Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer at 50 % and sluggish start


  • This topic is locked This topic is locked
10 replies to this topic

#1 surgeonffs

surgeonffs

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 02 January 2011 - 01:31 PM

My laptop is giving me grief. When I first start it, it takes a few minutes before it lets me open any programs. It's weird because I'm still able to open my task manager, explorer and browse just fine, but most programs won't start. The explorer.exe process also runs at 50 % of the CPU during this period. After a few minutes, every program that I attempted to open in the interim suddenly opens. I run Avast AV and Comodo firewall. HijackThis below.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:17:13, on 02.01.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21295)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer Bio Protection\BASVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Universal Shield 4.3\US4Service.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Acer Bio Protection\PwdBank.exe
C:\WINDOWS\PLFSetI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
F:\Itunes\iTunesHelper.exe
C:\PROGRA~1\Eraser\Eraser.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Trend Micro\HiJackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Program Files\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [US4Service] C:\Program Files\Universal Shield 4.3\US4Service.exe
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-842925246-790525478-1801674531-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-21-842925246-790525478-1801674531-1004\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: B-Service - Unknown owner - C:\Documents and Settings\Administrator\Application Data\Mikogo\B-Service.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files\Acer Bio Protection\BASVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11930 bytes


Thoughts?

Edited by surgeonffs, 02 January 2011 - 01:38 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:41 PM

Posted 07 January 2011 - 03:20 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 surgeonffs

surgeonffs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 08 January 2011 - 12:20 AM

Hi.

My problem is that when I start the computer it takes a few minutes before it lets me open any programs. I'm still able to open my task manager and explorer and I can browse just fine, but no other programs will start (e.g. firefox, games, VLC). The explorer.exe process also runs at 50 % of the CPU during this period. After a few minutes of this, every program that I attempted to open during the preceding few minutes opens. This is not an instance of my computer just being slow to start. This problem just started suddenly one day.

Here is the OTL.txt:

OTL logfile created on: 08.01.2011 05:56:37 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53,93 Gb Total Space | 10,74 Gb Free Space | 19,91% Space Free | Partition Type: NTFS
Drive D: | 185,55 Gb Total Space | 23,30 Gb Free Space | 12,56% Space Free | Partition Type: NTFS
Drive E: | 185,55 Gb Total Space | 35,28 Gb Free Space | 19,02% Space Free | Partition Type: NTFS
Drive F: | 40,73 Gb Total Space | 21,77 Gb Free Space | 53,45% Space Free | Partition Type: NTFS

Computer Name: ANONYMOUS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.01.08 05:55:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010.12.10 16:22:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.12.03 10:05:32 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.12.03 10:05:32 | 000,930,032 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.10.04 08:58:13 | 002,500,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010.10.04 08:58:11 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010.09.07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.07.04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010.04.10 07:45:46 | 000,979,344 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009.12.21 06:45:56 | 000,039,424 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.10.11 11:58:33 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.09.15 13:15:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Universal Shield 4.3\US4Service.exe
PRC - [2009.06.18 19:37:16 | 003,560,960 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\PdtWzd.exe
PRC - [2009.06.18 19:37:16 | 003,447,296 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\BASVC.exe
PRC - [2009.06.18 19:37:14 | 004,185,088 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\PwdBank.exe
PRC - [2009.05.29 09:28:16 | 000,080,896 | ---- | M] () -- C:\WINDOWS\hffext\hffsrv.exe
PRC - [2009.03.13 04:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009.03.13 04:48:48 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.02.13 07:25:25 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.07.29 18:29:26 | 000,200,704 | ---- | M] () -- C:\WINDOWS\PLFSetI.exe
PRC - [2005.04.27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004.08.04 06:56:58 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2002.03.19 16:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (SafeList) ==========

MOD - [2011.01.08 05:55:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010.10.04 08:58:37 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010.08.23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010.07.04 22:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2009.05.29 09:28:16 | 000,044,032 | ---- | M] () -- C:\WINDOWS\hffext\HFFKbd.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.12.03 10:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.10.04 08:58:11 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010.09.12 15:21:27 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\Administrator\Application Data\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.01.21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009.06.18 19:37:16 | 003,447,296 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009.03.13 04:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2005.04.27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2010.12.03 10:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.12.03 10:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010.10.20 01:20:12 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.10.16 19:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010.10.04 08:58:36 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010.10.04 08:58:36 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010.10.04 08:58:36 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010.09.07 21:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010.09.07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.09.07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.09.07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.09.07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.09.07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.09.07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.11.22 19:19:39 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.09.24 07:32:57 | 000,027,184 | ---- | M] (Egistec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2009.09.11 20:45:48 | 005,911,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.06.18 19:48:12 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009.05.28 14:28:28 | 000,044,288 | ---- | M] (Silence of Troubles United Company Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FDCENT.SYS -- (FDCENT)
DRV - [2009.05.11 13:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009.04.15 17:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009.03.20 20:51:02 | 000,071,168 | ---- | M] (© Everstrike Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\US30XP.sys -- (US30Sys)
DRV - [2009.02.25 12:53:00 | 000,112,992 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2009.02.13 07:40:03 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iastor86.sys -- (iastor86)
DRV - [2008.12.30 11:18:50 | 000,057,856 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\enecir.sys -- (enecir)
DRV - [2008.12.10 19:56:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008.09.12 18:32:56 | 000,327,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.08.05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.06.27 07:46:48 | 006,023,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008.04.29 00:56:00 | 000,011,264 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\enecirhid.sys -- (enecirhid)
DRV - [2008.04.25 08:16:00 | 000,005,632 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\enecirhidma.sys -- (enecirhidma)
DRV - [2008.04.20 23:00:00 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008.04.14 12:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.12 18:52:34 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006.01.04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2002.09.16 11:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-842925246-790525478-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-842925246-790525478-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.finn.no/finn/realestate/lettings/result|http://www.google.no/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: nb-NO@dictionaries.addons.mozilla.org:2.0.10.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 16:22:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 16:22:07 | 000,000,000 | ---D | M]

