Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Redirection Infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 SpeckSlayer

SpeckSlayer

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 07 January 2011 - 11:10 PM

Hello,

I have battled this bug for the better part of the last week. Time to ask for some help from the real PROS.


Original Symptoms:
1) "Antivirus Software Alert" Rogue (Pop-ups, fake scans and process blocking)
2) Search engine results redirecting in all installed browsers (FF,Chrome,IE)

Actions so far:
1) Spybot - found multiple infections all removed - Above issues still exist
2) Malwarebytes - same as above
3) MS Security Ess. - No Infections
4) ESET - No Infections

4) Using AnVir Task Manager and have blocked "iexplore.exe" process. This prevents the above issues from happening, but still infected. Every 30 seconds or so the following attempts to load in the background F:\Program Files\Internet Explorer\iexplore.exe hxxp://www.clickleg.org/ac.php?aid=427&sid=direct2

5) TDSSKiller - Will Not run at all! (tried to run with a different file name, tried in SM and with within a batch file following rkill, no joy)
6) Combofix - (I know now that I should not have tried this, but I did :)) No mater, it would either lock-up or go BSoD before the first dialog would load. Regular Mode and SM

7) Hijackthis - It worked see below....

Please help,

BS

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:31:29 PM, on 1/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Safe mode with network support

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\AnVir Task Manager\AnVir.exe
F:\WINDOWS\system32\cmd.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://remote.cintas.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8074
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - F:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [PicasaNet] "F:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\SetIcon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "F:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Monitor] "F:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSC] "F:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnVir Task Manager] "F:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKCU\..\Run: [updateMgr] "F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BitTorrent DNA] "F:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MP4 Player] "F:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [Xmigoqafar] rundll32.exe "F:\WINDOWS\MPoncw.dll",Startup
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - https://remote.cintas.com/Cintas_IAVPortal/messages_lectora/tods/T_Diversity/html/,DanaInfo=elearning.cintas.com,CT=java+
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145048870359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145048948328
O16 - DPF: {A60CCC4B-A858-11D1-91CB-00805F3E69CD} (LaunchFilenet.LaunchFilenet_Control) - https://remote.cintas.com/launch/LaunchFilenet.CAB,DanaInfo=home5.cintas.com+
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://diy.view22.com/view22/diyapp/View22RTE.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remote.cintas.com/dana-cached/setup/JuniperSetupSP1.cab
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: ljjhiih - ljjhiih.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9fd1cac020f1c) (gupdate1c9fd1cac020f1c) - Google Inc. - F:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - F:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LVCOMSer - Logitech Inc. - F:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: BlackBerry MDS Services - Apache Tomcat Service (MdsTomcat) - Apache Software Foundation - F:\Program Files\Research In Motion\BlackBerry VS8 Plugin\MDS Services\bin\javaservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - F:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - F:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - F:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - F:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - F:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SMART Board Service - SMART Technologies - F:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
O23 - Service: SMART Display Controller - SMART Technologies ULC - F:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
O23 - Service: SMART SNMP Agent Service - SMART Technologies ULC - F:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
O23 - Service: SMART Web Server - Unknown owner - F:\Program Files\SMART Technologies\SMART Product Drivers\WebServer.exe
O23 - Service: TomTomHOMEService - TomTom - F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O24 - Desktop Component 0: (no name) - http://www.aquaether.com/

--
End of file - 11258 bytes

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum. ~ Animal

Edited by Orange Blossom, 08 January 2011 - 10:01 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 PM

Posted 12 January 2011 - 09:42 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 SpeckSlayer

SpeckSlayer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 12 January 2011 - 06:00 PM

Thank You very much for your help. Here are the Logs you requested.



DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/12/2006 5:59:59 AM
System Uptime: 1/9/2011 10:38:52 PM (67 hours ago)

Motherboard: BIOSTAR Group | | MCP6P3
Processor: AMD Athlon™ II X3 440 Processor | CPU 1 | 3013/200mhz

==== Disk Partitions =========================

A: is Removable
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 112 GiB total, 12.36 GiB free.
G: is CDROM ()
H: is CDROM ()
K: is CDROM ()
S: is FIXED (NTFS) - 466 GiB total, 462.939 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP2162: 12/11/2010 9:06:21 AM - Software Distribution Service 3.0
RP2163: 12/12/2010 2:17:28 AM - Software Distribution Service 3.0
RP2164: 12/12/2010 2:58:15 AM - Software Distribution Service 3.0
RP2165: 12/13/2010 8:10:05 AM - Software Distribution Service 3.0
RP2166: 12/14/2010 2:18:20 AM - Software Distribution Service 3.0
RP2167: 12/14/2010 2:41:53 AM - Software Distribution Service 3.0
RP2168: 12/15/2010 2:17:27 AM - Software Distribution Service 3.0
RP2169: 12/15/2010 5:05:36 PM - Software Distribution Service 3.0
RP2170: 12/16/2010 2:17:26 AM - Software Distribution Service 3.0
RP2171: 12/16/2010 3:00:26 AM - Software Distribution Service 3.0
RP2172: 12/16/2010 12:02:17 PM - Software Distribution Service 3.0
RP2173: 12/17/2010 2:05:12 AM - Software Distribution Service 3.0
RP2174: 12/18/2010 11:24:39 AM - Software Distribution Service 3.0
RP2175: 12/19/2010 11:26:25 AM - System Checkpoint
RP2176: 12/20/2010 8:01:42 PM - System Checkpoint
RP2177: 12/21/2010 12:55:50 AM - Software Distribution Service 3.0
RP2178: 12/21/2010 2:04:29 AM - Software Distribution Service 3.0
RP2179: 12/21/2010 6:49:46 PM - Software Distribution Service 3.0
RP2180: 12/22/2010 2:04:30 AM - Software Distribution Service 3.0
RP2181: 12/22/2010 12:43:36 PM - Software Distribution Service 3.0
RP2182: 12/23/2010 1:42:57 PM - Software Distribution Service 3.0
RP2183: 12/24/2010 2:05:23 AM - Software Distribution Service 3.0
RP2184: 12/24/2010 10:47:14 AM - Software Distribution Service 3.0
RP2185: 12/25/2010 2:04:41 AM - Software Distribution Service 3.0
RP2186: 12/25/2010 6:26:43 AM - Software Distribution Service 3.0
RP2187: 12/26/2010 2:04:30 AM - Software Distribution Service 3.0
RP2188: 12/26/2010 2:35:25 AM - Software Distribution Service 3.0
RP2189: 12/26/2010 10:16:13 PM - Software Distribution Service 3.0
RP2190: 12/27/2010 2:04:33 AM - Software Distribution Service 3.0
RP2191: 12/27/2010 4:16:40 PM - Software Distribution Service 3.0
RP2192: 12/28/2010 2:05:17 AM - Software Distribution Service 3.0
RP2193: 12/28/2010 2:14:25 PM - Software Distribution Service 3.0
RP2194: 12/29/2010 2:04:32 AM - Software Distribution Service 3.0
RP2195: 12/29/2010 9:55:03 AM - Software Distribution Service 3.0
RP2196: 12/30/2010 8:15:25 AM - Software Distribution Service 3.0
RP2197: 12/31/2010 2:05:31 AM - Software Distribution Service 3.0
RP2198: 12/31/2010 3:35:25 AM - Software Distribution Service 3.0
RP2199: 12/31/2010 6:56:03 PM - Software Distribution Service 3.0
RP2200: 1/1/2011 4:15:15 PM - Software Distribution Service 3.0
RP2201: 1/3/2011 8:24:22 AM - System Checkpoint
RP2202: 1/4/2011 1:47:06 AM - Software Distribution Service 3.0
RP2203: 1/5/2011 3:00:19 AM - Software Distribution Service 3.0
RP2204: 1/5/2011 10:16:04 AM - Software Distribution Service 3.0
RP2205: 1/6/2011 7:14:27 PM - Software Distribution Service 3.0
RP2206: 1/7/2011 7:48:17 PM - Installed HiJackThis
RP2207: 1/9/2011 7:06:47 PM - Software Distribution Service 3.0
RP2208: 1/10/2011 8:16:10 PM - System Checkpoint
RP2209: 1/10/2011 11:27:30 PM - Software Distribution Service 3.0
RP2210: 1/11/2011 11:27:29 PM - Software Distribution Service 3.0

==== Installed Programs ======================


7-Zip 4.32
AAC Decoder
ABBYY FineReader 4.0 Sprint
Aces High II
Addit! Pro For Flight Simulator X
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AdSponsorCL
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Age of Empires III
Age of Empires III - The WarChiefs
Age of Mythology
AnVir Task Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Armagetron Advanced 0.2.8.2.1.gcc
Audible Download Manager
AutoSketch Release 9
AutoUpdate
Axialis IconWorkshop 6.0
Bing Maps 3D
BitTorrent
BlackBerry Desktop Software 4.2.2
BlackBerry® Plug-in for Microsoft® Visual Studio®
Bonjour
Cabos
Canon i860
CDBurnerXP Pro 3
Command & Conquer Generals
Command & Conquer™ Red Alert™ 3
Command and ConquerTM Generals Zero Hour
Compatibility Pack for the 2007 Office system
Connect
Countdown Screensaver
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
CuteFTP 7 Home
CutePDF Writer 2.5
Data Lifeguard Tools
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
DocuMax 1.03g
DVD Solution
ESET Online Scanner v3
FFLM version 9.01
FileZilla (remove only)
Flight Simulator X
Flight Simulator X Service Pack 1
Frontline Registry Cleaner
Google Chrome
Google Desktop
Google Earth
Google SketchUp 6
Google Update Helper
Google Updater
GradeQuick
H.264 Decoder
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
JEOPARDY! (remove only)
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
KODAK Gallery Upload Software
kuler
LeapFrog Connect
LeapFrog My Pals Plugin
Light-O-Rama Demo
Logitech QuickCam
Logitech QuickCam Driver Package
Lyra System File Update Utility
Macromedia Dreamweaver 8
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Fireworks MX
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash MX
Macromedia Flash Player 8
Macromedia FreeHand 10
Magic ISO Maker v5.4 (build 0239)
Malwarebytes' Anti-Malware
MediaCoder 0.6.2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X: Acceleration
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office Interactive Developer Map
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Outlook Personal Folders Backup
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2000 Sample Database Scripts
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MiraScan V4.01
MKV Splitter
Mozilla Firefox (3.5.16)
Mozilla Sunbird 0.3a1
MP3 Disc Burner 1.83
MP4 Player
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MSXML4 Parser
MWSnap 3
myfantasyleague.com Game Day 2007
Neat Icons Core Set
Nero - Burning Rom
NVIDIA Drivers
NVIDIA nView Desktop Manager
OpenOffice.org 2.1
Opera 9.01
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
PowerDVD
PowerISO
PowerProducer
PrintingPress
QuickTime
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Remove MiraScan USB Driver
Rock and Roll JEOPARDY! (remove only)
Roxio Media Manager
Safari
Scorched3D 42.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 4.0
SMART Notebook
SMART Product Drivers
Sony Vegas Pro 8.0
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Sudoku Solver
Suite Shared Configuration CS4
System Requirements Lab
System Tool2011
ThinkWave Educator 2.6.1X
TomTom HOME 2.6.4.1641
TomTom HOME Visual Studio Merge Modules
Trip Countdown
TweakNow PowerPack 2010
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
VC80CRTRedist - 8.0.50727.762
Verizon FiOS Activation
Viewpoint Media Player
Vodei Multimedia Processor 2.10
Vz In Home Agent
WebFldrs XP
Winamp
WinDirStat 1.1.2
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Vista Upgrade Advisor
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
YouTube Downloader 2.6.1

