17:13:13.0593 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/18 17:13:13.0734 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/18 17:13:13.0968 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/18 17:13:14.0015 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/18 17:13:14.0125 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/18 17:13:14.0359 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/11/18 17:13:14.0546 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/18 17:13:14.0734 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/18 17:13:15.0062 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/18 17:13:15.0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/18 17:13:15.0968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/18 17:13:16.0859 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/18 17:13:17.0281 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/18 17:13:17.0609 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/18 17:13:18.0296 Secdrv (72dffa33f8ed1c847075eee2c1e790ee) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/18 17:13:18.0843 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2010/11/18 17:13:19.0312 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/18 17:13:19.0484 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/18 17:13:19.0843 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/18 17:13:20.0171 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/18 17:13:20.0484 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
2010/11/18 17:13:20.0828 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/18 17:13:21.0093 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/18 17:13:21.0359 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/18 17:13:21.0703 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/18 17:13:22.0125 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/11/18 17:13:22.0359 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/18 17:13:22.0656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/18 17:13:23.0156 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/18 17:13:23.0406 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/18 17:13:23.0671 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/18 17:13:24.0296 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/18 17:13:24.0531 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/18 17:13:24.0984 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/18 17:13:25.0281 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/18 17:13:25.0484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/18 17:13:25.0656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/18 17:13:26.0328 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/18 17:13:26.0500 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2010/11/18 17:13:26.0734 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/18 17:13:27.0187 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/18 17:13:27.0656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/18 17:13:28.0296 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/18 17:13:28.0609 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/18 17:13:28.0703 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/18 17:13:29.0171 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/18 17:13:29.0453 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/18 17:13:29.0687 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/18 17:13:29.0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/18 17:13:30.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/18 17:13:30.0343 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/18 17:13:30.0578 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/18 17:13:30.0859 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/18 17:13:31.0156 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/18 17:13:31.0328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/18 17:13:31.0640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/18 17:13:31.0984 winachsf (8adcd6078affc4c81f3c3ebb1e9e3a2b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/18 17:13:32.0421 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/18 17:13:32.0687 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/18 17:13:32.0781 \HardDisk0 - detected Backdoor.Win32.Sinowal.knf (0)
2010/11/18 17:13:32.0781 ================================================================================
2010/11/18 17:13:32.0781 Scan finished
2010/11/18 17:13:32.0781 ================================================================================
2010/11/18 17:13:32.0781 Detected object count: 2
2010/11/18 17:14:01.0953 Forged file(DwProt) - User select action: Skip
2010/11/18 17:14:02.0218 \HardDisk0 - will be cured after reboot
2010/11/18 17:14:02.0218 Backdoor.Win32.Sinowal.knf(\HardDisk0) - User select action: Cure
2010/11/18 17:14:14.0296 Deinitialize success

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:52 PM

Posted 19 November 2010 - 05:29 AM

Did you have the "cure" option for the forged file? If so, please rerun tdsskiller and cure the infection. If there was onlly a delete/quarantine/skip option, do nothing and post back here.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 raindrop

raindrop
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 19 November 2010 - 07:46 AM

Hi, I didn't know the answer to your question...so I ran the program again and it gave me 3 options, skip (which was checked), copy to quarantine, or delete. I skipped. i didn't know if you wanted the log? So I included it.
Thank you,
Raindrop