[2009.09.22 23:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010.11.25 15:58:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ygzmtmk.default\extensions
[2010.06.26 17:59:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ygzmtmk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.12 02:14:53 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ygzmtmk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.11.12 02:14:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ygzmtmk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.07 12:26:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ygzmtmk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.07.30 15:37:02 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ygzmtmk.default\extensions\DTToolbar@toolbarnet.com
[2010.07.17 16:19:52 | 000,000,000 | ---D | M] (Norsk Bokmål ordliste) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4ygzmtmk.default\extensions\nb-NO@dictionaries.addons.mozilla.org
[2011.01.08 03:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i5p4sqg9.ano\extensions
[2010.10.20 03:06:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i5p4sqg9.ano\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.16 05:33:55 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i5p4sqg9.ano\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.12.26 20:23:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i5p4sqg9.ano\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.20 03:00:31 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i5p4sqg9.ano\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011.01.07 19:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\neth5emh.Default User\extensions
[2010.12.09 23:25:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\neth5emh.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.09 23:25:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\neth5emh.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.30 16:58:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\neth5emh.Default User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.01.08 03:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.13 18:17:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.16 02:35:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.09.21 22:07:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011.01.03 22:22:09 | 000,427,639 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14749 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-842925246-790525478-1801674531-500\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [hffsrv] c:\WINDOWS\hffext\hffsrv.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [US4Service] C:\Program Files\Universal Shield 4.3\US4Service.exe ()
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft)
O4 - HKU\S-1-5-21-842925246-790525478-1801674531-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-842925246-790525478-1801674531-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-842925246-790525478-1801674531-1004..\RunOnce: [Windows XP Settings] C:\WINDOWS\System32\CMD.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-790525478-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-790525478-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-842925246-790525478-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-842925246-790525478-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O7 - HKU\S-1-5-21-842925246-790525478-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-842925246-790525478-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-842925246-790525478-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O7 - HKU\S-1-5-21-842925246-790525478-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.213.112.4 130.67.15.198
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer Bio Protection\WinNotify.dll (Egis Technology Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.21 22:00:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bf8fcdfc-a6ff-11de-8c8f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bf8fcdfc-a6ff-11de-8c8f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bf8fcdfc-a6ff-11de-8c8f-806d6172696f}\Shell\AutoRun\command - "" = G:\autoplay.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: FDCENT.SYS - C:\WINDOWS\system32\drivers\FDCENT.SYS (Silence of Troubles United Company Ltd.)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HideFilesAndFolders_S - Reg Error: Value error.
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D76AD0F-B67E-263C-3B9E-C15E30718BF8} - Browser Customizations
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {D6D90E4E-738B-2434-AD1F-E12AC7262601} - Windows Media Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011.01.08 05:55:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011.01.08 03:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Gmask 1.70 English
[2011.01.03 19:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011.01.03 19:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.01.03 19:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011.01.03 19:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Keygen music
[2011.01.03 19:35:47 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2011.01.02 22:56:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011.01.02 22:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011.01.02 22:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011.01.02 20:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\hosts
[2011.01.02 20:21:50 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\Administrator\Desktop\spywareblastersetup44.exe
[2011.01.02 20:17:39 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2011.01.02 19:46:55 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.01.02 19:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sunbelt Software
[2011.01.02 19:38:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011.01.02 19:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2011.01.02 19:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backupreg
[2011.01.02 19:14:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.01.02 19:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2011.01.02 19:13:01 | 130,359,064 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-Aware90Install.exe
[2011.01.02 19:10:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011.01.02 19:06:27 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011.01.02 19:06:13 | 000,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\VundoFix.exe
[2010.12.27 17:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Funcom
[2010.12.27 17:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.12.15 04:08:52 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010.12.15 04:08:35 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010.12.13 04:09:25 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.12.12 17:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Firaxis Games
[2010.12.12 16:57:56 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[2010.12.11 08:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SKIDROW
[2010.12.10 00:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sid Meier's Civilization V
[2010.12.09 19:16:12 | 014,532,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2010.12.09 19:16:12 | 013,012,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010.12.09 19:16:12 | 009,623,680 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010.12.09 19:16:12 | 006,359,552 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010.12.09 19:16:12 | 004,882,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010.12.09 19:16:12 | 002,932,840 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010.12.09 19:16:12 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010.12.09 19:16:12 | 001,462,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010.12.09 19:16:12 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2010.12.09 19:16:12 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2010.12.09 19:16:12 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010.12.09 19:15:39 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.12.09 18:47:45 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010.12.09 18:47:44 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010.12.09 18:47:41 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010.12.09 18:47:40 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010.12.09 18:47:40 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010.12.09 18:47:40 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010.12.09 18:47:40 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010.12.09 18:47:39 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010.12.09 18:47:39 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010.12.09 18:47:39 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010.12.09 18:47:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010.12.09 18:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\My Games
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.01.08 05:55:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011.01.08 02:38:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011.01.07 21:15:49 | 000,002,437 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to HoldemManager.exe.lnk
[2011.01.07 20:22:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.01.07 15:19:24 | 000,217,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.07 13:11:47 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.01.07 13:11:47 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.01.07 13:08:03 | 000,000,436 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011.01.07 13:06:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.07 13:06:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.07 13:06:45 | 2682,159,104 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.07 01:17:31 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\pkr.xlsx
[2011.01.03 22:22:09 | 000,427,639 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.01.03 21:45:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110103-222209.backup
[2011.01.03 21:36:18 | 000,000,755 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.01.03 19:42:16 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011.01.03 19:37:40 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2011.01.02 20:23:26 | 000,153,699 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\hosts.zip
[2011.01.02 20:22:00 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\Administrator\Desktop\spywareblastersetup44.exe
[2011.01.02 20:17:41 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\ATF-Cleaner.exe
[2011.01.02 19:46:55 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.01.02 19:38:29 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011.01.02 19:38:29 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011.01.02 19:22:04 | 130,359,064 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-Aware90Install.exe
[2011.01.02 19:14:55 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011.01.02 19:10:52 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2011.01.02 19:06:13 | 000,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Administrator\Desktop\VundoFix.exe
[2010.12.29 09:39:03 | 040,320,128 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cswdcb70.mp3
[2010.12.28 19:31:10 | 045,271,377 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cswdcb69.mp3
[2010.12.28 18:47:04 | 037,692,001 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cswdcb68.mp3
[2010.12.27 23:26:47 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2010.12.27 17:23:38 | 000,000,287 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Den lengste reisen.lnk
[2010.12.26 18:00:51 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.12.26 18:00:51 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.12.26 15:57:40 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.12.19 02:18:55 | 002,263,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.12.09 19:23:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.01.03 21:35:22 | 000,000,755 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011.01.03 19:42:16 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011.01.02 20:23:25 | 000,153,699 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\hosts.zip
[2011.01.02 19:38:29 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011.01.02 19:38:29 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011.01.02 19:14:36 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2011.01.02 19:10:49 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.msi
[2010.12.29 09:35:45 | 040,320,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cswdcb70.mp3
[2010.12.28 19:27:05 | 045,271,377 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cswdcb69.mp3
[2010.12.28 18:43:54 | 037,692,001 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cswdcb68.mp3
[2010.12.27 23:26:47 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2010.12.27 17:23:38 | 000,000,287 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Den lengste reisen.lnk
[2010.12.09 19:27:51 | 2682,159,104 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.09 19:23:16 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010.12.09 19:23:12 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010.12.09 19:23:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010.12.09 19:23:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2010.12.09 19:16:12 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010.12.09 19:16:11 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.11.12 12:19:23 | 000,374,272 | ---- | C] () -- C:\WINDOWS\System32\mss32.dll
[2010.11.12 11:58:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2010.11.05 08:28:18 | 000,000,263 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.22 06:54:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2010.10.20 21:52:21 | 000,354,304 | ---- | C] () -- C:\WINDOWS\System32\pythoncom26.dll
[2010.10.20 21:52:21 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\pywintypes26.dll
[2010.07.28 23:20:18 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll
[2010.07.28 23:20:18 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2010.06.13 03:11:50 | 000,127,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.04.07 04:51:34 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.03.08 13:40:14 | 000,137,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.02.09 00:51:59 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\machpro.dat
[2009.11.22 19:19:39 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.09.27 23:28:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4964.dll
[2009.09.23 06:39:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2009.09.22 20:48:35 | 000,217,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.21 23:53:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.09.21 22:08:04 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.09.21 22:08:03 | 002,246,163 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009.09.21 22:08:03 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.09.21 22:08:03 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.09.21 22:08:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.09.21 22:08:01 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.09.21 21:57:25 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2009.09.21 21:57:24 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2009.09.21 21:57:24 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009.06.20 09:15:04 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.09.11 19:01:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\INT15.dll
[2008.09.09 16:38:48 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\INT15_64.dll
[2008.09.09 16:38:48 | 000,015,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2008.03.12 18:52:34 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1774.08.29 14:22:31 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009.02.13 07:38:30 | 009,144,960 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.02.13 07:38:30 | 009,144,960 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 12:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 12:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008.09.12 18:32:56 | 000,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009.02.13 07:26:28 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B603334E9448D72887FC660CD8FC1C82 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 12:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.11.22 19:19:39 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009.09.21 23:49:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.09.21 23:49:23 | 001,073,152 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.09.21 23:49:23 | 000,851,968 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010.12.03 10:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2010.11.02 16:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2010.10.16 19:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2010.10.13 01:28:53 | 000,137,960 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys
[2011.01.02 19:46:55 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2010.10.20 01:20:12 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\system32\drivers\truecrypt.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


Here is Extras.txt:

OTL Extras logfile created on: 08.01.2011 05:56:37 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53,93 Gb Total Space | 10,74 Gb Free Space | 19,91% Space Free | Partition Type: NTFS
Drive D: | 185,55 Gb Total Space | 23,30 Gb Free Space | 12,56% Space Free | Partition Type: NTFS
Drive E: | 185,55 Gb Total Space | 35,28 Gb Free Space | 19,02% Space Free | Partition Type: NTFS
Drive F: | 40,73 Gb Total Space | 21,77 Gb Free Space | 53,45% Space Free | Partition Type: NTFS

Computer Name: ANONYMOUS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-842925246-790525478-1801674531-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"F:\Utorrent\uTorrent.exe" = F:\Utorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"F:\Baldur's Gate\BGMain.exe" = F:\Baldur's Gate\BGMain.exe:*:Enabled:Baldur's Gate, the Game -- File not found
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"F:\Itunes\iTunes.exe" = F:\Itunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Ventrilo3\Ventrilo.exe" = C:\Program Files\Ventrilo3\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Steam\steamapps\surgeongg\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\surgeongg\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"E:\civ4\Civilization4.exe" = E:\civ4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- File not found
"E:\civ4\Warlords\Civ4Warlords.exe" = E:\civ4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- File not found
"E:\civ4\Warlords\Civ4Warlords_PitBoss.exe" = E:\civ4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- File not found
"E:\civ4\Beyond the Sword\Civ4BeyondSword.exe" = E:\civ4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- File not found
"E:\civ4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = E:\civ4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- File not found
"E:\Civ IV\Civilization4.exe" = E:\Civ IV\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Complete -- (Firaxis Games)
"E:\Civ IV\Warlords\Civ4Warlords.exe" = E:\Civ IV\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords -- (Firaxis Games)
"E:\Civ IV\Beyond the Sword\Civ4BeyondSword.exe" = E:\Civ IV\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4: Beyond the Sword -- (Firaxis Games)
"E:\Civ IV\Colonization\Colonization.exe" = E:\Civ IV\Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization -- (Firaxis Games)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01386D1F-ADE7-43B4-A4E9-312FC5BC726F}_is1" = SWF Opener
"{0280F0D8-1542-4DAA-913C-8529E2A3835D}" = The Longest Journey
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DFC4415-8E8F-4ADB-8A0B-2F314A8FD14D}" = Windows Live Messenger
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Opplastingsverktøy for Windows Live
"{20c31435-2a0a-4580-be8b-ac06fc243ca4}" = Python 2.7
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 21
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{38BA2875-D7AD-4611-ABA3-C385051ADF42}" = Eraser 6.0.7.1893
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3B4A0DDA-2AAE-4467-A803-BF2520CD3D06}" = Påloggingsassistent for Windows Live
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{57CDBAE6-0896-4E78-88F0-C673E4BB44FE}" = Universal Shield
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3B0503-7DF4-4BE7-BC75-F6B02AC78C06}" = Windows Live Essentials
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6C1804BC-094F-431A-BEA5-37A837958029}" = Rome - Total War - Alexander
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}" = BabasChess
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB3E96C-41E0-4C5D-9622-7C2EFA5E2245}_is1" = Fall Further 051
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.7.2
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate™ II - Throne of Bhaal ™
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA8CD7C-0B8D-4F47-A440-E91B318D8C99}_is1" = Orbis
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"07F6F3DB62A9D59A719B35E8758992268D8D6D8A" = ENE CIR Receiver Driver (12/30/2008 2.7.2.0)
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Audacity_is1" = Audacity 1.2.6
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast5" = avast! Free Antivirus
"AVerMedia A310 (MiniCard, DVB-T)" = AVerMedia A310 (MiniCard, DVB-T) 1.1.0.22
"Baldur's Gate" = Baldur's Gate
"CCleaner" = CCleaner (remove only)
"Championship Manager 01-02" = Championship Manager 01-02
"Close Combat" = Close Combat
"CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
"comtypes-py2.6" = Python 2.6 comtypes-0.6.2
"comtypes-py2.7" = Python 2.7 comtypes-0.6.2
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Deus Ex" = Deus Ex
"EVE" = EVE Online (remove only)
"Football Manager 2011 Russian" = Football Manager 2011 Russian
"Foxit Reader" = Foxit Reader
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hide Files and Folders_is1" = Hide Files and Folders v3.4
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.6.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"Mikogo" = Mikogo
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PokerStars" = PokerStars
"psyco-py2.6" = Python 2.6 psyco-1.6
"PunkBusterSvc" = PunkBuster Services
"pywin32-py2.6" = Python 2.6 pywin32-214
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"RealPlayer 12.0" = RealPlayer
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Steam App 10" = Counter-Strike
"Steam App 80" = Condition Zero
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TrueCrypt" = TrueCrypt
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"VentriloMIX" = VentriloMIX
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Rights Management Client" = Windows Rights Management Client with Service Pack 2
"Windows Rights Management Client Backwards" = Windows Rights Management Client Backwards Compatibility SP2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wrye Bash" = Wrye Bash
"wxPython2.8-ansi-py26_is1" = wxPython 2.8.11.0 (ansi) for Python 2.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-790525478-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MLQTSource" = MediaLooks QuickTime Source 1.7.0.3 (DirectShow Filter)