==== Event Viewer Messages From Past Week ========

1/7/2011 9:38:23 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/7/2011 8:58:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM BIOS Fips hwinterface MpFilter Processor SCDEmu
1/7/2011 8:51:08 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
1/7/2011 8:47:55 PM, error: System Error [1003] - Error code 10000050, parameter1 80566000, parameter2 00000000, parameter3 b36e9f97, parameter4 00000000.
1/7/2011 8:08:13 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.95.3380.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
1/7/2011 8:08:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/7/2011 8:00:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/7/2011 7:58:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM BIOS Fips hwinterface IPSec MpFilter MRxSmb NEOFLTR_540_11359 NetBIOS NetBT nvata Processor RasAcd Rdbss SCDEmu Tcpip WS2IFSL
1/7/2011 7:58:52 PM, error: Service Control Manager [7003] - The tmrkb service depends on the following nonexistent service: tmcomm
1/7/2011 7:58:52 PM, error: Service Control Manager [7001] - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2011 7:58:52 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 7:58:52 PM, error: Service Control Manager [7001] - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error: The dependency service or group failed to start.
1/7/2011 7:58:52 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 7:58:52 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 7:58:52 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 7:58:52 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 7:58:52 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/7/2011 7:58:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/5/2011 9:39:56 AM, error: System Error [1003] - Error code 100000c5, parameter1 00000000, parameter2 00000002, parameter3 00000001, parameter4 8054b168.
1/5/2011 9:26:32 AM, error: System Error [1003] - Error code 1000000a, parameter1 77e2f9c0, parameter2 00000002, parameter3 00000000, parameter4 8053d9e4.
1/5/2011 10:09:39 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvata
1/5/2011 10:09:36 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/5/2011 10:09:26 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================


DDS (Ver_10-12-12.02) - NTFSx86
Run by Brad at 17:41:13.01 on Wed 01/12/2011
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1269 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

============== Running Processes ===============

F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\SMSC\SetIcon.exe
F:\Program Files\Microsoft IntelliType Pro\itype.exe
F:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
F:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Microsoft Security Client\msseces.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\AnVir Task Manager\AnVir.exe
svchost.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Program Files\DNA\btdna.exe
F:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
F:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
F:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
F:\Program Files\MP4 Player\mp4Player.exe
F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
F:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
F:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\svchost.exe -k HTTPFilter
F:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
F:\Program Files\Google\Chrome\Application\chrome.exe
F:\Documents and Settings\Brad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://remote.cintas.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - f:\program files\smart technologies\smart notebook\NotebookPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - f:\program files\java\jre1.5.0_09\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
EB: {2BC9C452-BB57-4896-A9A2-64611E06C9AA} - No File
uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe
uRun: [AnVir Task Manager] "f:\program files\anvir task manager\AnVir.exe" Minimized
uRun: [updateMgr] "f:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [BitTorrent DNA] "f:\program files\dna\btdna.exe"
uRun: [ISUSPM] "f:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [MP4 Player] "f:\program files\mp4 player\mp4Player.exe" hmw
uRun: [Xmigoqafar] rundll32.exe "f:\windows\MPoncw.dll",Startup
uRunOnce: [Shockwave Updater] "f:\windows\system32\adobe\shockwave 11\SwHelper_1156606.exe" -Update
mRun: [RemoteControl] "f:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [SunJavaUpdateSched] "f:\program files\java\jre1.5.0_09\bin\jusched.exe"
mRun: [PicasaNet] "f:\program files\hello\Hello.exe" -b
mRun: [SetIcon] \Program Files\SMSC\SetIcon.exe
mRun: [PWRISOVM.EXE] f:\program files\poweriso\PWRISOVM.EXE
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "f:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Google Desktop Search] "f:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [itype] "f:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "f:\program files\microsoft intellipoint\ipoint.exe"
mRun: [LogitechCommunicationsManager] "f:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Monitor] "f:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "f:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE f:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSC] "f:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "f:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - f:\program files\microsoft office\office10\OSA.EXE
IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - f:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: cintas.com\remote
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxps://remote.cintas.com/Cintas_IAVPortal/messages_lectora/tods/T_Diversity/html/,DanaInfo=elearning.cintas.com,CT=java+
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} - hxxp://www.winkflash.com/photo/loaders/SAXFile.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145048870359
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145048948328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {A60CCC4B-A858-11D1-91CB-00805F3E69CD} - hxxps://remote.cintas.com/launch/LaunchFilenet.CAB,DanaInfo=home5.cintas.com+
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://diy.view22.com/view22/diyapp/View22RTE.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://remote.cintas.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - f:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: ljjhiih - ljjhiih.dll
AppInit_DLLs: f:\progra~1\google\go333c~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - f:\progra~1\window~4\MpShHook.dll
SEH: {04DCB78C-AB45-83AD-A86A-6DFB90277939} - No File

================= FIREFOX ===================

FF - ProfilePath - f:\docume~1\brad\applic~1\mozilla\firefox\profiles\q22ok9ix.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: f:\documents and settings\brad\application data\mozilla\firefox\profiles\q22ok9ix.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: f:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: f:\documents and settings\brad\application data\mozilla\firefox\profiles\q22ok9ix.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: f:\documents and settings\brad\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: f:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: f:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: f:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: f:\program files\java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: f:\program files\java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: f:\program files\java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: f:\program files\java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: f:\program files\java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: f:\program files\java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: f:\program files\java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: f:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: f:\program files\picasa2\npPicasa2.dll
FF - plugin: f:\program files\picasa2\npPicasa3.dll
FF - plugin: f:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: TorrentBar: {7b821b0e-b102-4f9b-b6e3-433ede1fe379} - %profile%\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
FF - Ext: InstantAction.com Game Launcher: iaplayer@instantaction.com - %profile%\extensions\iaplayer@instantaction.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - f:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - f:\program files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: SMART Notebook Extension: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262} - f:\program files\mozilla firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: XULRunner: {861AFE65-B403-4CB7-BBB1-8DDC55EA966D} - f:\documents and settings\brad\local settings\application data\{861AFE65-B403-4CB7-BBB1-8DDC55EA966D}

============= SERVICES / DRIVERS ===============

R1 BIOS;BIOS;f:\windows\system32\drivers\BIOS.sys [2006-4-12 13696]
R1 hwinterface;hwinterface;f:\windows\system32\drivers\hwinterface.sys [2007-10-29 3026]
R1 MpFilter;Microsoft Malware Protection Driver;f:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 NEOFLTR_540_11359;Juniper Networks TDI Filter Driver (NEOFLTR_540_11359);f:\windows\system32\drivers\NEOFLTR_540_11359.sys [2006-11-30 57559]
R2 SMART Display Controller;SMART Display Controller;f:\program files\smart technologies\smart product drivers\UCService.exe [2010-1-5 779560]
R2 TomTomHOMEService;TomTomHOMEService;f:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]
S2 gupdate1c9fd1cac020f1c;Google Update Service (gupdate1c9fd1cac020f1c);f:\program files\google\update\GoogleUpdate.exe [2009-7-4 133104]
S2 tmrkb;tmrkb;f:\windows\system32\drivers\tmrkb.sys [2011-1-7 56400]
S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [2010-9-8 1684736]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;f:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-17 30192]
S3 KProcWatch;KProcWatch;\??\f:\windows\system32\drivers\kprocwatch.sys --> f:\windows\system32\drivers\KProcWatch.sys [?]
S3 MdsTomcat;BlackBerry MDS Services - Apache Tomcat Service;f:\program files\research in motion\blackberry vs8 plugin\mds services\bin\javaservice.exe [2007-9-26 102400]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;f:\program files\smart technologies\smart product drivers\SMARTSNMPAgent.exe [2010-1-5 1053992]
S3 SMART Web Server;SMART Web Server;f:\program files\smart technologies\smart product drivers\WebServer.exe [2010-1-5 1262888]
S3 WinDefend;Windows Defender;f:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