2010/11/19 07:41:21.0703 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/19 07:41:21.0703 ================================================================================
2010/11/19 07:41:21.0703 SystemInfo:
2010/11/19 07:41:21.0703
2010/11/19 07:41:21.0703 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/19 07:41:21.0703 Product type: Workstation
2010/11/19 07:41:21.0703 ComputerName: SANDYSNEWONE
2010/11/19 07:41:21.0703 UserName: sandra white
2010/11/19 07:41:21.0703 Windows directory: C:\WINDOWS
2010/11/19 07:41:21.0703 System windows directory: C:\WINDOWS
2010/11/19 07:41:21.0703 Processor architecture: Intel x86
2010/11/19 07:41:21.0703 Number of processors: 1
2010/11/19 07:41:21.0703 Page size: 0x1000
2010/11/19 07:41:21.0703 Boot type: Normal boot
2010/11/19 07:41:21.0703 ================================================================================
2010/11/19 07:41:21.0875 Initialize success
2010/11/19 07:41:25.0656 ================================================================================
2010/11/19 07:41:25.0656 Scan started
2010/11/19 07:41:25.0656 Mode: Manual;
2010/11/19 07:41:25.0656 ================================================================================
2010/11/19 07:41:26.0015 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/19 07:41:26.0078 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/19 07:41:26.0156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/19 07:41:26.0203 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/19 07:41:26.0281 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/19 07:41:26.0359 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/19 07:41:26.0421 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/19 07:41:26.0468 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/19 07:41:26.0546 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/19 07:41:26.0578 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/19 07:41:26.0625 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/19 07:41:26.0687 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/19 07:41:26.0765 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/19 07:41:26.0843 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/19 07:41:26.0906 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/19 07:41:26.0968 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/19 07:41:27.0015 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/19 07:41:27.0093 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/19 07:41:27.0218 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/19 07:41:27.0296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/19 07:41:27.0453 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/19 07:41:27.0625 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/19 07:41:27.0718 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/19 07:41:27.0812 b57w2k (8143be3d94866258f0b93373830cef01) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/11/19 07:41:27.0890 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/11/19 07:41:28.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/19 07:41:28.0296 CbFs (a975187f3c8867f8d00a698a5282672b) C:\WINDOWS\system32\drivers\cbfs.sys
2010/11/19 07:41:28.0375 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/19 07:41:28.0421 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/19 07:41:28.0484 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/19 07:41:28.0531 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/19 07:41:28.0578 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/19 07:41:28.0656 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/19 07:41:28.0750 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/19 07:41:28.0828 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/19 07:41:28.0906 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2010/11/19 07:41:28.0953 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/19 07:41:29.0000 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/19 07:41:29.0125 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/19 07:41:29.0234 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/19 07:41:29.0312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/19 07:41:29.0375 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/19 07:41:29.0468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/19 07:41:29.0546 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/19 07:41:29.0593 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/19 07:41:29.0671 DwProt (8f9ebdfb0993bb1aaef305fe0e5d14b5) C:\WINDOWS\system32\drivers\dwprot.sys
2010/11/19 07:41:29.0671 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dwprot.sys. Real md5: 8f9ebdfb0993bb1aaef305fe0e5d14b5, Fake md5: 19611ff463648d4db9e99121ba6cba12
2010/11/19 07:41:29.0671 DwProt - detected Forged file (1)
2010/11/19 07:41:29.0734 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/19 07:41:29.0921 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/19 07:41:29.0984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/19 07:41:30.0031 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/19 07:41:30.0078 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/19 07:41:30.0156 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/19 07:41:30.0218 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/11/19 07:41:30.0265 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/19 07:41:30.0328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/19 07:41:30.0375 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/19 07:41:30.0437 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/19 07:41:30.0484 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/19 07:41:30.0562 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/19 07:41:30.0593 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/19 07:41:30.0656 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/19 07:41:30.0718 HSFHWBS2 (663b895c3f8464339eacd1d9cf69d661) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/11/19 07:41:30.0828 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/19 07:41:30.0937 HSF_DPV (7340b4d13875c413a6229bba8e4913ca) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/11/19 07:41:31.0000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/19 07:41:31.0062 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/19 07:41:31.0125 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/19 07:41:31.0171 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/19 07:41:31.0234 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys
2010/11/19 07:41:31.0296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/19 07:41:31.0343 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/19 07:41:31.0406 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/19 07:41:31.0453 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/19 07:41:31.0515 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/19 07:41:31.0562 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/19 07:41:31.0625 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/19 07:41:31.0687 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/19 07:41:31.0734 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/19 07:41:31.0843 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/11/19 07:41:31.0937 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/19 07:41:31.0984 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/11/19 07:41:32.0062 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/19 07:41:32.0156 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/19 07:41:32.0187 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/19 07:41:32.0250 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/19 07:41:32.0312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/19 07:41:32.0437 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/19 07:41:32.0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/19 07:41:32.0546 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/19 07:41:32.0593 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/19 07:41:32.0656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/19 07:41:32.0718 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/19 07:41:32.0796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/19 07:41:32.0859 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/19 07:41:32.0937 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/19 07:41:33.0015 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/19 07:41:33.0078 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/19 07:41:33.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/19 07:41:33.0187 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/19 07:41:33.0250 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/19 07:41:33.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/19 07:41:33.0375 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/19 07:41:33.0437 NCHSSVAD (4e822077f3ef30e34147767bbae8acd4) C:\WINDOWS\system32\drivers\nchssvad.sys