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 08.11.2009 10:06:41 | Computer Name = ANONYMOUS | Source = avast! | ID = 33554522
Description =

Error - 08.11.2009 10:08:57 | Computer Name = ANONYMOUS | Source = avast! | ID = 33554522
Description =

Error - 08.11.2009 10:14:04 | Computer Name = ANONYMOUS | Source = avast! | ID = 33554522
Description =

Error - 11.11.2009 13:02:17 | Computer Name = ANONYMOUS | Source = avast! | ID = 33554522
Description =

Error - 08.09.2010 18:46:34 | Computer Name = ANONYMOUS | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 03.01.2011 14:24:15 | Computer Name = ANONYMOUS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 04.01.2011 19:12:03 | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module avcq.dll, version 10.0.0.934, fault address 0x000013b7.

Error - 04.01.2011 19:12:43 | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 04.01.2011 19:16:37 | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module avcq.dll, version 10.0.0.934, fault address 0x000013b7.

Error - 04.01.2011 19:23:21 | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module avcq.dll, version 10.0.0.934, fault address 0x000013b7.

Error - 07.01.2011 08:06:59 | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 07.01.2011 08:07:35 | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 07.01.2011 08:07:35 | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 07.01.2011 08:07:35 | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 07.01.2011 08:07:35 | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 05.01.2011 17:14:37 | Computer Name = ANONYMOUS | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 06.01.2011 06:57:54 | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 06.01.2011 12:49:34 | Computer Name = ANONYMOUS | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 07.01.2011 08:06:57 | Computer Name = ANONYMOUS | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.1 for the Network Card with network address
001E658038E8 has been denied by the DHCP server 10.0.0.138 (The DHCP Server sent
a DHCPNACK message).

Error - 07.01.2011 08:06:59 | Computer Name = ANONYMOUS | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 07.01.2011 08:08:05 | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 07.01.2011 08:54:25 | Computer Name = ANONYMOUS | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 07.01.2011 09:16:20 | Computer Name = ANONYMOUS | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >




Thank you for helping me with this.

Edited by surgeonffs, 08 January 2011 - 12:30 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:41 PM

Posted 08 January 2011 - 02:35 PM

Hi,
please run a scan with rootkitunhooker next:
Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 surgeonffs