=============== Created Last 30 ================

2011-01-12 04:27:31 6273872 ----a-w- f:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{45e49d6a-306a-4458-a5f2-5d76494d56c4}\mpengine.dll
2011-01-08 15:46:31 -------- d-----w- f:\docume~1\brad\locals~1\applic~1\Unity
2011-01-08 02:53:38 -------- d-----w- f:\program files\TweakNow PowerPack 2010
2011-01-08 02:53:38 -------- d-----w- f:\docume~1\brad\applic~1\TweakNow PowerPack 2010
2011-01-08 02:32:52 -------- d-----w- f:\program files\ESET
2011-01-08 02:07:41 -------- d-----w- f:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner
2011-01-08 02:07:37 -------- d-----w- f:\program files\Frontline Registry Cleaner
2011-01-08 00:55:46 190032 ----a-w- f:\windows\system32\drivers\tmcomm.sys
2011-01-08 00:55:46 -------- d-----w- f:\documents and settings\brad\log
2011-01-08 00:55:45 56400 ----a-w- f:\windows\system32\drivers\tmrkb.sys
2011-01-08 00:48:19 388096 ----a-r- f:\docume~1\brad\applic~1\microsoft\installer\{0761c9a8-8f3a-4216-b4a7-b7afbf24a24a}\HiJackThis.exe
2011-01-08 00:48:18 -------- d-----w- f:\program files\TrendMicro
2011-01-07 00:14:40 6273872 ----a-w- f:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-01-05 15:13:47 -------- d-----w- f:\program files\Microsoft Security Client
2011-01-04 06:52:11 6273872 ----a-w- f:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{5e893e9f-b6e6-40fa-a825-1e2918aaafca}\mpengine.dll
2011-01-03 12:45:22 53248 ----a-w- f:\windows\system32\drivers\sst8D.sys
2011-01-03 12:45:22 0 ----a-w- f:\windows\system32\drivers\sst8D.tmp
2011-01-03 12:45:16 53248 ----a-w- f:\windows\system32\drivers\sst8C.sys
2011-01-03 12:45:16 0 ----a-w- f:\windows\system32\drivers\sst8C.tmp
2010-12-18 18:46:51 -------- d-----w- f:\docume~1\brad\applic~1\Malwarebytes
2010-12-18 18:29:47 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 18:29:47 -------- d-----w- f:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-18 18:29:44 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-12-18 18:29:44 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2010-12-18 18:00:46 -------- d-----w- f:\docume~1\brad\locals~1\applic~1\{861AFE65-B403-4CB7-BBB1-8DDC55EA966D}
2010-12-15 21:56:20 40960 -c----w- f:\windows\system32\dllcache\ndproxy.sys
2010-12-15 21:55:18 45568 -c----w- f:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- f:\windows\system32\isign32.dll
2010-11-06 00:34:12 832512 ----a-w- f:\windows\system32\wininet.dll
2010-11-06 00:34:11 78336 ----a-w- f:\windows\system32\ieencode.dll
2010-11-06 00:34:11 1830912 ----a-w- f:\windows\system32\inetcpl.cpl
2010-11-06 00:34:11 17408 ----a-w- f:\windows\system32\corpol.dll
2010-11-03 12:25:53 389120 ----a-w- f:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- f:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- f:\windows\system32\win32k.sys
2010-10-19 20:51:33 222080 ------w- f:\windows\system32\MpSigStub.exe
2004-03-11 17:27:22 40960 ----a-w- f:\program files\Uninstall_CDS.exe