2010/11/19 07:41:33.0468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/19 07:41:33.0515 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/19 07:41:33.0562 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/19 07:41:33.0609 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/19 07:41:33.0656 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/19 07:41:33.0718 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/19 07:41:33.0796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/19 07:41:33.0875 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/19 07:41:33.0937 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/19 07:41:33.0984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/19 07:41:34.0125 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/19 07:41:34.0250 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/19 07:41:34.0296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/19 07:41:34.0359 omci (35bee961b7a0b24fd130fb8f65f50005) C:\WINDOWS\system32\DRIVERS\omci.sys
2010/11/19 07:41:34.0421 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2010/11/19 07:41:34.0484 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
2010/11/19 07:41:34.0546 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/19 07:41:34.0593 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/19 07:41:34.0640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/19 07:41:34.0703 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/19 07:41:34.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/19 07:41:34.0875 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/19 07:41:35.0062 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/19 07:41:35.0156 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/19 07:41:35.0234 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/19 07:41:35.0281 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/19 07:41:35.0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/19 07:41:35.0359 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/19 07:41:35.0406 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/19 07:41:35.0437 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/19 07:41:35.0484 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/19 07:41:35.0515 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/19 07:41:35.0562 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/19 07:41:35.0609 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/19 07:41:35.0671 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/11/19 07:41:35.0718 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/19 07:41:35.0828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/19 07:41:35.0875 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/19 07:41:35.0937 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/19 07:41:35.0968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/19 07:41:36.0031 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/19 07:41:36.0093 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/19 07:41:36.0140 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/19 07:41:36.0265 Secdrv (72dffa33f8ed1c847075eee2c1e790ee) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/19 07:41:36.0343 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2010/11/19 07:41:36.0421 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/19 07:41:36.0453 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/19 07:41:36.0515 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/19 07:41:36.0609 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/19 07:41:36.0671 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
2010/11/19 07:41:36.0734 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/19 07:41:36.0796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/19 07:41:36.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/19 07:41:36.0906 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/19 07:41:36.0984 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/11/19 07:41:37.0062 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/19 07:41:37.0125 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/19 07:41:37.0203 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/19 07:41:37.0250 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/19 07:41:37.0296 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/19 07:41:37.0328 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/19 07:41:37.0375 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/19 07:41:37.0453 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/19 07:41:37.0515 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/19 07:41:37.0562 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/19 07:41:37.0625 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/19 07:41:37.0687 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/19 07:41:37.0750 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2010/11/19 07:41:37.0843 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/19 07:41:37.0906 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/19 07:41:37.0984 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/19 07:41:38.0078 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/19 07:41:38.0140 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/19 07:41:38.0187 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/19 07:41:38.0234 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/19 07:41:38.0281 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/19 07:41:38.0328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/19 07:41:38.0359 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/19 07:41:38.0406 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/19 07:41:38.0453 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/19 07:41:38.0500 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/19 07:41:38.0531 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/19 07:41:38.0578 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/19 07:41:38.0640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/19 07:41:38.0718 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/19 07:41:38.0828 winachsf (8adcd6078affc4c81f3c3ebb1e9e3a2b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/19 07:41:38.0984 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/19 07:41:39.0062 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/19 07:41:39.0125 ================================================================================
2010/11/19 07:41:39.0125 Scan finished
2010/11/19 07:41:39.0125 ================================================================================
2010/11/19 07:41:39.0140 Detected object count: 1
2010/11/19 07:42:32.0484 Forged file(DwProt) - User select action: Skip

Edited by raindrop, 19 November 2010 - 07:53 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users