surgeonffs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 08 January 2011 - 02:55 PM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB5486000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9625600 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 260.99 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6361088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 260.99 )
0xAF863000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6103040 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xB50B0000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 3629056 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB7EB4000 PCI_PNP7318 995328 bytes
0xB7EB4000 spbm.sys 995328 bytes
0xB7EB4000 sptd 995328 bytes
0xB4B6A000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xACB09000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 892928 bytes
0xB7D3E000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB7C64000 iastor86.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB7B8E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB4EC3000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xACC28000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB4A39000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xACD80000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA914C000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA69B5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB4F57000 C:\WINDOWS\System32\Drivers\a7k8jirq.SYS 233472 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xACE0C000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 233472 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xACCC3000 C:\WINDOWS\System32\drivers\truecrypt.sys 225280 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0xB507E000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 204800 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xB4B12000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7E6E000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7B4C000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA9C8A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9CA7F000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xACC98000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB544A000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xACD58000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xACC01000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0xB7E18000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xACD32000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x9CAAA000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB1489000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB5426000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB503D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xACD10000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134528 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7C44000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7E3E000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB5060000 C:\WINDOWS\system32\DRIVERS\jmcr.sys 122880 bytes (JMicron Technology Corporation, JMicron JMB38X Flash Media Controller Driver)
0xACBE3000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xB7B32000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB4F3E000 C:\WINDOWS\system32\DRIVERS\enecir.sys 102400 bytes (ENE TECHNOLOGY INC., ENE CIR Driver for eHome)
0xB7E9C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xAA24B000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xB7C1B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB4B53000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB14AD000 C:\WINDOWS\system32\drivers\nvhda32.sys 94208 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)
0xACCFA000 C:\WINDOWS\System32\Drivers\US30XP.sys 90112 bytes (© Everstrike Software, Universal Shield Filter Driver)
0xB7B79000 inspect.sys 86016 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xAA07E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB5472000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xACDD9000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7C32000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xA91CC000 C:\WINDOWS\system32\drivers\int15.sys 69632 bytes
0xB7E5D000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB4B42000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAD1F3000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB5F59000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB5F89000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB80A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB5F39000 C:\WINDOWS\system32\DRIVERS\rspndr.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0xB81F8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xAD213000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB3363000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8118000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xB5F49000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB462B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB3343000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB5F79000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB81B8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB81A8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB81D8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xAD243000 C:\WINDOWS\system32\drivers\FDCENT.SYS 45056 bytes (Silence of Troubles United Company Ltd., Filter Device)
0xAD6C2000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB5F69000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB81C8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xAD6E2000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xB80C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB33A3000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8128000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB8208000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB33B3000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8258000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB81E8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xAD6D2000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA6439000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xAD223000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8368000 C:\WINDOWS\system32\DRIVERS\enecirhid.sys 32768 bytes (ENE TECHNOLOGY INC., ENE CIR HID Driver)
0xB83E0000 C:\WINDOWS\system32\DRIVERS\enecirhidma.sys 32768 bytes (ENE TECHNOLOGY INC., ENE CIR HID Mapper Driver)
0xB32E3000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8488000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB8420000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB83E8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xACF6F000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xB8438000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB8428000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8430000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB8418000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB32F3000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB06A1000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xB8400000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 20480 bytes (COMODO, COMODO Internet Security Helper Driver)
0xB8480000 C:\WINDOWS\System32\Drivers\FPSensor.sys 20480 bytes (Egistec, Fingerprint Sensor Driver)
0xB32EB000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8350000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8358000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB8330000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xACF4F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB84C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB78BA000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB7B0E000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7AEA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB7ACD000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB7AFA000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xADC37000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB84BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB4180000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAD2D5000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 12288 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA9F56000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA7507000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7B02000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAD2D1000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA9034000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 12288 bytes
0xB78A2000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB8638000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB863A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85FE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8666000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8798000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB86DC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xACEF2000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xACE93000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes (PowerQuest Corporation, PowerQuest Boot Mode Driver.)
0x8AF0F1F8 unknown_irp_handler 3592 bytes
0x8A15D1F8 unknown_irp_handler 3592 bytes
0x8AEA01F8 unknown_irp_handler 3592 bytes
0x867EA1F8 unknown_irp_handler 3592 bytes
0x8A24F1F8 unknown_irp_handler 3592 bytes
0x8A23A1F8 unknown_irp_handler 3592 bytes
0x8AF0E1F8 unknown_irp_handler 3592 bytes
0x867C61F8 unknown_irp_handler 3592 bytes
0x8A268500 unknown_irp_handler 2816 bytes
0x8AE47500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86561798 ] TID: 184, 788032 bytes
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86561520 ] TID: 196, 134611715 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x862D1570 ] TID: 200, 4325379 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86368DA8 ] TID: 204
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85B443F0 ] TID: 236
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A338020 ] TID: 240
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x85ED3B30 ] TID: 244
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86602DA8 ] TID: 252
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x85AEC2A8 ] TID: 264
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85F5FB70 ] TID: 272
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864D2DA8 ] TID: 280
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x862DB998 ] TID: 352
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8643F4B8 ] TID: 456
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8632DBA0 ] TID: 460
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8632CDA8 ] TID: 464
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8632CB30 ] TID: 468
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8632C8B8 ] TID: 472
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86290DA8 ] TID: 476
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86290B30 ] TID: 480
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x862908B8 ] TID: 484
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86475B30 ] TID: 488
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86475DA8 ] TID: 492
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x864758B8 ] TID: 496
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x864C6DA8 ] TID: 500
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x864C6B30 ] TID: 504
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x864C68B8 ] TID: 508
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x862DA998 ] TID: 512
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x863DF508 ] TID: 516
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8A136A90 ] TID: 520
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86474B48 ] TID: 524
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8646CDA8 ] TID: 560
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8646DDA8 ] TID: 612
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x862DA720 ] TID: 616
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8651CBA8 ] TID: 696
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x865625C0 ] TID: 708
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E8A5D8 ] TID: 760
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85BB25B8 ] TID: 808
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EA85B8 ] TID: 812
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DD5B78 ] TID: 816
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FA64F0 ] TID: 848
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86015DA8 ] TID: 852
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85EEB4A8 ] TID: 856
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85EDC5B8 ] TID: 860
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BF29A8 ] TID: 864
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D83DA8 ] TID: 868
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AFE538 ] TID: 920
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8651F5C8 ] TID: 940
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86475438 ] TID: 944
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85B0FCC0 ] TID: 956
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85E1A5C0 ] TID: 976
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A2D26E0 ] TID: 996, 3118287557 bytes
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85FCA5B8 ] TID: 1004, 544106345 bytes
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A1F8960 ] TID: 1008, 4456520 bytes
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A289BF0 ] TID: 1012
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86363DA8 ] TID: 1020
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8646DB30 ] TID: 1024
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8661EC10 ] TID: 1028
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8655DB00 ] TID: 1036, 6 bytes
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86324DA8 ] TID: 1044
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x862D9B00 ] TID: 1052
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86363B30 ] TID: 1056
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86907B30 ] TID: 1060
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x862DDB30 ] TID: 1064
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86907DA8 ] TID: 1068
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86473B00 ] TID: 1072
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x862DDDA8 ] TID: 1076
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x864CC428 ] TID: 1084
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x863FFDA8 ] TID: 1104
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86291540 ] TID: 1124
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86621470 ] TID: 1132, 2097184 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x863C1BC8 ] TID: 1144
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86627898 ] TID: 1152
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x859168F0 ] TID: 1160
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8A1B9A80 ] TID: 1172
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x863A6648 ] TID: 1180
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x863B0648 ] TID: 1184, 196611 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x863B1648 ] TID: 1188
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x865ECA68 ] TID: 1192
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x863DE4B8 ] TID: 1196, 3342404 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86404A80 ] TID: 1200
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x863ECA90 ] TID: 1204
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x863F0A90 ] TID: 1208
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86628750 ] TID: 1216
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x863E7328 ] TID: 1220
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x85DD7930 ] TID: 1224
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x85B847A8 ] TID: 1228
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x865DE508 ] TID: 1244, 1 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x863F1A90 ] TID: 1248
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x865E4508 ] TID: 1252
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x865F87C8 ] TID: 1256
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8658C648 ] TID: 1264
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8658B648 ] TID: 1276
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85F3D5C0 ] TID: 1280
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x862DC5C0 ] TID: 1284
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86291998 ] TID: 1288
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x863DC508 ] TID: 1292
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8664E020 ] TID: 1296, 842149943 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8664EBC8 ] TID: 1304, 806164405 bytes
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86546DA8 ] TID: 1308, 2835612418 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x865D8690 ] TID: 1352, 338713144 bytes
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85F265C8 ] TID: 1364
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86560628 ] TID: 1368
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86354020 ] TID: 1376
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86354880 ] TID: 1384
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x865E6AD0 ] TID: 1396
0x8055C700 Faked ServiceTable-->US4Service.exe [ ETHREAD 0x860255C8 ] TID: 1432
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x867A15B0 ] TID: 1436
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A356020 ] TID: 1444
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864989E8 ] TID: 1464
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86498770 ] TID: 1468
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864984F8 ] TID: 1472
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86350738 ] TID: 1504
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x863504C0 ] TID: 1508
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8638B920 ] TID: 1512
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8638DB00 ] TID: 1528
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x862FA6F0 ] TID: 1532
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x862A8380 ] TID: 1540
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8638AAF8 ] TID: 1544
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86494B10 ] TID: 1556
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864996D0 ] TID: 1564
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86494580 ] TID: 1568
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86352AF8 ] TID: 1580
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86495378 ] TID: 1584
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8657B9A0 ] TID: 1592
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8657B728 ] TID: 1596
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D19020 ] TID: 1600
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8645CDA8 ] TID: 1612
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864857B0 ] TID: 1628
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8646E420 ] TID: 1640
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x85DD6DA8 ] TID: 1644
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86474420 ] TID: 1652
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86079BA0 ] TID: 1656
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85E13BA8 ] TID: 1664
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85F26350 ] TID: 1688
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x85CBBBA8 ] TID: 1692
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85B64D10 ] TID: 1704
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x863407B0 ] TID: 1756
0x8055C700 Faked ServiceTable-->TrueCrypt.exe [ ETHREAD 0x85764020 ] TID: 1760
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864CF818 ] TID: 1776
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86560DA8 ] TID: 1788
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86078998 ] TID: 1804
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8633B7B0 ] TID: 1828
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86493940 ] TID: 1832
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A293DA8 ] TID: 1840
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x862E67B0 ] TID: 1844
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A288DA8 ] TID: 1856
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89B03798 ] TID: 1868, 4325888 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86373020 ] TID: 1884