============= FINISH: 17:49:58.17 ===============


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #3
==============================================
>Drivers
==============================================
0xB6AE2000 F:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10240000 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 195.62 )
0xBD012000 F:\WINDOWS\System32\nv4_disp.dll 6283264 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 195.62 )
0xB08CE000 F:\WINDOWS\system32\drivers\RtkHDAud.sys 6078464 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 F:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 F:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB74A6000 F:\WINDOWS\system32\DRIVERS\NVNRM.SYS 958464 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xB6485000 F:\WINDOWS\System32\drivers\dmboot.sys 802816 bytes (Microsoft Corp., Veritas Software, NT Disk Manager Startup Driver)
0xB7DDF000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAFBC2000 F:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xAFD64000 F:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB397E000 F:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAFE6F000 F:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAA286000 F:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 F:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA8FEA000 F:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB3A2C000 F:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xAA496000 F:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7DB2000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9B1BD000 F:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAFDD4000 F:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB75B3000 F:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAFE21000 F:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAFEFB000 F:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB7F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAFE49000 F:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB7ECD000 nvgts.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0xA9D40000 F:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB08AA000 F:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB75DB000 F:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB7590000 F:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAFDFF000 F:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 F:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7E95000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB7D72000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7EF2000 nvata.sys 102400 bytes (NVIDIA Corporation, NVIDIA® nForce™ IDE Performance Driver)
0xB7F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA958000 F:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7EB5000 F:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7E6C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB6AA6000 F:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAA6CB000 F:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB7D9E000 sfvfs02.sys 81920 bytes (Protection Technology, StarForce Protection VFS Driver)
0xB6ACE000 F:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAFEC8000 F:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 F:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7D8C000 sfdrv01.sys 73728 bytes (Protection Technology, StarForce Protection Environment Driver)
0xB7E83000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB6A95000 F:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAC118000 F:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8168000 F:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8148000 F:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB5DCD000 F:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8178000 F:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xAC148000 F:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB81A8000 F:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB0EFA000 F:\WINDOWS\system32\Drivers\NEOFLTR_540_11359.SYS 57344 bytes (Juniper Networks, NetBIOS Redirector)
0xB81E8000 F:\WINDOWS\system32\DRIVERS\NVENETFD.sys 57344 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xB8128000 F:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)
0xB80E8000 F:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB81D8000 F:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB0E9A000 F:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB8218000 F:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB0ECA000 F:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8158000 F:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8208000 F:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB8198000 F:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8188000 F:\WINDOWS\system32\DRIVERS\nvnetbus.sys 40960 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xA9F2E000 F:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xB760F000 F:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB0EAA000 F:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8228000 F:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB0EDA000 F:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA29D0000 F:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB8138000 F:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB80F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB0EEA000 F:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xB83A8000 F:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB0734000 F:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB072C000 F:\WINDOWS\System32\Drivers\SCDEmu.SYS 32768 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xB8340000 sfhlp02.sys 32768 bytes (Protection Technology, StarForce Protection Helper Driver)
0xB075C000 F:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB8398000 F:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB8388000 F:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB074C000 F:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8408000 F:\DOCUME~1\Brad\LOCALS~1\Temp\mbr.sys 28672 bytes
0xB0724000 F:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xB8328000 F:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB8478000 F:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xB83A0000 F:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB84A8000 F:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB8470000 F:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB8448000 F:\WINDOWS\system32\DRIVERS\point32.sys 24576 bytes (Microsoft Corporation, Point32.sys)
0xB0744000 F:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB5E35000 F:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB83E0000 F:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xB073C000 F:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8480000 F:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8490000 F:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB83B0000 F:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB8390000 F:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xAC82B000 F:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAFD0C000 F:\WINDOWS\system32\drivers\BIOS.sys 16384 bytes (BIOSTAR Group, I/O Interface driver file)
0xB859C000 F:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB7BD7000 F:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAFA38000 F:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB8574000 F:\WINDOWS\system32\DRIVERS\nvsmu.sys 16384 bytes (NVIDIA Corporation, NVIDIA nForce™ SMU Microcontroller Driver)
0xB8570000 F:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84B8000 F:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAC779000 F:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB858C000 F:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAFD48000 F:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB857C000 F:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB8578000 F:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xB1128000 F:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBFF50000 F:\WINDOWS\System32\TSDDD.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xB07BE000 F:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xB8612000 F:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xAE091000 F:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB8610000 F:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 F:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8614000 F:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8616000 F:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB861E000 F:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xB8654000 F:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB85B8000 F:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 F:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8781000 F:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB86BB000 F:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB8671000 F:\WINDOWS\System32\Drivers\hwinterface.sys 4096 bytes (Logix4u, hwinterface.sys)
0xB86F6000 F:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C99020 ] TID: 116
0x8055C700 Faked ServiceTable-->Communications_Helper.exe [ ETHREAD 0x88F3B480 ] TID: 124, 4325379 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AF74D0 ] TID: 152, 564632 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x891BC578 ] TID: 156
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B518D8 ] TID: 184, 328192 bytes
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x89266928 ] TID: 196
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E5A368 ] TID: 200
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8824F020 ] TID: 212
0x8055C700 Faked ServiceTable-->LVComSer.exe [ ETHREAD 0x88BD1020 ] TID: 216
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8900B720 ] TID: 220
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x881AEBD0 ] TID: 224
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892BCDA8 ] TID: 228
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8880D020 ] TID: 232
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A570968 ] TID: 236, 8781826 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F76020 ] TID: 240
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891157A0 ] TID: 260, 8781826 bytes
0x8055C700 Faked ServiceTable-->btdna.exe [ ETHREAD 0x88AD2DA8 ] TID: 268
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8884A020 ] TID: 272, 8781831 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88216020 ] TID: 276
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89357B30 ] TID: 288, 8781836 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89207688 ] TID: 300
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888B2320 ] TID: 304, 8781847 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A677020 ] TID: 308
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88448B30 ] TID: 328
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88483DA8 ] TID: 332
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89233020 ] TID: 336
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889CE680 ] TID: 340
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889E4020 ] TID: 352
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x885EB3B8 ] TID: 356
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880C1B38 ] TID: 368
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880CA668 ] TID: 372
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8824D020 ] TID: 420
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F93790 ] TID: 424
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889DFDA8 ] TID: 440
0x8055C700 Faked ServiceTable-->SetIcon.exe [ ETHREAD 0x88E41710 ] TID: 444
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B486F0 ] TID: 452
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A61EDA8 ] TID: 456
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AF2020 ] TID: 460
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E13900 ] TID: 468
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890CC2E8 ] TID: 472
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892B3020 ] TID: 476
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B667A8 ] TID: 480
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89383B30 ] TID: 484
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8819AB30 ] TID: 536
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892F42F0 ] TID: 564
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x891E2588 ] TID: 568
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D49118 ] TID: 572, 6553709 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8841CB38 ] TID: 576, 28311555 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89383DA8 ] TID: 580, 5505106 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890EB020 ] TID: 584, 6 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889F9020 ] TID: 588
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892BD728 ] TID: 628
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DF2590 ] TID: 648
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A504CC0 ] TID: 668
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x896DA9A0 ] TID: 672
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x896D5960 ] TID: 676
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8819EDA8 ] TID: 700
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x8900CDA8 ] TID: 704
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x88DDFBA8 ] TID: 716
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8A756020 ] TID: 732
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EDB220 ] TID: 748
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8900B998 ] TID: 760
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883B6370 ] TID: 764
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8923A3B8 ] TID: 768
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88D8DDA8 ] TID: 772
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A39B910 ] TID: 780
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EFF3D0 ] TID: 788
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881D61C0 ] TID: 800
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C80020 ] TID: 808
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A543DA8 ] TID: 812
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A5DA478 ] TID: 816
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A5606E8 ] TID: 820
0x8055C700 Faked ServiceTable-->msseces.exe [ ETHREAD 0x88BEADA8 ] TID: 824
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A458680 ] TID: 828
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8922C1E8 ] TID: 832
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880C2DA8 ] TID: 836
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x893311E8 ] TID: 840
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x892341E8 ] TID: 844
0x8055C700 Faked ServiceTable-->msseces.exe [ ETHREAD 0x8A4EEB30 ] TID: 848
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x892421E8 ] TID: 856
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C65818 ] TID: 864, 5374020 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891CC020 ] TID: 876
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8849ADA8 ] TID: 884
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890443B8 ] TID: 888
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A4F7A08 ] TID: 892, 5439575 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88889A20 ] TID: 896
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A51D020 ] TID: 904
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B5B578 ] TID: 912
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x893B7020 ] TID: 916, 3801158 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89047020 ] TID: 920
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x896EE020 ] TID: 924, 3801158 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x88CB4818 ] TID: 928
0x8055C700 Faked ServiceTable-->msseces.exe [ ETHREAD 0x89163518 ] TID: 932, 3801158 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C7C020 ] TID: 936
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88F6BAA8 ] TID: 940
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8819E528 ] TID: 944
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DBB300 ] TID: 948
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8882E020 ] TID: 952
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x88BCFA20 ] TID: 956
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88049DA8 ] TID: 960
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x88DCDDA8 ] TID: 964
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x8912F3A0 ] TID: 968
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x88A1FDA8 ] TID: 972
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CC0C08 ] TID: 984
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89029838 ] TID: 996
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89146020 ] TID: 1020
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C1EDA8 ] TID: 1028
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D6BB30 ] TID: 1032
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F6F478 ] TID: 1036
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A60F020 ] TID: 1044
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A5F8310 ] TID: 1048
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A5A6B30 ] TID: 1056
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88629BA8 ] TID: 1060
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x889A3DA8 ] TID: 1068
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88C1C858 ] TID: 1072
0x8055C700 Faked ServiceTable-->PDVDServ.exe [ ETHREAD 0x88F17DA8 ] TID: 1076, 32 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F0ADA8 ] TID: 1088
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A4EF020 ] TID: 1096
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89702020 ] TID: 1100
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A3E61D0 ] TID: 1104
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A40BC10 ] TID: 1108
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A44EA38 ] TID: 1112
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C382C8 ] TID: 1116
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A022F8 ] TID: 1120, 3014753 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F86DA8 ] TID: 1128
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89122700 ] TID: 1152
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896E5BA0 ] TID: 1164
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D2E020 ] TID: 1168
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DE0798 ] TID: 1172
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ECF198 ] TID: 1176, 7536686 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B11A18 ] TID: 1180
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8935C280 ] TID: 1184
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F53020 ] TID: 1196
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A5B83A8 ] TID: 1200
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8818BB78 ] TID: 1204
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x890814D8 ] TID: 1208
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890FF020 ] TID: 1212
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x89193DA8 ] TID: 1216, 7209074 bytes
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x88E53DA8 ] TID: 1220
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896EEDA8 ] TID: 1236
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AE2808 ] TID: 1244
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BAECB0 ] TID: 1248
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E10DA8 ] TID: 1252
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x893283E0 ] TID: 1260
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8911EA30 ] TID: 1264
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A394708 ] TID: 1268, 3997757 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891AE020 ] TID: 1284, 3211296 bytes
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x892BF918 ] TID: 1300
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EAC020 ] TID: 1304
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FF4798 ] TID: 1308
0x8055C700 Faked ServiceTable-->CommandService.exe [ ETHREAD 0x89163790 ] TID: 1316
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8910F020 ] TID: 1320
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A27888 ] TID: 1328
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890EB7C0 ] TID: 1332, 7536686 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AC9998 ] TID: 1336
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CE92C0 ] TID: 1340
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890B5A38 ] TID: 1344
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88D4FBA8 ] TID: 1348
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88451588 ] TID: 1352
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A791A0 ] TID: 1356
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F13020 ] TID: 1372
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880CB8C0 ] TID: 1376, 3014770 bytes
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8934AA28 ] TID: 1380
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8A5B47C0 ] TID: 1388
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880BD588 ] TID: 1392
0x8055C700 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x89708BA0 ] TID: 1396
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x891A7020 ] TID: 1404
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88EC5020 ] TID: 1408
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88216560 ] TID: 1412
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E9C020 ] TID: 1416, 5963776 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E8E020 ] TID: 1420
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x88A06020 ] TID: 1424
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8A3E6990 ] TID: 1428
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D2C8F8 ] TID: 1432
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A523020 ] TID: 1436
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896DE020 ] TID: 1440
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B9C478 ] TID: 1456
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B36020 ] TID: 1460
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891E4020 ] TID: 1464
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8921ABA0 ] TID: 1468
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F557A0 ] TID: 1472
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F19A00 ] TID: 1476
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88185528 ] TID: 1480
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F86020 ] TID: 1484
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881A4DA8 ] TID: 1488
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x88D54DA8 ] TID: 1496, 3276855 bytes
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x88E41BA8 ] TID: 1500
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x892002F8 ] TID: 1504
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x88D54938 ] TID: 1508
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x88D1D020 ] TID: 1516
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x88ED6020 ] TID: 1520
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x88AD4020 ] TID: 1524
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x890DB020 ] TID: 1528
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x89204020 ] TID: 1532, 7471195 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889D2020 ] TID: 1536
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896EADA8 ] TID: 1540
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8935E020 ] TID: 1544
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A560020 ] TID: 1548
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A4EDDA8 ] TID: 1556
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A4EDB30 ] TID: 1560
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88C9D528 ] TID: 1564
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D6F7D0 ] TID: 1572, 46 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880F0DA8 ] TID: 1580
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88D6E020 ] TID: 1588
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8835B020 ] TID: 1592
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A516C40 ] TID: 1596
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x881CE3C0 ] TID: 1600
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889CA530 ] TID: 1604
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F5BC30 ] TID: 1608
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ADF628 ] TID: 1612