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A1D5C18 ] TID: 1904
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x863E2020 ] TID: 1912
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85A5A020 ] TID: 1916
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A2D68F8 ] TID: 1920
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8633F7B0 ] TID: 1924
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86319B30 ] TID: 2012
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864F7BA0 ] TID: 2040
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864CB5C0 ] TID: 2044
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x86014B30 ] TID: 2084
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A34EDA8 ] TID: 2092
0x8055C700 Faked ServiceTable-->hffsrv.exe [ ETHREAD 0x86543BA0 ] TID: 2112
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x86014DA8 ] TID: 2116
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x865CEAF0 ] TID: 2140
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85FA3DA8 ] TID: 2148
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85F76340 ] TID: 2160
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x862E2DA8 ] TID: 2164
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85F83020 ] TID: 2168
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EC6BA0 ] TID: 2172
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DCAAA8 ] TID: 2176
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x86552B00 ] TID: 2188
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A131B00 ] TID: 2208
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86358530 ] TID: 2248
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x85E3BDA8 ] TID: 2260
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F74DA8 ] TID: 2276
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F78410 ] TID: 2280
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E15BA0 ] TID: 2304
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85ED93C8 ] TID: 2320
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EC7DA8 ] TID: 2324
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85A71020 ] TID: 2352
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8664FBA0 ] TID: 2356
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8606CDA8 ] TID: 2372
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x86437DA8 ] TID: 2400
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x864B65C8 ] TID: 2404
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86625B88 ] TID: 2424
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E529D8 ] TID: 2448
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FBD5D0 ] TID: 2452
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F418C8 ] TID: 2460
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8649B370 ] TID: 2464
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x86472BA8 ] TID: 2532
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x8645D338 ] TID: 2540
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x865CE020 ] TID: 2548
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x85FE1DA8 ] TID: 2628
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x85FE18B8 ] TID: 2636
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x8A26DBA0 ] TID: 2644
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x860648D0 ] TID: 2652
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85DC93C0 ] TID: 2664
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x86531DA8 ] TID: 2680
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x86470DA8 ] TID: 2692
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x864AFB30 ] TID: 2796
0x8055C700 Faked ServiceTable-->pg_ctl.exe [ ETHREAD 0x8A33D020 ] TID: 2836
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x8651D9E8 ] TID: 2840
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x864BEC28 ] TID: 2856
0x8055C700 Faked ServiceTable-->PnkBstrA.exe [ ETHREAD 0x85FFE020 ] TID: 2864
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x864AE5C0 ] TID: 2872
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x85DE8020 ] TID: 2876
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x85D5ADA8 ] TID: 2896
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x85D96B48 ] TID: 2916
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x85D98DA8 ] TID: 2932
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x85EA8020 ] TID: 2936
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A353DA8 ] TID: 2980
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86527898 ] TID: 2984
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86076020 ] TID: 2988
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x860763D0 ] TID: 2992
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FFCB10 ] TID: 3008
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x862B6DA8 ] TID: 3036
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F1E640 ] TID: 3116
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DE4400 ] TID: 3124
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D42B00 ] TID: 3140
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x865175B8 ] TID: 3148
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8640FDA8 ] TID: 3152
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x863185C8 ] TID: 3176
0x8055C700 Faked ServiceTable-->DTLite.exe [ ETHREAD 0x85E46020 ] TID: 3204
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8605BDA8 ] TID: 3224
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x85F055C0 ] TID: 3232
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x86303628 ] TID: 3248
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x86317DA8 ] TID: 3252
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x865235B8 ] TID: 3284
0x8055C700 Faked ServiceTable-->igfxsrvc.exe [ ETHREAD 0x8A337618 ] TID: 3300
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x8605F5B8 ] TID: 3304
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FA9DA8 ] TID: 3320
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A2B49A0 ] TID: 3332
0x8055C700 Faked ServiceTable-->uphclean.exe [ ETHREAD 0x89B4DC48 ] TID: 3348
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x862AF5D8 ] TID: 3364
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85D88DA8 ] TID: 3368
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F603B0 ] TID: 3376
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F04DA8 ] TID: 3384
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864EEB28 ] TID: 3404
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EFF020 ] TID: 3408
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x865395C0 ] TID: 3432
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89B4CB00 ] TID: 3440
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EFE3C0 ] TID: 3456
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x860105C0 ] TID: 3460, 4325888 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86003BA8 ] TID: 3464
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F38DA8 ] TID: 3472
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86044020 ] TID: 3532
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A354020 ] TID: 3536
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x85F3C020 ] TID: 3556
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x8651D020 ] TID: 3560
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x8604CBA0 ] TID: 3576
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x864A83B8 ] TID: 3632
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x85FB6998 ] TID: 3652
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x85F01DA8 ] TID: 3680
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x85F2FBA0 ] TID: 3684
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E70DA8 ] TID: 3704
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x86032DA8 ] TID: 3716
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A33BBC0 ] TID: 3744
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F9CCB8 ] TID: 3748
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x85F47DA8 ] TID: 3764
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F01B30 ] TID: 3768
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x85E67BA0 ] TID: 3792
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x85FA7DA8 ] TID: 3832
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x85ED0DA8 ] TID: 3836
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x85ED9BA0 ] TID: 3848
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x85ED89A0 ] TID: 3852
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x86305020 ] TID: 3856
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x85F43DA8 ] TID: 3864
0x8055C700 Faked ServiceTable-->btwdins.exe [ ETHREAD 0x85FA4BA0 ] TID: 3872
0x8055C700 Faked ServiceTable-->btwdins.exe [ ETHREAD 0x85F46020 ] TID: 3876
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F2F5B8 ] TID: 3888
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8603A5C8 ] TID: 3892
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FA5020 ] TID: 3932
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86521408 ] TID: 3992
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x864FF5C0 ] TID: 4000
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AD8F020 ] TID: 4028
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85D77020 ] TID: 4032
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x862CE3B8 ] TID: 4040
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F2F020 ] TID: 4044
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85E9DDA8 ] TID: 4048
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F9D9E0 ] TID: 4056
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85ED29F0 ] TID: 4060
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85ED3DA8 ] TID: 4064
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8635CDA8 ] TID: 4068
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8635CB30 ] TID: 4072
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86363428 ] TID: 4076
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E9D9B0 ] TID: 4084
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x85FBDBA0 ] TID: 4092
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B10340 ] TID: 4292
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x86050AF8 ] TID: 4364
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85C819C8 ] TID: 4368
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85D45308 ] TID: 4396
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85C82BE8 ] TID: 4400
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86492438 ] TID: 4420
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B7E020 ] TID: 4796
0x8055C700 Faked ServiceTable-->PdtWzd.exe [ ETHREAD 0x85F453B8 ] TID: 4952
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A1D4F8 ] TID: 5296
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x85BADAC8 ] TID: 5648
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x859FE3E8 ] TID: 5740
0x8055C700 Faked ServiceTable-->PwdBank.exe [ ETHREAD 0x85284020 ] TID: 5916
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85B106D8 ] TID: 6228
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x85FBEB38 ] TID: 6424
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85B89260 ] TID: 6428
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x859BA950 ] TID: 6452
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AFC020 ] TID: 6492
0x8055C700 Faked ServiceTable-->PdtWzd.exe [ ETHREAD 0x85B992A0 ] TID: 6496
0x8055C700 Faked ServiceTable-->AAWTray.exe [ ETHREAD 0x859BD020 ] TID: 6520
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85A72DA8 ] TID: 6600
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85A75020 ] TID: 6728
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B58A88 ] TID: 6732
0x8055C700 Faked ServiceTable-->AAWTray.exe [ ETHREAD 0x859E98B0 ] TID: 6780
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85A6F670 ] TID: 6808
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x86741BA8 ] TID: 6832
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85BA88D0 ] TID: 6924
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x855E8020 ] TID: 7036
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85A2FDA8 ] TID: 7080
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x859009A8 ] TID: 7176
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85D6F020 ] TID: 7196
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85D33020 ] TID: 7252
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x8592D3C0 ] TID: 7508
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85A36988 ] TID: 7516
0x8055C700 Faked ServiceTable-->mbbE0c6EIsEb2.exe [ ETHREAD 0x85631558 ] TID: 7692
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85A873B0 ] TID: 7736
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x85A41BB0 ] TID: 7752
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85AA6780 ] TID: 7780
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85A8F020 ] TID: 7784
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85B11020 ] TID: 8084
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85C2AAF8 ] TID: 8160
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85D8C5C0 ] TID: 8292
0x8055C700 Faked ServiceTable-->unsecapp.exe [ ETHREAD 0x85AEE020 ] TID: 8520
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x85AA5020 ] TID: 8564
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85AB62A8 ] TID: 8568
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8573F3D8 ] TID: 8652
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C645C8 ] TID: 8672
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x852565C8 ] TID: 8684
0x8055C700 Faked ServiceTable-->realsched.exe [ ETHREAD 0x85FEDBB8 ] TID: 8732
0x8055C700 Faked ServiceTable-->uTorrent.exe [ ETHREAD 0x85FBFB38 ] TID: 8928
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x852728D0 ] TID: 9028
0x8055C700 Faked ServiceTable-->TrueCrypt.exe [ ETHREAD 0x855A6020 ] TID: 9076
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x854D6020 ] TID: 9148
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8A36EDA8 ] TID: 9196
0x8055C700 Faked ServiceTable-->realsched.exe [ ETHREAD 0x85BB4AA8 ] TID: 9224
0x8055C700 Faked ServiceTable-->uTorrent.exe [ ETHREAD 0x86549BA8 ] TID: 9388
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85BA6DA8 ] TID: 9448
0x8055C700 Faked ServiceTable-->TrueCrypt.exe [ ETHREAD 0x85898DA8 ] TID: 9596
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85447998 ] TID: 9700
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85C40498 ] TID: 9896
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85A13020 ] TID: 9900
0x8055C700 Faked ServiceTable-->PdtWzd.exe [ ETHREAD 0x86480020 ] TID: 9912
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C3C328 ] TID: 10048
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B217A0 ] TID: 10060
0x8055C700 Faked ServiceTable-->mbbE0c6EIsEb2.exe [ ETHREAD 0x85A55020 ] TID: 10336
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8552D158 ] TID: 10368
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8556D640 ] TID: 10428
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C388B0 ] TID: 10432
0x8055C700 Faked ServiceTable-->mbbE0c6EIsEb2.exe [ ETHREAD 0x854EBAF8 ] TID: 10520
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85A5E2A8 ] TID: 10532
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85D95480 ] TID: 10548
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8578F480 ] TID: 10656
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86905020 ] TID: 10816
0x8055C700 Faked ServiceTable-->uTorrent.exe [ ETHREAD 0x855E2B60 ] TID: 10848
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x857FA858 ] TID: 10856
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x855198F0 ] TID: 10860
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85A4D020 ] TID: 11004
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x854E0248 ] TID: 11372
0x8055C700 Faked ServiceTable-->PwdBank.exe [ ETHREAD 0x85636218 ] TID: 11376
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x852A3D40 ] TID: 11444
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B36BA8 ] TID: 11488
0x8055C700 Faked ServiceTable-->uTorrent.exe [ ETHREAD 0x857D2710 ] TID: 11508
0x8055C700 Faked ServiceTable-->TrueCrypt.exe [ ETHREAD 0x85222B08 ] TID: 11604
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86546400 ] TID: 11620
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FC1020 ] TID: 11712
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85954BC8 ] TID: 11756
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85624020 ] TID: 11836
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85622938 ] TID: 11880
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85AE33D8 ] TID: 11972
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85800020 ] TID: 12084
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x857B0750 ] TID: 12100
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85CE4020 ] TID: 12224
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85241898 ] TID: 12444
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x864D2450 ] TID: 12472
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85583D68 ] TID: 12556
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8551E020 ] TID: 12608
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85684678 ] TID: 12684
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x856A8B38 ] TID: 12708
0x8055C700 Faked ServiceTable-->mbbE0c6EIsEb2.exe [ ETHREAD 0x85C1A328 ] TID: 12764
0x8055C700 Faked ServiceTable-->PwdBank.exe [ ETHREAD 0x85C79108 ] TID: 12788
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85208020 ] TID: 12844
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85903AF8 ] TID: 12848
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864A5020 ] TID: 12976
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85299A90 ] TID: 13124
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85590468 ] TID: 13228
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85D47020 ] TID: 13236
0x8055C700 Faked ServiceTable-->PwdBank.exe [ ETHREAD 0x85826848 ] TID: 13276
0x8055C700 Faked ServiceTable-->PwdBank.exe [ ETHREAD 0x85A358E8 ] TID: 13348
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x857F3020 ] TID: 13532
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85F72020 ] TID: 13544
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85A1ADA8 ] TID: 13572
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85789B48 ] TID: 13684
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x859EE970 ] TID: 13712
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85E90020 ] TID: 13728
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x864C0930 ] TID: 13732
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x852ACDA8 ] TID: 13736
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85988020 ] TID: 13804
0x8055C700 Faked ServiceTable-->mbbE0c6EIsEb2.exe [ ETHREAD 0x85AA4460 ] TID: 14040
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85A74DA8 ] TID: 14160
WARNING: Virus alike driver modification [compbatt.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [fltMgr.sys]
WARNING: Virus alike driver modification [exfat.sys]
WARNING: Virus alike driver modification [Monfilt.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [battc.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [int15_64.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [Ambfilt.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [RMCast.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [mbam.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
0x05010000 Hidden Image-->msvcm90.dll [ EPROCESS 0x86063B98 ] PID: 2780, 270336 bytes
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
0x047D0000 Hidden Image-->System.dll [ EPROCESS 0x86063B98 ] PID: 2780, 3190784 bytes
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [iastor86.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [mbamswissarmy.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [PxHelp20.sys]
0x04300000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x86063B98 ] PID: 2780, 5033984 bytes
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [btaudio.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [btwhid.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [igxpmp32.sys]
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
0x03C70000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x86063B98 ] PID: 2780, 634880 bytes
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [wudfpf.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [wudfrd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [cdr4_xp.sys]
WARNING: Virus alike driver modification [cdralw2k.sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [atapi.sys]

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:41 PM

Posted 08 January 2011 - 03:13 PM

Hi,

please run a scan with defogger:
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Then repeat the scan with rootkit unhooker.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 surgeonffs

surgeonffs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 08 January 2011 - 04:59 PM

Ran defogger. No error message.

New RkU report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xAD91F000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9625600 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 260.99 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6361088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 260.99 )
0xABC76000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6103040 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xAD549000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 3629056 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAD339000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xAB93A000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 892928 bytes
0xB7E49000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB7D6F000 iastor86.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB7C99000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAD42A000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xABA59000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAD283000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xABBB1000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9811000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA9320000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xABC3D000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 233472 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xABAF4000 C:\WINDOWS\System32\drivers\truecrypt.sys 225280 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0xAD517000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 204800 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xAD2E1000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7C57000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA98CA000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xA912D000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xABAC9000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAD8E3000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xABB63000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xABA32000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xABB8B000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAC248000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xAD8BF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA9158000 C:\WINDOWS\system32\drivers\aec.sys 143360 bytes (Microsoft Corporation, Microsoft Acoustic Echo Canceller)
0xAD4BE000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xABB41000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134528 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7D4F000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xAD4F9000 C:\WINDOWS\system32\DRIVERS\jmcr.sys 122880 bytes (JMicron Technology Corporation, JMicron JMB38X Flash Media Controller Driver)
0xABA14000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xB7C3D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xAD4A5000 C:\WINDOWS\system32\DRIVERS\enecir.sys 102400 bytes (ENE TECHNOLOGY INC., ENE CIR Driver for eHome)
0xAD4E1000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xA9B26000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xB7D26000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAD322000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAC26C000 C:\WINDOWS\system32\drivers\nvhda32.sys 94208 bytes (NVIDIA Corporation, NVIDIA HDMI Audio Driver)
0xABB2B000 C:\WINDOWS\System32\Drivers\US30XP.sys 90112 bytes (© Everstrike Software, Universal Shield Filter Driver)
0xB7C84000 inspect.sys 86016 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xA917B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xAD90B000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xABC0A000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7D3D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xA9869000 C:\WINDOWS\system32\drivers\int15.sys 69632 bytes
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAD311000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB54D8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xAE90E000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB3CB4000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB80A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB4DD4000 C:\WINDOWS\system32\DRIVERS\rspndr.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0xAE89E000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB56D2000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xAE31F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8118000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xAE8FE000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9579000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xAE30F000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xA96A9000 C:\WINDOWS\system32\drivers\swmidi.sys 57344 bytes (Microsoft Corporation, Microsoft GS Wavetable Synthesizer)
0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA9659000 C:\WINDOWS\system32\drivers\DMusic.sys 53248 bytes (Microsoft Corporation, Microsoft Kernel DLS Synthesizer)
0xB54F8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xAE8DE000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xAE8EE000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAE8BE000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB5528000 C:\WINDOWS\system32\drivers\FDCENT.SYS 45056 bytes (Silence of Troubles United Company Ltd., Filter Device)
0xB54C8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xAE91E000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xAE8CE000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB3C54000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xB80C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xAE32F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8128000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xAE88E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAE33F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB3CC4000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xAE8AE000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB5508000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA8CAD000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB54B8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xAEC18000 C:\WINDOWS\system32\DRIVERS\enecirhid.sys 32768 bytes (ENE TECHNOLOGY INC., ENE CIR HID Driver)
0xAEC10000 C:\WINDOWS\system32\DRIVERS\enecirhidma.sys 32768 bytes (ENE TECHNOLOGY INC., ENE CIR HID Mapper Driver)
0xB3D55000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB3D3D000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xAEED5000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xAEC08000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8478000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xAEC30000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xAEC40000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xAEC38000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xAEEDD000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB3D65000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8460000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xB3D4D000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 20480 bytes (COMODO, COMODO Internet Security Helper Driver)
0xB3D45000 C:\WINDOWS\System32\Drivers\FPSensor.sys 20480 bytes (Egistec, Fingerprint Sensor Driver)
0xB3D5D000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xAEC28000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xAEC20000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB8330000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8480000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB84C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xAF146000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAEDC2000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xAEDDE000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9C01000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xAF12E000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xA9C7D000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB84BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB6DEC000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB29FF000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 12288 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB7B48000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA91D4000 C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 12288 bytes
0xB7B40000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xAF136000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB29FB000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA9A1E000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 12288 bytes
0xAF13E000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB863E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8640000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB865C000 C:\WINDOWS\system32\drivers\splitter.sys 8192 bytes (Microsoft Corporation, Microsoft Kernel Audio Splitter)
0xB85FC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8604000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xAE94D000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB86C1000 C:\WINDOWS\system32\drivers\drmkaud.sys 4096 bytes (Microsoft Corporation, Microsoft Kernel DRM Audio Descrambler Filter)
0xB87C7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB8785000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xB8793000 C:\WINDOWS\System32\Drivers\PQNTDrv.SYS 4096 bytes (PowerQuest Corporation, PowerQuest Boot Mode Driver.)
==============================================
>Stealth
==============================================
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F1DDA8 ] TID: 172, 2696463064 bytes
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8625ADA8 ] TID: 184, 2965964973 bytes
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x85F199C0 ] TID: 196, 11 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86594DA8 ] TID: 220, 6881396 bytes
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x86558BA8 ] TID: 224, 908070148 bytes
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x86582DA8 ] TID: 240, 3502532340 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x865825D8 ] TID: 248, 851972 bytes
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x86577998 ] TID: 308, 682560 bytes
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x86581C10 ] TID: 312
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86579BA0 ] TID: 320, 262148 bytes
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86577DA8 ] TID: 328, 4325380 bytes
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8637BDA8 ] TID: 332
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86374DA8 ] TID: 340
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8637BB30 ] TID: 344
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86374B30 ] TID: 440
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86379DA8 ] TID: 444
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86379B30 ] TID: 448
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86371DA8 ] TID: 452
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86371B30 ] TID: 456
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8616EDA8 ] TID: 460
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8616EB30 ] TID: 464
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86375DA8 ] TID: 468
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86375B30 ] TID: 472
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86378DA8 ] TID: 476
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86378B30 ] TID: 480
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86583DA8 ] TID: 484
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86583B30 ] TID: 488
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x86369B78 ] TID: 492
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x8636ADA8 ] TID: 496
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8636BDA8 ] TID: 504
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A1BFA58 ] TID: 512, 7471204 bytes
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86372DA8 ] TID: 524
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8616F630 ] TID: 528
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8621A5C8 ] TID: 532
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A25D1D8 ] TID: 540
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x85D82020 ] TID: 636
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8636BB30 ] TID: 660
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F0FDA8 ] TID: 664
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x85F3F420 ] TID: 692
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85CFA670 ] TID: 696
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x864F45C8 ] TID: 704
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8623BDA8 ] TID: 736
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x863F15D8 ] TID: 740
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8650ABA0 ] TID: 760
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8636FB30 ] TID: 784
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8657BB30 ] TID: 788
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86373640 ] TID: 792
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8636B628 ] TID: 796
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86573DA8 ] TID: 800
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8657AB30 ] TID: 804
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86369630 ] TID: 808
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86170620 ] TID: 812
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86579420 ] TID: 816
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86595DA8 ] TID: 820
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86595B30 ] TID: 824
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86166020 ] TID: 828
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x863693B8 ] TID: 832, 3014753 bytes
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86360DA8 ] TID: 836
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x867B1020 ] TID: 840
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86373DA8 ] TID: 844
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86378020 ] TID: 848
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86156DA8 ] TID: 852
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x861568B8 ] TID: 860
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86360B30 ] TID: 864
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86570998 ] TID: 872
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x861ADBA0 ] TID: 884
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x864FA020 ] TID: 900
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8657B020 ] TID: 920
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86345DA8 ] TID: 928
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86352DA8 ] TID: 936
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86586540 ] TID: 940
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x85E8FDA8 ] TID: 956
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86302BA0 ] TID: 960, 3 bytes