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E1B1E8 ] TID: 1616
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C669C0 ] TID: 1620
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B68B98 ] TID: 1628
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BA0918 ] TID: 1648
0x8055C700 Faked ServiceTable-->MDM.EXE [ ETHREAD 0x88D8F020 ] TID: 1660
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x88E983F8 ] TID: 1664
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89146920 ] TID: 1672
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A567430 ] TID: 1684
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E83DA8 ] TID: 1688
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891CCDA8 ] TID: 1692
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BB01F8 ] TID: 1704
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x880F8020 ] TID: 1708
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89703020 ] TID: 1716
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BBB020 ] TID: 1724
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B1BDA8 ] TID: 1728
0x8055C700 Faked ServiceTable-->AnVir.exe [ ETHREAD 0x88BB9A98 ] TID: 1732, 7864421 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89144358 ] TID: 1740
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x896DA020 ] TID: 1744
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x88DF0020 ] TID: 1748
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89122DA8 ] TID: 1752
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88251B30 ] TID: 1756
0x8055C700 Faked ServiceTable-->CommandService.exe [ ETHREAD 0x896E95A8 ] TID: 1760
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CC4020 ] TID: 1764
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A449DA8 ] TID: 1768, 968256 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FB5778 ] TID: 1772
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882F0DA8 ] TID: 1776
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882647A0 ] TID: 1780
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EAD200 ] TID: 1784
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89159880 ] TID: 1788
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x88B7B448 ] TID: 1796
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x8A59B620 ] TID: 1808
0x8055C700 Faked ServiceTable-->LVComSer.exe [ ETHREAD 0x88E87310 ] TID: 1812, 409784 bytes
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x891D3498 ] TID: 1816
0x8055C700 Faked ServiceTable-->AnVir.exe [ ETHREAD 0x89397A28 ] TID: 1820
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88309020 ] TID: 1824
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88796DA8 ] TID: 1828
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8847F020 ] TID: 1832
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x88F94BB8 ] TID: 1836
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x88D3A3F8 ] TID: 1840
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x8A52C7B0 ] TID: 1844
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x8A52C538 ] TID: 1848
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x8A4EC5F8 ] TID: 1852
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88102DA8 ] TID: 1856
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F84DA8 ] TID: 1860
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x8A4EC380 ] TID: 1868
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x891A0DA8 ] TID: 1872, 3473459 bytes
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x891A0B30 ] TID: 1876
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F1A388 ] TID: 1880, 3342445 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8922B1E0 ] TID: 1884, 130 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D397A0 ] TID: 1888, 1368584 bytes
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x88ED34A8 ] TID: 1892
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x88A319A0 ] TID: 1908, 37814702 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88E14918 ] TID: 1916, 477888 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FF0020 ] TID: 1920
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89300020 ] TID: 1924
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890C3A70 ] TID: 1928
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889FA710 ] TID: 1932
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88E5D020 ] TID: 1952
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8A477A30 ] TID: 1964
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8824F7A0 ] TID: 1972
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880EB7B8 ] TID: 1976
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88AD4DA8 ] TID: 1980
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x891721E8 ] TID: 1984
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89028020 ] TID: 1996
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EF8020 ] TID: 2004
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88EC0DA8 ] TID: 2008
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F38A48 ] TID: 2016
0x8055C700 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x88E51B88 ] TID: 2024
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88B35578 ] TID: 2036
0x8055C700 Faked ServiceTable-->btdna.exe [ ETHREAD 0x884A6248 ] TID: 2040
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8A5D5468 ] TID: 2044
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DE9020 ] TID: 2056
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x889FEBA0 ] TID: 2064
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89362410 ] TID: 2068
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BDCA88 ] TID: 2072
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BD1B30 ] TID: 2076
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AD6DA8 ] TID: 2080
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A79550 ] TID: 2084
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8892DD10 ] TID: 2088
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B563E0 ] TID: 2096
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8829A7A0 ] TID: 2104
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F30D10 ] TID: 2108
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88252DA8 ] TID: 2112
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AC74A8 ] TID: 2116
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88FFB518 ] TID: 2132
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A429DA8 ] TID: 2148
0x8055C700 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x891ED398 ] TID: 2152
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A2C9A0 ] TID: 2156
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D6BDA8 ] TID: 2160
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E01C40 ] TID: 2168
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B45B78 ] TID: 2176
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88192B28 ] TID: 2184
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882F0650 ] TID: 2188
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A77FC40 ] TID: 2208
0x8055C700 Faked ServiceTable-->btdna.exe [ ETHREAD 0x8A5A3DA8 ] TID: 2212
0x8055C700 Faked ServiceTable-->btdna.exe [ ETHREAD 0x89638720 ] TID: 2216
0x8055C700 Faked ServiceTable-->itype.exe [ ETHREAD 0x8932E9D8 ] TID: 2220
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8875A408 ] TID: 2228
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881183B8 ] TID: 2236
0x8055C700 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x89114380 ] TID: 2244
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8933D630 ] TID: 2252
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88805CA0 ] TID: 2256
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DD1020 ] TID: 2260
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B14DA8 ] TID: 2268
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880BB7A0 ] TID: 2272
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E15880 ] TID: 2280
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884857A0 ] TID: 2288
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x890B4518 ] TID: 2292
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x891C89A8 ] TID: 2308
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CA6020 ] TID: 2312
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8934B020 ] TID: 2316
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889FF3B8 ] TID: 2320
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CFE020 ] TID: 2324
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EC1B30 ] TID: 2328
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892F17C8 ] TID: 2332
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D9B020 ] TID: 2336
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8970E7A0 ] TID: 2340
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8933C1F8 ] TID: 2344
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B775A0 ] TID: 2348
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889A03D8 ] TID: 2352
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E39DA8 ] TID: 2356
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880F0020 ] TID: 2360
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890E53D0 ] TID: 2364
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CA8590 ] TID: 2368
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DE3BA8 ] TID: 2372
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A02020 ] TID: 2384
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8828A020 ] TID: 2404
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884DA708 ] TID: 2420
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892D87F0 ] TID: 2428
0x8055C700 Faked ServiceTable-->GoogleCrashHandler.exe [ ETHREAD 0x88C83600 ] TID: 2432
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A79B00 ] TID: 2444
0x8055C700 Faked ServiceTable-->GoogleCrashHandler.exe [ ETHREAD 0x8A62C6C8 ] TID: 2448
0x8055C700 Faked ServiceTable-->GoogleCrashHandler.exe [ ETHREAD 0x88F5DDA8 ] TID: 2452
0x8055C700 Faked ServiceTable-->GoogleCrashHandler.exe [ ETHREAD 0x88E95DA8 ] TID: 2456
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880F3B30 ] TID: 2472
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89385728 ] TID: 2476
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A56A568 ] TID: 2480
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D92998 ] TID: 2488
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x8901A3C8 ] TID: 2492
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B0FDA8 ] TID: 2496
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AD2328 ] TID: 2500
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C4D020 ] TID: 2512
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88333020 ] TID: 2516
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89264708 ] TID: 2520
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89017720 ] TID: 2524
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890BFDA8 ] TID: 2528
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89190BB0 ] TID: 2532
0x8055C700 Faked ServiceTable-->LVComSer.exe [ ETHREAD 0x88E8C590 ] TID: 2536
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8848EB30 ] TID: 2540
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890FF9A0 ] TID: 2544
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884507A0 ] TID: 2548
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E08898 ] TID: 2552
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88112310 ] TID: 2556
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890F37E8 ] TID: 2560
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89269590 ] TID: 2564
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A542CF0 ] TID: 2572
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A542A78 ] TID: 2576
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A542800 ] TID: 2580
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A542380 ] TID: 2584
0x8055C700 Faked ServiceTable-->Mp4Player.exe [ ETHREAD 0x88FFE790 ] TID: 2588
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CDC200 ] TID: 2592
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88288248 ] TID: 2596
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x88E14BB0 ] TID: 2600
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89347DA8 ] TID: 2620
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8828AA78 ] TID: 2624
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E8BDA8 ] TID: 2632
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CDFC80 ] TID: 2640
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ACD020 ] TID: 2644
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882E03B8 ] TID: 2648
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881D37A0 ] TID: 2652
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x893961E0 ] TID: 2656
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B38020 ] TID: 2660
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x881BD7A8 ] TID: 2668
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FF8518 ] TID: 2672
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x8930C790 ] TID: 2680
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x88B79DA8 ] TID: 2684
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F11528 ] TID: 2696
0x8055C700 Faked ServiceTable-->msseces.exe [ ETHREAD 0x8A571598 ] TID: 2700
0x8055C700 Faked ServiceTable-->msseces.exe [ ETHREAD 0x8A57F998 ] TID: 2704
0x8055C700 Faked ServiceTable-->msseces.exe [ ETHREAD 0x892D6530 ] TID: 2712
0x8055C700 Faked ServiceTable-->msseces.exe [ ETHREAD 0x8925ADA8 ] TID: 2716
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89347B30 ] TID: 2724
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E8C020 ] TID: 2728
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D1BDA8 ] TID: 2732
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BAC3B8 ] TID: 2736
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880BCB30 ] TID: 2740
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889C8020 ] TID: 2744
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EE4B30 ] TID: 2748
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B81DA8 ] TID: 2752
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D84638 ] TID: 2756
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A2E800 ] TID: 2760
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E777A0 ] TID: 2764
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D2D020 ] TID: 2768
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B9E310 ] TID: 2772
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88842020 ] TID: 2776
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8911C020 ] TID: 2780
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x8911C550 ] TID: 2784
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B9E588 ] TID: 2788
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BAD598 ] TID: 2792
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D299A0 ] TID: 2796
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DC7020 ] TID: 2800
0x8055C700 Faked ServiceTable-->jucheck.exe [ ETHREAD 0x889DE938 ] TID: 2804
0x8055C700 Faked ServiceTable-->msseces.exe [ ETHREAD 0x889AE020 ] TID: 2808
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x893478B8 ] TID: 2816
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889CF7B0 ] TID: 2820
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889D6BA0 ] TID: 2824
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D15398 ] TID: 2828
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B649D8 ] TID: 2832
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8819B3B8 ] TID: 2836
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8938B2C0 ] TID: 2840
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B43020 ] TID: 2844
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883AF538 ] TID: 2852
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D46998 ] TID: 2856
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AE5B30 ] TID: 2860
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89347640 ] TID: 2864
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AE5020 ] TID: 2868
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AE58B8 ] TID: 2872
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AE5DA8 ] TID: 2876
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E0E020 ] TID: 2880
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B54C08 ] TID: 2884
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88746020 ] TID: 2888
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F43020 ] TID: 2892
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F3D020 ] TID: 2896
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89014520 ] TID: 2900
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B756F8 ] TID: 2904
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88AA7020 ] TID: 2908
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C4BB30 ] TID: 2912
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8910E448 ] TID: 2916
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892E6800 ] TID: 2924
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D3D020 ] TID: 2928
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892767A8 ] TID: 2932
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890D3720 ] TID: 2936
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EC18B0 ] TID: 2940
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883D0C90 ] TID: 2944
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BB9DA8 ] TID: 2948
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F10A28 ] TID: 2952
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88553A78 ] TID: 2956
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891C6808 ] TID: 2968
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C647C0 ] TID: 2980
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891D2020 ] TID: 2988
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8919FDA8 ] TID: 2992
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C0ADA8 ] TID: 2996
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89336020 ] TID: 3000
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x881A3DA8 ] TID: 3004
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88741020 ] TID: 3008
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89053DA8 ] TID: 3012
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89067B38 ] TID: 3016
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892D5B38 ] TID: 3020
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CE9020 ] TID: 3024
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B747A0 ] TID: 3028
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E5BA20 ] TID: 3032
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F75DA8 ] TID: 3036
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89162020 ] TID: 3040
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890E6020 ] TID: 3048
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884B9020 ] TID: 3052
0x8055C700 Faked ServiceTable-->LVComSer.exe [ ETHREAD 0x8A5706F0 ] TID: 3056
0x8055C700 Faked ServiceTable-->LVComSer.exe [ ETHREAD 0x88EE8BA0 ] TID: 3068
0x8055C700 Faked ServiceTable-->LVComSer.exe [ ETHREAD 0x88C33A00 ] TID: 3072
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89031BB0 ] TID: 3080
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D477E0 ] TID: 3084
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AE4380 ] TID: 3088
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x880515A8 ] TID: 3092
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EA2DA8 ] TID: 3100
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ECBDA8 ] TID: 3104
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EDB7A8 ] TID: 3108
0x8055C700 Faked ServiceTable-->SMARTBoardService.exe [ ETHREAD 0x88AC4BC0 ] TID: 3120
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891A25D8 ] TID: 3124
0x8055C700 Faked ServiceTable-->SMARTBoardService.exe [ ETHREAD 0x896DD720 ] TID: 3128
0x8055C700 Faked ServiceTable-->SMARTBoardService.exe [ ETHREAD 0x892DFDA8 ] TID: 3132
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8921F020 ] TID: 3136
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89392020 ] TID: 3140
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x881AD4C8 ] TID: 3144
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88100020 ] TID: 3152
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882FD020 ] TID: 3164
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F00BB8 ] TID: 3168
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x890F3020 ] TID: 3176
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A6023C0 ] TID: 3188
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89347020 ] TID: 3192
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89203020 ] TID: 3196
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B3F358 ] TID: 3204
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88CA5DA8 ] TID: 3208
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AE4DA8 ] TID: 3216
0x8055C700 Faked ServiceTable-->UCService.exe [ ETHREAD 0x89201DA8 ] TID: 3220
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88ED3DA8 ] TID: 3224
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89391DA8 ] TID: 3232
0x8055C700 Faked ServiceTable-->UCService.exe [ ETHREAD 0x88CAF5C0 ] TID: 3248
0x8055C700 Faked ServiceTable-->SMARTBoardService.exe [ ETHREAD 0x88FB6DA8 ] TID: 3252
0x8055C700 Faked ServiceTable-->UCService.exe [ ETHREAD 0x89215DA8 ] TID: 3256
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891E2DA8 ] TID: 3260
0x8055C700 Faked ServiceTable-->UCService.exe [ ETHREAD 0x88CB2DA8 ] TID: 3264
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x893473C8 ] TID: 3268
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88EB9020 ] TID: 3272
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88ED3720 ] TID: 3276
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x8939CDA8 ] TID: 3280
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88CB25A8 ] TID: 3284
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89119BA8 ] TID: 3288
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x886137E8 ] TID: 3292
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88C6D020 ] TID: 3296
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88B30BA0 ] TID: 3300
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8900A4D0 ] TID: 3304
0x8055C700 Faked ServiceTable-->TomTomHOMEService.exe [ ETHREAD 0x89219798 ] TID: 3316
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8824ADA8 ] TID: 3320
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88838928 ] TID: 3324
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E0FBA8 ] TID: 3328
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88F26DA8 ] TID: 3332
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88A0EBA8 ] TID: 3336, 388 bytes
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88C6E7A0 ] TID: 3340
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x89219BA8 ] TID: 3344
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88EB9588 ] TID: 3348
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C32B30 ] TID: 3352
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F07DA8 ] TID: 3356
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E0D020 ] TID: 3360
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88B47B00 ] TID: 3364
0x8055C700 Faked ServiceTable-->TomTomHOMEService.exe [ ETHREAD 0x88AF5BB0 ] TID: 3368
0x8055C700 Faked ServiceTable-->TomTomHOMEService.exe [ ETHREAD 0x896DCDA8 ] TID: 3372
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880E77A0 ] TID: 3376
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890E6948 ] TID: 3380
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F5B300 ] TID: 3384
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882E46F8 ] TID: 3388
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D43020 ] TID: 3392
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8835EB68 ] TID: 3404
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896DC3A8 ] TID: 3412
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x891F9DA8 ] TID: 3416
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89244DA8 ] TID: 3428
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89112998 ] TID: 3432
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x88ED3B30 ] TID: 3444
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x88DEA588 ] TID: 3448
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88EC0020 ] TID: 3452
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88BEF020 ] TID: 3456
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89337BD8 ] TID: 3460
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x881BF390 ] TID: 3468
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DD2B38 ] TID: 3472
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x893B4020 ] TID: 3476
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88BEF998 ] TID: 3480
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x88E04BA0 ] TID: 3484
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x89020BA0 ] TID: 3488
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x89022020 ] TID: 3492
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x8908DBA8 ] TID: 3496
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x889CA998 ] TID: 3500
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x896DC640 ] TID: 3504
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x8908D3B8 ] TID: 3508
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88194DA8 ] TID: 3512
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88C75930 ] TID: 3516
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89243DA8 ] TID: 3520
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x88F6D790 ] TID: 3524
0x8055C700 Faked ServiceTable-->inetinfo.exe [ ETHREAD 0x89183DA8 ] TID: 3528
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DF89D8 ] TID: 3540
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A3CDA8 ] TID: 3544
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A3CB30 ] TID: 3548
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AD3C48 ] TID: 3552
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AF23B8 ] TID: 3556
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89279DA8 ] TID: 3560
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x885A13B8 ] TID: 3564
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8833E3C0 ] TID: 3572
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890FEDA8 ] TID: 3576
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89233900 ] TID: 3580
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F1ABA0 ] TID: 3588
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89182720 ] TID: 3592
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89130D10 ] TID: 3596
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x892F6DA8 ] TID: 3600
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F11DA8 ] TID: 3604
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8891BB40 ] TID: 3608
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89183B30 ] TID: 3612
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DF79A0 ] TID: 3616
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x891A7DA8 ] TID: 3620
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891A8518 ] TID: 3624
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891F3538 ] TID: 3632
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88732020 ] TID: 3636
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x887103B8 ] TID: 3640
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E90248 ] TID: 3644
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89241B98 ] TID: 3648
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880F27A0 ] TID: 3652
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x88E3B020 ] TID: 3656
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x88F28930 ] TID: 3660
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x88E04500 ] TID: 3664
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890FCDA8 ] TID: 3668
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AE0DA8 ] TID: 3672
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x88377020 ] TID: 3676
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88195020 ] TID: 3680
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88065B88 ] TID: 3684
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BB3020 ] TID: 3688
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CC5268 ] TID: 3692
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B76C08 ] TID: 3696
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A50DBA8 ] TID: 3700
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FAB020 ] TID: 3704
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890BF020 ] TID: 3708
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890C27A0 ] TID: 3712
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88920698 ] TID: 3716
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89187900 ] TID: 3720
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D2D7A0 ] TID: 3724
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8922D9B0 ] TID: 3728
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8933B7A0 ] TID: 3732
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B0E948 ] TID: 3736
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x8A4F8DA8 ] TID: 3740
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x893942A8 ] TID: 3744
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890D7020 ] TID: 3752
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E92A68 ] TID: 3760
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BBB978 ] TID: 3764
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D6FA90 ] TID: 3772
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F28318 ] TID: 3780
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891DB590 ] TID: 3784
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881D0420 ] TID: 3788
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88194B30 ] TID: 3792
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EEA8D0 ] TID: 3796
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890D9DA8 ] TID: 3800
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891B7DA8 ] TID: 3804
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89272020 ] TID: 3808
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E8DDA8 ] TID: 3812
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892F6020 ] TID: 3816
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880E7DA8 ] TID: 3820
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D52DA8 ] TID: 3824
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C7DDA8 ] TID: 3828
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x89111998 ] TID: 3832
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BD09A0 ] TID: 3836
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89393C30 ] TID: 3840
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89021B38 ] TID: 3844
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892EB928 ] TID: 3852
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C47178 ] TID: 3856
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F53728 ] TID: 3860
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889F9B28 ] TID: 3864
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F89020 ] TID: 3868
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888D8020 ] TID: 3872
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8819BC70 ] TID: 3876
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B78490 ] TID: 3880
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FF5530 ] TID: 3884
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F07AF8 ] TID: 3888
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A31588 ] TID: 3892
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A31310 ] TID: 3896
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D8B7C0 ] TID: 3900
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D8B548 ] TID: 3904
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88319020 ] TID: 3908
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891E19F8 ] TID: 3916
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88839DA8 ] TID: 3920
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x882773C8 ] TID: 3924
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D8B2D0 ] TID: 3928
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8903DDA8 ] TID: 3932
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B7E7C0 ] TID: 3936
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8910EB30 ] TID: 3944
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882F6398 ] TID: 3948, 4325888 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88DD12C8 ] TID: 3952
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8825DB30 ] TID: 3956
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E4E020 ] TID: 3960
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AD2020 ] TID: 3968
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88299B30 ] TID: 3972
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8819EB30 ] TID: 3976
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CFB280 ] TID: 3988
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883D0020 ] TID: 3996
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8930A598 ] TID: 4000
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F897A0 ] TID: 4004
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88191DA8 ] TID: 4008
0x8055C700 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x892ECDA8 ] TID: 4012
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889DA2D0 ] TID: 4020
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D44DA8 ] TID: 4024
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889D2630 ] TID: 4028
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F0C020 ] TID: 4032
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88249528 ] TID: 4044
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8934B828 ] TID: 4048
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EBAB30 ] TID: 4052
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892E3DA8 ] TID: 4056
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8913BC78 ] TID: 4064
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E5BD10 ] TID: 4068
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883C3020 ] TID: 4072
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8930C318 ] TID: 4080
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89124510 ] TID: 4084
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8934DDA8 ] TID: 4088
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882532B0 ] TID: 4100
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CE0C40 ] TID: 4120
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889B52B0 ] TID: 4124
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892DC020 ] TID: 4128
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EC44B8 ] TID: 4132
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x887AFA20 ] TID: 4136
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880F4598 ] TID: 4140
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A04B30 ] TID: 4144
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8862A208 ] TID: 4152
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89053540 ] TID: 4156
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C4AA38 ] TID: 4160
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880C7DA8 ] TID: 4164
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880BADA8 ] TID: 4172
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88365020 ] TID: 4176
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D82830 ] TID: 4180
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88B663C0 ] TID: 4184
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8861E020 ] TID: 4188
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89115020 ] TID: 4192
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BF98D0 ] TID: 4196
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881FB020 ] TID: 4200
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88048020 ] TID: 4204
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8856E020 ] TID: 4208
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x88B6B020 ] TID: 4212
0x8055C700 Faked ServiceTable-->msseces.exe [ ETHREAD 0x8904D750 ] TID: 4216
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88253020 ] TID: 4220
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x892BD3E8 ] TID: 4224
0x8055C700 Faked ServiceTable-->ISUSPM.exe [ ETHREAD 0x8826A3C0 ] TID: 4228
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F00638 ] TID: 4232
0x8055C700 Faked ServiceTable-->RTHDCPL.EXE [ ETHREAD 0x88F20A40 ] TID: 4236
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E1A020 ] TID: 4240
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E4C538 ] TID: 4244
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882997A0 ] TID: 4248
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D8E020 ] TID: 4252
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x891D9BA0 ] TID: 4256
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x88C46020 ] TID: 4260
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C35BF0 ] TID: 4264
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x884BC020 ] TID: 4268
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8A5A1D50 ] TID: 4272, 4325888 bytes
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x891ADB30 ] TID: 4276
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x886351F0 ] TID: 4280
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CC1A38 ] TID: 4284
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B63020 ] TID: 4292
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x893827A0 ] TID: 4296
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8889DBD8 ] TID: 4300
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88451020 ] TID: 4304
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ED9788 ] TID: 4308
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88216DA8 ] TID: 4312
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BBCAD8 ] TID: 4316
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D4DB38 ] TID: 4320
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882EE618 ] TID: 4324
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CE7A18 ] TID: 4328
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BB2230 ] TID: 4332
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D54020 ] TID: 4336
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F71020 ] TID: 4344
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889303D8 ] TID: 4348
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x885B3020 ] TID: 4352
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892F2020 ] TID: 4356
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89344578 ] TID: 4360
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ABFB68 ] TID: 4364
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A67A408 ] TID: 4368
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E73DA8 ] TID: 4372
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888B1020 ] TID: 4376
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x886587E0 ] TID: 4380
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CCCDA8 ] TID: 4384
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8864C020 ] TID: 4388
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8933E020 ] TID: 4392
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E79918 ] TID: 4396
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88729708 ] TID: 4400
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888B83D8 ] TID: 4404
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8873F8D0 ] TID: 4408
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x891B2020 ] TID: 4416
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B6F020 ] TID: 4420
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FA2020 ] TID: 4424
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C92728 ] TID: 4428
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8833F020 ] TID: 4432
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88DE6020 ] TID: 4436
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CDC588 ] TID: 4440
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88C6A020 ] TID: 4444
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B12B38 ] TID: 4448
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D86DA8 ] TID: 4452
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880F3DA8 ] TID: 4456
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89225020 ] TID: 4460
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880F9DA8 ] TID: 4464
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8934E1F0 ] TID: 4468
0x8055C700 Faked ServiceTable-->jucheck.exe [ ETHREAD 0x8832B6D0 ] TID: 4472
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89079020 ] TID: 4476
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8884C020 ] TID: 4480
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E01020 ] TID: 4484
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88467B30 ] TID: 4488
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B30728 ] TID: 4496
0x8055C700 Faked ServiceTable-->PDVDServ.exe [ ETHREAD 0x88B448E0 ] TID: 4500
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8901ACB8 ] TID: 4504
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890B8510 ] TID: 4508
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CE6DA8 ] TID: 4512
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88191B30 ] TID: 4516, 699816 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88BB7BB0 ] TID: 4520, 23190680 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882507A0 ] TID: 4524
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B2C020 ] TID: 4528
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ADA570 ] TID: 4532
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F767B0 ] TID: 4536
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BDC020 ] TID: 4540
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880C0020 ] TID: 4544
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A683A98 ] TID: 4548
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88559B30 ] TID: 4552
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x886A5528 ] TID: 4560, 4325888 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881C5020 ] TID: 4564
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B33BF8 ] TID: 4572
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x88B21370 ] TID: 4576
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D1C540 ] TID: 4580
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B06020 ] TID: 4584
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8830A9F8 ] TID: 4592
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E11360 ] TID: 4596
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89150C78 ] TID: 4600
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DDB3B8 ] TID: 4604
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89220020 ] TID: 4608
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AEB3B8 ] TID: 4620
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884053B8 ] TID: 4628
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88666BC8 ] TID: 4636
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89174AC8 ] TID: 4640
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8878BC08 ] TID: 4648
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89018CB0 ] TID: 4652
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888907A0 ] TID: 4656
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884678B8 ] TID: 4660
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891A1DA8 ] TID: 4664
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88470020 ] TID: 4672
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E7FB58 ] TID: 4676
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881CADA8 ] TID: 4680
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CD92A8 ] TID: 4684
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88197B30 ] TID: 4688
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89088300 ] TID: 4692
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FC3C78 ] TID: 4700
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BBC020 ] TID: 4704
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C5B020 ] TID: 4708
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888A8248 ] TID: 4712
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89393308 ] TID: 4720
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F44928 ] TID: 4724
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A5C2488 ] TID: 4732
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88447DA8 ] TID: 4736
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E9FDA8 ] TID: 4740
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EFB280 ] TID: 4744
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890EF020 ] TID: 4748
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FA7B38 ] TID: 4752
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882D43B8 ] TID: 4756
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F5B7D0 ] TID: 4764
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A7F708 ] TID: 4768
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888C5708 ] TID: 4772
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8925E5D8 ] TID: 4780
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F4B208 ] TID: 4788
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881043B0 ] TID: 4796
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89013020 ] TID: 4800
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8914E3B8 ] TID: 4804
0x8055C700 Faked ServiceTable-->iPodService.exe [ ETHREAD 0x89278020 ] TID: 4808
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B01020 ] TID: 4812
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892E3A98 ] TID: 4816
0x8055C700 Faked ServiceTable-->msseces.exe [ ETHREAD 0x88DF16A0 ] TID: 4820
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8846C740 ] TID: 4824
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C1AB60 ] TID: 4832
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888C0020 ] TID: 4836
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C0E020 ] TID: 4840
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E0AD78 ] TID: 4844
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F05020 ] TID: 4856
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FB1568 ] TID: 4860
0x8055C700 Faked ServiceTable-->SetIcon.exe [ ETHREAD 0x88AD77B8 ] TID: 4864
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C0DDA8 ] TID: 4868
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E008D0 ] TID: 4872
0x8055C700 Faked ServiceTable-->LVComSer.exe [ ETHREAD 0x88D3FCB0 ] TID: 4876
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x893911D0 ] TID: 4880
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ECA3A0 ] TID: 4884
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884518B8 ] TID: 4888, 4325888 bytes
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x891327A8 ] TID: 4896
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8829D7A0 ] TID: 4900
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880497A0 ] TID: 4904
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89177020 ] TID: 4908
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890BF8C0 ] TID: 4920
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D10940 ] TID: 4928
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88E59DA8 ] TID: 4932
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C9F628 ] TID: 4936
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888B2DA8 ] TID: 4940
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C98020 ] TID: 4944
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882577A0 ] TID: 4952
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881912B0 ] TID: 4956
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D1B7F0 ] TID: 4960
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AEDB30 ] TID: 4964
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E09630 ] TID: 4968
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89345D10 ] TID: 4972
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x891B7708 ] TID: 4976
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x886902A0 ] TID: 4980
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892CC020 ] TID: 4984
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880F94A8 ] TID: 4988
0x8055C700 Faked ServiceTable-->Communications_Helper.exe [ ETHREAD 0x88F3A7C0 ] TID: 4992
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B29788 ] TID: 4996
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C5D020 ] TID: 5000
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8849AA48 ] TID: 5004
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FB2DA8 ] TID: 5008
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889F83D8 ] TID: 5012
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8878C020 ] TID: 5016
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A67B6E0 ] TID: 5020
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884D6020 ] TID: 5024
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890D9368 ] TID: 5028
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x886F6DA8 ] TID: 5032
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89147298 ] TID: 5048
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ABF1F0 ] TID: 5056
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8871FDA8 ] TID: 5068
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891B3020 ] TID: 5072
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D86578 ] TID: 5076
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ABDB68 ] TID: 5080