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x85D5DB30 ] TID: 968, 1 bytes
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85E4EDA8 ] TID: 980
0x8055C700 Faked ServiceTable-->pg_ctl.exe [ ETHREAD 0x8633A5C0 ] TID: 984, 7143525 bytes
0x8055C700 Faked ServiceTable-->PnkBstrA.exe [ ETHREAD 0x864DF5B8 ] TID: 1000
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A2FCDA8 ] TID: 1008
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A265DA8 ] TID: 1012
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A24EA00 ] TID: 1016, 7929971 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85F265B8 ] TID: 1024
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x864B9BB0 ] TID: 1040
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8A21A5E0 ] TID: 1084
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8A1BC938 ] TID: 1092
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86357DA8 ] TID: 1116, 6357072 bytes
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x863CF020 ] TID: 1124
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x866D9DA8 ] TID: 1128
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x862218E8 ] TID: 1132
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8684FDA8 ] TID: 1136, 492960 bytes
0x8055C700 Faked ServiceTable-->hffsrv.exe [ ETHREAD 0x89CA1020 ] TID: 1144, 6619256 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8669BBC8 ] TID: 1164
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x867C3DA8 ] TID: 1168, 1513435958 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x867C3B30 ] TID: 1172, 842608692 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A1DB940 ] TID: 1176, 842281008 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86726DA8 ] TID: 1180, 908070148 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86726B30 ] TID: 1184
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x866BADA8 ] TID: 1188, 1 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x866BAB30 ] TID: 1192
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x861EFDA8 ] TID: 1196, 19042544 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x863CA9A0 ] TID: 1200, 1 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x867C1BC8 ] TID: 1204
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x863D9AF0 ] TID: 1212
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85D31020 ] TID: 1220
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86695BC8 ] TID: 1228
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86637BC8 ] TID: 1232, 19114304 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x866B9DA8 ] TID: 1236, 1 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x867C4DA8 ] TID: 1240
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86724DA8 ] TID: 1244, 1175352 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86839DA8 ] TID: 1252, 1 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8683BDA8 ] TID: 1256
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x866DA648 ] TID: 1260
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8683CDA8 ] TID: 1264
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x864B0BA8 ] TID: 1268
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86722DA8 ] TID: 1272
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86646468 ] TID: 1276
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86723BC8 ] TID: 1280
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x866B7DA8 ] TID: 1284
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86352B00 ] TID: 1292
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86835DA8 ] TID: 1296
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x85DD6DA8 ] TID: 1300
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D095B8 ] TID: 1344
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x861CFB30 ] TID: 1360
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x86175620 ] TID: 1364
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86632DA8 ] TID: 1384
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x867B0CF0 ] TID: 1388
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x85E8F3D8 ] TID: 1400
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8624E360 ] TID: 1404
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x867B2440 ] TID: 1408
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8682D020 ] TID: 1412
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8682DDA8 ] TID: 1416
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x862BCB00 ] TID: 1420
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8671ABC8 ] TID: 1428
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x867B2BC8 ] TID: 1432
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86317BA0 ] TID: 1436
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8682C9E8 ] TID: 1452
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x866293B0 ] TID: 1456
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x867B3690 ] TID: 1460
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8682CDA8 ] TID: 1464
0x8055C700 Faked ServiceTable-->PdtWzd.exe [ ETHREAD 0x864F8020 ] TID: 1480
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86829AF8 ] TID: 1496
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86829880 ] TID: 1500
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86621628 ] TID: 1504
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85D3F3E0 ] TID: 1524
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x867ACAF0 ] TID: 1528
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x867AD4E8 ] TID: 1532
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x867AE970 ] TID: 1540
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x86829608 ] TID: 1544
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x866A6930 ] TID: 1548
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x85D1C5B8 ] TID: 1552
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x866A6440 ] TID: 1556
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x866A7938 ] TID: 1560
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x866A6020 ] TID: 1568
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8647C908 ] TID: 1584
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8635A5B8 ] TID: 1588
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8647B3B0 ] TID: 1604
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x867AA020 ] TID: 1612
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85E50DA8 ] TID: 1616
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x865B67B0 ] TID: 1628
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x865B57B0 ] TID: 1632
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x865B37B0 ] TID: 1636
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8646EBA8 ] TID: 1640
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CFA3F8 ] TID: 1644
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8624E020 ] TID: 1648
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8635B020 ] TID: 1652
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x863525C0 ] TID: 1664
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x86345020 ] TID: 1668
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x862665D8 ] TID: 1680
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8617ADA8 ] TID: 1692
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x85DAE3B0 ] TID: 1704
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8654D940 ] TID: 1728
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85F415C0 ] TID: 1736
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x865BD7B0 ] TID: 1740
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86469DA8 ] TID: 1764
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8625CDA8 ] TID: 1768
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F00BA0 ] TID: 1784
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86338A18 ] TID: 1788
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x86464998 ] TID: 1792
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8654B940 ] TID: 1800
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8646ADA8 ] TID: 1804
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x85EAAAF0 ] TID: 1812
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864EEDA8 ] TID: 1816
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86622788 ] TID: 1820
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x865B87B0 ] TID: 1824
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8662ACC8 ] TID: 1832
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864EEB30 ] TID: 1836
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x865A1808 ] TID: 1844
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86732020 ] TID: 1852
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x85D49DA8 ] TID: 1856
0x8055C700 Faked ServiceTable-->mbbE0c6EIsEb2.exe [ ETHREAD 0x861A1BA0 ] TID: 1868
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86599020 ] TID: 1888
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F3D428 ] TID: 1892
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86828928 ] TID: 1896
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x85E035B8 ] TID: 1920
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x865A68B8 ] TID: 1928
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x865A6640 ] TID: 1932
0x8055C700 Faked ServiceTable-->uphclean.exe [ ETHREAD 0x864D58D0 ] TID: 1956
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F1FDA8 ] TID: 1968
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x85DD6B30 ] TID: 1972
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x865A4770 ] TID: 2000
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F1C638 ] TID: 2016
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F1C3C0 ] TID: 2020
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F269B0 ] TID: 2024
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E86B00 ] TID: 2052
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E8ABA8 ] TID: 2064
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F17628 ] TID: 2068
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x85E43428 ] TID: 2076
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x862FE5C0 ] TID: 2080
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864673B8 ] TID: 2084
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F285C0 ] TID: 2100
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86549DA8 ] TID: 2104
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864ECBA8 ] TID: 2108
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86546B38 ] TID: 2124
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8630F020 ] TID: 2128
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x864D2920 ] TID: 2140
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E7F998 ] TID: 2144
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A31CDA8 ] TID: 2152
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x8626D020 ] TID: 2156
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x85D213B0 ] TID: 2160
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x862F5DA8 ] TID: 2172
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A31CB30 ] TID: 2176
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x861E9628 ] TID: 2192
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x863F25D8 ] TID: 2196
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CF7B08 ] TID: 2228
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8645C3B0 ] TID: 2232
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86310BC0 ] TID: 2236
0x8055C700 Faked ServiceTable-->btwdins.exe [ ETHREAD 0x8A2E0BA0 ] TID: 2256
0x8055C700 Faked ServiceTable-->btwdins.exe [ ETHREAD 0x8A2E5DA8 ] TID: 2260
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x85DB2020 ] TID: 2268
0x8055C700 Faked ServiceTable-->US4Service.exe [ ETHREAD 0x862B2020 ] TID: 2280
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x85DB15B8 ] TID: 2304
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x861F2BA8 ] TID: 2308
0x8055C700 Faked ServiceTable-->realsched.exe [ ETHREAD 0x8A230538 ] TID: 2312
0x8055C700 Faked ServiceTable-->realsched.exe [ ETHREAD 0x85E499A8 ] TID: 2316
0x8055C700 Faked ServiceTable-->mbbE0c6EIsEb2.exe [ ETHREAD 0x863DE3C8 ] TID: 2320
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x86565628 ] TID: 2360
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x85F03550 ] TID: 2364
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8677ADA8 ] TID: 2368
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8AE92020 ] TID: 2372
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x85DB25B8 ] TID: 2376
0x8055C700 Faked ServiceTable-->postgres.exe [ ETHREAD 0x866AB5C0 ] TID: 2380
0x8055C700 Faked ServiceTable-->mbbE0c6EIsEb2.exe [ ETHREAD 0x85CFC9A0 ] TID: 2384
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x86422DA8 ] TID: 2396
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8655B5C0 ] TID: 2408
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AE05020 ] TID: 2416
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x865AADA8 ] TID: 2424
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86465998 ] TID: 2428
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x861559B0 ] TID: 2432
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x862F5458 ] TID: 2436
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8631D418 ] TID: 2440
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x862C1AF0 ] TID: 2444
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x863FADA8 ] TID: 2452
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8650D5B8 ] TID: 2456
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x85E0F020 ] TID: 2460
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85DFDC98 ] TID: 2476
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x85E215C0 ] TID: 2480, 977912 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EC6020 ] TID: 2484
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x863FA630 ] TID: 2488
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86344020 ] TID: 2544
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89847020 ] TID: 2548
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x863512A8 ] TID: 2552
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x864F35B8 ] TID: 2556
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x862BECA0 ] TID: 2560
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85EF83B8 ] TID: 2568
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85E94630 ] TID: 2572
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85E943B8 ] TID: 2576
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86572638 ] TID: 2580
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x865723C0 ] TID: 2584
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86367DA8 ] TID: 2588
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86367B30 ] TID: 2592
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x863678B8 ] TID: 2596
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8645B020 ] TID: 2600
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8645B5C0 ] TID: 2604
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8645B348 ] TID: 2608
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x863095B8 ] TID: 2612
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86329DA8 ] TID: 2620
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3D7DA8 ] TID: 2624
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x85E1A8B8 ] TID: 2632
0x8055C700 Faked ServiceTable-->TeaTimer.exe [ ETHREAD 0x86175BA8 ] TID: 2648
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x863A7020 ] TID: 2652
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x85E1ADA8 ] TID: 2660
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86535B18 ] TID: 2664