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A68A020 ] TID: 5084
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A64A90 ] TID: 5092
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x886B6020 ] TID: 5096
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888B7B30 ] TID: 5100
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883D5848 ] TID: 5104
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8915ADA8 ] TID: 5108
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B942B0 ] TID: 5112
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BB4358 ] TID: 5116
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888A78D0 ] TID: 5120
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F66DA8 ] TID: 5124
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8855C020 ] TID: 5128
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881F5508 ] TID: 5132
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AF9020 ] TID: 5136
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8931FA38 ] TID: 5140
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88055310 ] TID: 5144
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8904ACD0 ] TID: 5148
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88877320 ] TID: 5152
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881D0B30 ] TID: 5160
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E85780 ] TID: 5164
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DA7020 ] TID: 5168
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A5BDC78 ] TID: 5172
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DD3590 ] TID: 5176
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DEA020 ] TID: 5184
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B4B020 ] TID: 5188
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8904EC78 ] TID: 5192
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889EF020 ] TID: 5200
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8918F2C0 ] TID: 5204
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F14DA8 ] TID: 5208
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x882517A0 ] TID: 5212
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E7A020 ] TID: 5216
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D0E020 ] TID: 5220
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889A0020 ] TID: 5228
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88714D10 ] TID: 5240
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8805EDA8 ] TID: 5244
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F88020 ] TID: 5248
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88747020 ] TID: 5256
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88183528 ] TID: 5264
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F032F0 ] TID: 5268
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8911E1C8 ] TID: 5272
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x886CDDA8 ] TID: 5276
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CF5DA8 ] TID: 5284
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8916D578 ] TID: 5288
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CB5980 ] TID: 5292
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x893AE3B8 ] TID: 5296
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F05848 ] TID: 5300
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x887FE828 ] TID: 5304
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889AEDA8 ] TID: 5308
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D13DA8 ] TID: 5316
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89171DA8 ] TID: 5324
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F248E8 ] TID: 5328
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88700800 ] TID: 5332
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88607A20 ] TID: 5336
0x8055C700 Faked ServiceTable-->Communications_Helper.exe [ ETHREAD 0x88BDFCB0 ] TID: 5340
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EA1020 ] TID: 5344
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883837A0 ] TID: 5348
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891DE5A8 ] TID: 5352
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C94020 ] TID: 5360
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88366DA8 ] TID: 5368
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88482B30 ] TID: 5372
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x89036808 ] TID: 5376
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888BEB40 ] TID: 5388
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889A47B8 ] TID: 5392
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F629F8 ] TID: 5396
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89209710 ] TID: 5400
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A6EC00 ] TID: 5408
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88061DA8 ] TID: 5412
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AC0830 ] TID: 5416
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88B66A38 ] TID: 5424
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A4FD2E8 ] TID: 5428
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889EBAC8 ] TID: 5432
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882497A0 ] TID: 5436
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89344108 ] TID: 5440
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A60FAA8 ] TID: 5448
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891CD728 ] TID: 5456
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89014CA8 ] TID: 5464
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A59CC70 ] TID: 5468
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88468DA8 ] TID: 5472
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88254528 ] TID: 5480
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88760020 ] TID: 5484
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8907BB20 ] TID: 5492
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89199020 ] TID: 5496
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89208DA8 ] TID: 5508
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F6A428 ] TID: 5512
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88485B28 ] TID: 5516
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8914DC40 ] TID: 5520
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ADC900 ] TID: 5524
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x893683E8 ] TID: 5536
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8833D9F0 ] TID: 5540
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8919BD10 ] TID: 5544, 4325888 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C48020 ] TID: 5548
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89260708 ] TID: 5560
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8819DB30 ] TID: 5564
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FAC020 ] TID: 5568
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ED7D10 ] TID: 5572
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FDAB60 ] TID: 5576
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880C23B8 ] TID: 5580
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E7F8E0 ] TID: 5588
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8934C020 ] TID: 5592
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C0D320 ] TID: 5596
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881A78F0 ] TID: 5600
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888197A0 ] TID: 5604
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C8D020 ] TID: 5608
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88251DA8 ] TID: 5612
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A5A1238 ] TID: 5616
0x8055C700 Faked ServiceTable-->msseces.exe [ ETHREAD 0x8938A868 ] TID: 5620
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F76360 ] TID: 5624
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88576020 ] TID: 5628
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89317DA8 ] TID: 5632
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E4CB38 ] TID: 5640
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C84290 ] TID: 5652
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x881DA2D0 ] TID: 5656
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8818CC98 ] TID: 5660
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8826B2C0 ] TID: 5668
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A807C0 ] TID: 5672
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890E1020 ] TID: 5680
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FDB020 ] TID: 5684
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8819CDA8 ] TID: 5700
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880C77A0 ] TID: 5704
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EE1240 ] TID: 5712
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FCD708 ] TID: 5716
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8824FB30 ] TID: 5720
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88447B30 ] TID: 5724
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881883B8 ] TID: 5728
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88839020 ] TID: 5740
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D2B728 ] TID: 5744
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89318500 ] TID: 5748
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88253DA8 ] TID: 5756
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C7D020 ] TID: 5760
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88491020 ] TID: 5764
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ECA9B8 ] TID: 5772
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89145220 ] TID: 5776
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BFB408 ] TID: 5780
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8855F020 ] TID: 5788
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EA9020 ] TID: 5792
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880C53C0 ] TID: 5796
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x881E7020 ] TID: 5800
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891FC640 ] TID: 5804
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E3A020 ] TID: 5808
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891CA480 ] TID: 5812
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880F1A38 ] TID: 5816
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8A5469A0 ] TID: 5820
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DD4540 ] TID: 5824
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881BC020 ] TID: 5828
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B632A8 ] TID: 5832
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88913020 ] TID: 5836, 27312232 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89040328 ] TID: 5840, 23166504 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8819D7A0 ] TID: 5844, 628 bytes
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8926E738 ] TID: 5848
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88331BD8 ] TID: 5852
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E342F8 ] TID: 5856
0x8055C700 Faked ServiceTable-->LVComSer.exe [ ETHREAD 0x88F713F0 ] TID: 5860
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89384D38 ] TID: 5864
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89154DA8 ] TID: 5868
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88B50DA8 ] TID: 5872
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890CC020 ] TID: 5876
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x887C86B8 ] TID: 5880
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89388640 ] TID: 5888
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8914E678 ] TID: 5892
0x8055C700 Faked ServiceTable-->msseces.exe [ ETHREAD 0x88E4E568 ] TID: 5900
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8824E7A0 ] TID: 5904
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F4DBA0 ] TID: 5908
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884587A0 ] TID: 5912
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x891BD508 ] TID: 5916
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883B1020 ] TID: 5920
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8902A988 ] TID: 5924
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C5E020 ] TID: 5928
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882547A0 ] TID: 5932
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x890F19A0 ] TID: 5936
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DCA7A0 ] TID: 5944
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8903F7D8 ] TID: 5948
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884847A0 ] TID: 5956
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88B27448 ] TID: 5960
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88D23140 ] TID: 5964
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888BADA8 ] TID: 5968
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891922A8 ] TID: 5972
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x886951C0 ] TID: 5984
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88FD0020 ] TID: 5988
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x89054998 ] TID: 5992
0x8055C700 Faked ServiceTable-->LVComSer.exe [ ETHREAD 0x88F6A6A0 ] TID: 5996
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883A55F8 ] TID: 6004
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89273020 ] TID: 6016
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891CE020 ] TID: 6024
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8938B020 ] TID: 6028
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DBD1E0 ] TID: 6036
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8931F020 ] TID: 6040
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880BA998 ] TID: 6044
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881A38F0 ] TID: 6048
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8899ADA8 ] TID: 6056
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88050DA8 ] TID: 6060
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BB5DA8 ] TID: 6064
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88050020 ] TID: 6068
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x893883C8 ] TID: 6072
0x8055C700 Faked ServiceTable-->iTunesHelper.exe [ ETHREAD 0x889FB198 ] TID: 6076
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88F8B908 ] TID: 6080
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881F2B30 ] TID: 6084
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891E22E0 ] TID: 6088
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89190670 ] TID: 6092
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x891804A0 ] TID: 6096
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882927B8 ] TID: 6100
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88ABC570 ] TID: 6104
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88EA9B38 ] TID: 6112
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88149020 ] TID: 6120
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x885C33B8 ] TID: 6124
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BAB5B8 ] TID: 6132
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89249DA8 ] TID: 6136
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x891417C8 ] TID: 6140
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882587B8 ] TID: 6148
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x887D9020 ] TID: 6156
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88AE0020 ] TID: 6160
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88546DA8 ] TID: 6164
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882EB3C8 ] TID: 6168
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883F37C0 ] TID: 6172
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884552A0 ] TID: 6176
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88BB6020 ] TID: 6180
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8819FDA8 ] TID: 6184
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88195B30 ] TID: 6188
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883FD020 ] TID: 6196
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881AB9F8 ] TID: 6204
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882983C0 ] TID: 6208
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88448DA8 ] TID: 6212
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882EB7A0 ] TID: 6216
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88048B30 ] TID: 6220
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884178B0 ] TID: 6224
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x882E5330 ] TID: 6228
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881947A0 ] TID: 6240
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88CCC860 ] TID: 6244
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x886D0228 ] TID: 6248
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88188020 ] TID: 6252
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881977A0 ] TID: 6256
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x887714B0 ] TID: 6260
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888C4020 ] TID: 6264
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8812A6F0 ] TID: 6268
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881957A0 ] TID: 6276
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88057B30 ] TID: 6280
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88254DA8 ] TID: 6284
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884BF020 ] TID: 6288
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882D0508 ] TID: 6292
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88C12020 ] TID: 6296
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883B5020 ] TID: 6300
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x881E73B8 ] TID: 6304
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881A47A0 ] TID: 6308
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88756020 ] TID: 6312
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88929998 ] TID: 6316
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88531020 ] TID: 6320
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x884A5B58 ] TID: 6328
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x89232020 ] TID: 6336
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x885B1BE0 ] TID: 6340
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882FA020 ] TID: 6344
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x886B48D8 ] TID: 6352
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882D5020 ] TID: 6356
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88328B80 ] TID: 6360
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x888AE3B8 ] TID: 6364
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88620020 ] TID: 6368
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88253B30 ] TID: 6372
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x889EB020 ] TID: 6380
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88815020 ] TID: 6384
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x885677A0 ] TID: 6388
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882683B8 ] TID: 6392
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x885F3B58 ] TID: 6396
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8853A750 ] TID: 6400
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8830F3B8 ] TID: 6408
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88250B30 ] TID: 6412
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883F4020 ] TID: 6416
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x887D6868 ] TID: 6420
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883AD708 ] TID: 6424
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x890F87B0 ] TID: 6432
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x882F8398 ] TID: 6436
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88298020 ] TID: 6440
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881EFDA8 ] TID: 6448
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88296020 ] TID: 6452
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8826ADA8 ] TID: 6456
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88409410 ] TID: 6460
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88581B30 ] TID: 6464
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8834CDA8 ] TID: 6468
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88E7D020 ] TID: 6472
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x885AC7C0 ] TID: 6480
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88834020 ] TID: 6484
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x885F33C8 ] TID: 6492
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8818D170 ] TID: 6504
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x892B67A0 ] TID: 6508
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88186368 ] TID: 6516
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88217020 ] TID: 6520
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88313020 ] TID: 6524
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8819E7A0 ] TID: 6528
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883C0B38 ] TID: 6532
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880CCDA8 ] TID: 6536
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88DE5290 ] TID: 6540
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881F3818 ] TID: 6544
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88328020 ] TID: 6548
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8847BA20 ] TID: 6552
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88485DA8 ] TID: 6560
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88597020 ] TID: 6564
0x8055C700 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x881DE7B0 ] TID: 6568
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x882FE3D8 ] TID: 6572
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88449DA8 ] TID: 6580
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88265340 ] TID: 6584
0x8055C700 Faked ServiceTable-->MsMpEng.exe [ ETHREAD 0x8824DDA8 ] TID: 6588
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x885FA020 ] TID: 6592
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8811AD10 ] TID: 6596
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x885F98D0 ] TID: 6600
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8810B020 ] TID: 6604
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880F4C98 ] TID: 6608
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881993D8 ] TID: 6612
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88512C90 ] TID: 6616
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88255B40 ] TID: 6624
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x885EEAD8 ] TID: 6628
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x881CF310 ] TID: 6640
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x883423B8 ] TID: 6652
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8860CBA0 ] TID: 6656
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8852F020 ] TID: 6664
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8910BDA8 ] TID: 6668
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88323020 ] TID: 6672
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x885637A0 ] TID: 6676
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88580020 ] TID: 6680
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88622020 ] TID: 6684
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x884FC7B0 ] TID: 6688
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x880EAA90 ] TID: 6692
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x8844F7A0 ] TID: 6704
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88A78020 ] TID: 6708
0x8055C700 Faked ServiceTable-->LVPrcSrv.exe [ ETHREAD 0x88264B30 ] TID: 6712
0x8055C700 Faked ServiceTable-->chrome.exe [ ETHREAD 0x88F4EDA8 ] TID: 6716
0x8A6FBBF5 Unknown page with executable code, 1035 bytes
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
0x8A6F73CC Unknown page with executable code, 3124 bytes
WARNING: Virus alike driver modification [atmepvc.sys]
0x8A6FA30A Unknown page with executable code, 3318 bytes
WARNING: Virus alike driver modification [rawwan.sys]
0x8A6F628A Unknown page with executable code, 3446 bytes
WARNING: Virus alike driver modification [atmuni.sys]
0x8A6FC143 Unknown page with executable code, 3773 bytes
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
0xB80C8000 WARNING: Virus alike driver modification [VolSnap.sys], 53248 bytes
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
0x8A6FA53C Unknown thread object [ ETHREAD 0x8A778A70 ] TID: 128, 600 bytes
0x8A6FC52D Unknown thread object [ ETHREAD 0x8A7787F8 ] TID: 132, 600 bytes
0x8A6FA23F Unknown thread object [ ETHREAD 0x8A6937B8 ] , 600 bytes
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [nvraid.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [NvAtaBus.sys]