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x85E1AB30 ] TID: 2668
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x8A3D1940 ] TID: 2684
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A22E6D0 ] TID: 2688
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x85DE58B8 ] TID: 2692
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x862255B8 ] TID: 2696
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x862F4BA0 ] TID: 2700
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x862F1998 ] TID: 2704
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x864B7BC8 ] TID: 2708
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x863E53C8 ] TID: 2712
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x85D71960 ] TID: 2716
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x85E465C8 ] TID: 2720
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864855D8 ] TID: 2724
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x85DE5B30 ] TID: 2732
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x864EF020 ] TID: 2744
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EBE020 ] TID: 2752
0x8055C700 Faked ServiceTable-->mbbE0c6EIsEb2.exe [ ETHREAD 0x861CA5B8 ] TID: 2756
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x867A9DA8 ] TID: 2760
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x863EE568 ] TID: 2772
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x85D313B0 ] TID: 2804
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x86409BA0 ] TID: 2808
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864FADA8 ] TID: 2828
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x864325C0 ] TID: 2836
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3D6020 ] TID: 2864
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x863283B0 ] TID: 2872
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864B5B00 ] TID: 2876
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E6F020 ] TID: 2880
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x86253DA8 ] TID: 2884
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E8E020 ] TID: 2888
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x85D675C8 ] TID: 2892
0x8055C700 Faked ServiceTable-->AAWTray.exe [ ETHREAD 0x86250020 ] TID: 2896
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F33020 ] TID: 2904
0x8055C700 Faked ServiceTable-->AAWTray.exe [ ETHREAD 0x862505C0 ] TID: 2908
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x86250348 ] TID: 2912
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864B4AF0 ] TID: 2924
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x86409020 ] TID: 2928
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x85E2ABA0 ] TID: 2932
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86529898 ] TID: 2936
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x862DC998 ] TID: 2940
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86401DA8 ] TID: 2944
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x86401B30 ] TID: 2948
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864018B8 ] TID: 2952
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E68BC0 ] TID: 2956
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8652D5B8 ] TID: 2968
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x862F0AF0 ] TID: 2972
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x85D1E5C0 ] TID: 2988
0x8055C700 Faked ServiceTable-->jusched.exe [ ETHREAD 0x85DEDDA8 ] TID: 3000
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x861B9B08 ] TID: 3016
0x8055C700 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x85DECBA0 ] TID: 3044
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x8A3D65B8 ] TID: 3048
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x864B1DA8 ] TID: 3060
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D91DA8 ] TID: 3068
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x86229AF0 ] TID: 3084
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x86397BA0 ] TID: 3092
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EB2338 ] TID: 3100
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3D8020 ] TID: 3120
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3CADA8 ] TID: 3124
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864B0928 ] TID: 3132
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3D85B8 ] TID: 3136
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F18DA8 ] TID: 3140
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F18B30 ] TID: 3144
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864AFDA8 ] TID: 3148
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x862D96A8 ] TID: 3152
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E63A08 ] TID: 3164
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x865225B8 ] TID: 3168
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x862F45C0 ] TID: 3172
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x866A35C8 ] TID: 3176
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x85DB45C0 ] TID: 3184
0x8055C700 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x864395B8 ] TID: 3216
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x863EB020 ] TID: 3220
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x8616D650 ] TID: 3232
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x85E43020 ] TID: 3240
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x85D225B8 ] TID: 3252
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x8625E5B8 ] TID: 3256
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x85D73AF0 ] TID: 3260
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86470DA8 ] TID: 3276
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85ED8DA8 ] TID: 3304
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85F11BA0 ] TID: 3308
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3C3868 ] TID: 3312
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x863B8020 ] TID: 3340
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x85E08AF0 ] TID: 3344
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x85E2CDA8 ] TID: 3364
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x863FC5E0 ] TID: 3392
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EDF638 ] TID: 3408
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A2A3630 ] TID: 3412
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EDF3C0 ] TID: 3416
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3B4BA0 ] TID: 3420
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3B4928 ] TID: 3424
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3B3DA8 ] TID: 3428
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3B3B30 ] TID: 3432
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3B38B8 ] TID: 3436
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x863F4DA8 ] TID: 3440
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85D0C020 ] TID: 3444
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x863F48B8 ] TID: 3448
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86433DA8 ] TID: 3452
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x864A4DA8 ] TID: 3488
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x8A3B6448 ] TID: 3500
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x862CD5B8 ] TID: 3504
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85F10020 ] TID: 3508
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85E56BB0 ] TID: 3512
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x86431C10 ] TID: 3516
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85ECBDA8 ] TID: 3520
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x86430C10 ] TID: 3524
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x865125C0 ] TID: 3528
0x8055C700 Faked ServiceTable-->PwdBank.exe [ ETHREAD 0x85E30DA8 ] TID: 3536
0x8055C700 Faked ServiceTable-->realsched.exe [ ETHREAD 0x8638D5C8 ] TID: 3544
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x862B15D8 ] TID: 3548
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x85DBE998 ] TID: 3576
0x8055C700 Faked ServiceTable-->realsched.exe [ ETHREAD 0x8643F020 ] TID: 3580
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x85DC2DA8 ] TID: 3596
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x85D46B20 ] TID: 3604
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85E5D488 ] TID: 3620
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x862CCAF8 ] TID: 3624
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x8650E750 ] TID: 3628
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85ECE5C0 ] TID: 3632
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8650DC10 ] TID: 3636
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85EC8938 ] TID: 3640
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x864A7570 ] TID: 3644
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8650E020 ] TID: 3648
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x862903D0 ] TID: 3652
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x85DB8DA8 ] TID: 3660
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86433020 ] TID: 3672
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x861B7B38 ] TID: 3684
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x861C65C0 ] TID: 3692
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3C2448 ] TID: 3704
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x863CF638 ] TID: 3708
0x8055C700 Faked ServiceTable-->PwdBank.exe [ ETHREAD 0x85DBCDA8 ] TID: 3740
0x8055C700 Faked ServiceTable-->PwdBank.exe [ ETHREAD 0x85DC0DA8 ] TID: 3744
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8682D730 ] TID: 3752
0x8055C700 Faked ServiceTable-->PwdBank.exe [ ETHREAD 0x85D47928 ] TID: 3784
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x85DF6208 ] TID: 3804
0x8055C700 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x863A73B0 ] TID: 3816
0x8055C700 Faked ServiceTable-->PwdBank.exe [ ETHREAD 0x8628E020 ] TID: 3844
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8642CDA8 ] TID: 3852
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x86433938 ] TID: 3856
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8642CB30 ] TID: 3860
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x86279DA8 ] TID: 3868
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x86406DA8 ] TID: 3876
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x86394AF0 ] TID: 3880
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x861C28E8 ] TID: 3896
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x8620A3B0 ] TID: 3904
0x8055C700 Faked ServiceTable-->Eraser.exe [ ETHREAD 0x862A75D0 ] TID: 3916
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A1FD770 ] TID: 3924
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85CD6DA8 ] TID: 3928
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8A214960 ] TID: 3932
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x862735B8 ] TID: 3948
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A1B1218 ] TID: 3960
0x8055C700 Faked ServiceTable-->msnmsgr.exe [ ETHREAD 0x85DE8020 ] TID: 3980
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A1DF608 ] TID: 3984
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x8626ADA8 ] TID: 3992
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x862C6BA8 ] TID: 3996
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A1FDBF0 ] TID: 4000
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x8A212A58 ] TID: 4004
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8634A480 ] TID: 4012
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8650FD28 ] TID: 4016
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x861CFDA8 ] TID: 4020
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x864BD020 ] TID: 4048
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x861B6AF0 ] TID: 4052
0x8055C700 Faked ServiceTable-->mbbE0c6EIsEb2.exe [ ETHREAD 0x863DE020 ] TID: 4056
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x862DA3B8 ] TID: 4060
0x8055C700 Faked ServiceTable-->AAWService.exe [ ETHREAD 0x85EC8C90 ] TID: 4064
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x85D77DA8 ] TID: 4068
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x862305C8 ] TID: 4076
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8636F420 ] TID: 4084
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x862B1CF0 ] TID: 4092
WARNING: Virus alike driver modification [compbatt.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [fltMgr.sys]
WARNING: Virus alike driver modification [exfat.sys]
WARNING: Virus alike driver modification [Monfilt.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [battc.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [int15_64.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [Ambfilt.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [RMCast.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [mbam.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
0x04830000 Hidden Image-->System.dll [ EPROCESS 0x8640B990 ] PID: 3196, 3190784 bytes
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [iastor86.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [mbamswissarmy.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [PxHelp20.sys]
0x04360000 Hidden Image-->System.Windows.Forms.dll [ EPROCESS 0x8640B990 ] PID: 3196, 5033984 bytes
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [btaudio.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [btwhid.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [igxpmp32.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
0x03CD0000 Hidden Image-->System.Drawing.dll [ EPROCESS 0x8640B990 ] PID: 3196, 634880 bytes
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [wudfpf.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [wudfrd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [cdr4_xp.sys]
WARNING: Virus alike driver modification [cdralw2k.sys]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [atapi.sys]

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:41 PM

Posted 08 January 2011 - 05:55 PM

Hi,

I would suggest that you try uninstalling Comodo and see if this helps. Comodo Internet Security has a anti virus component.

Could you let me know if that helps with your slowness issue.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 surgeonffs

surgeonffs
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 08 January 2011 - 06:50 PM

Seems like that did the trick. It's strange though. I've used Comodo firewall a long time from before this problem started. Do you have any clue as to what may have caused it?

Anyway, You are a lady and a scholar. I appreciate the help.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:41 PM

Posted 08 January 2011 - 07:42 PM

Hi,

comodo is known for these kind of issues, especially hangs on boot. The added problem is the anti virus program. By itself Comodo will run more or less fine, however when you add an anti virus program conflicst of interest will arrize (eg who gets to control of the hard drive first in your case) and none of the two will step down.
These things come and go, there must have been an update for either Avast or Comodo that didn't sit too well with the respective other program.
It is of course also possible that some setting got corrupted and was causing the issue.

If you want to switch to another free firewall, check the list at th bottom of this tutorial: http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/

Let me know if and when you have successfully have reinstalled a firewall.
regards myrti

Edited by myrti, 08 January 2011 - 07:43 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:41 PM

Posted 16 January 2011 - 09:28 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users