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 PM

Posted 12 January 2011 - 06:30 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 SpeckSlayer

SpeckSlayer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 12 January 2011 - 07:28 PM

Followed instructions above and ComboFix caused a fatal error and I got the BSoD.

I attempted is multiple times, including an attempt in SM, with the same result.

:)

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 PM

Posted 13 January 2011 - 02:34 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

Edited by gringo_pr, 13 January 2011 - 02:35 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 SpeckSlayer

SpeckSlayer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 13 January 2011 - 07:48 AM

TDDSKiller Worked this time here is the log


2011/01/13 07:37:36.0343 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/13 07:37:36.0343 ================================================================================
2011/01/13 07:37:36.0343 SystemInfo:
2011/01/13 07:37:36.0343
2011/01/13 07:37:36.0343 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/13 07:37:36.0343 Product type: Workstation
2011/01/13 07:37:36.0343 ComputerName: REDCUP-1
2011/01/13 07:37:36.0343 UserName: Brad
2011/01/13 07:37:36.0343 Windows directory: F:\WINDOWS
2011/01/13 07:37:36.0343 System windows directory: F:\WINDOWS
2011/01/13 07:37:36.0343 Processor architecture: Intel x86
2011/01/13 07:37:36.0343 Number of processors: 3
2011/01/13 07:37:36.0343 Page size: 0x1000
2011/01/13 07:37:36.0343 Boot type: Normal boot
2011/01/13 07:37:36.0343 ================================================================================
2011/01/13 07:37:36.0546 Initialize success
2011/01/13 07:37:44.0625 ================================================================================
2011/01/13 07:37:44.0625 Scan started
2011/01/13 07:37:44.0625 Mode: Manual;
2011/01/13 07:37:44.0625 ================================================================================
2011/01/13 07:37:45.0468 ACPI (8fd99680a539792a30e97944fdaecf17) F:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/13 07:37:45.0500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) F:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/13 07:37:45.0578 aec (8bed39e3c35d6a489438b8141717a557) F:\WINDOWS\system32\drivers\aec.sys
2011/01/13 07:37:45.0609 AFD (7e775010ef291da96ad17ca4b17137d7) F:\WINDOWS\System32\drivers\afd.sys
2011/01/13 07:37:45.0781 ALCXWDM (92ae420be14b0d97d14dac4aba22a702) F:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/01/13 07:37:46.0046 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) F:\WINDOWS\system32\drivers\Ambfilt.sys
2011/01/13 07:37:46.0156 AmdPPM (033448d435e65c4bd72e70521fd05c76) F:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/01/13 07:37:46.0281 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) F:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/13 07:37:46.0312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) F:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/13 07:37:46.0359 Atmarpc (9916c1225104ba14794209cfa8012159) F:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/13 07:37:46.0421 audstub (d9f724aa26c010a217c97606b160ed68) F:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/13 07:37:46.0453 Beep (da1f27d85e0d1525f6621372e7b685e9) F:\WINDOWS\system32\drivers\Beep.sys
2011/01/13 07:37:46.0500 BIOS (be5d50529799b9bab6be879ec768b6cf) F:\WINDOWS\system32\drivers\BIOS.sys
2011/01/13 07:37:46.0546 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) F:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/13 07:37:46.0578 CCDECODE (0be5aef125be881c4f854c554f2b025c) F:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/13 07:37:46.0656 Cdaudio (c1b486a7658353d33a10cc15211a873b) F:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/13 07:37:46.0687 Cdfs (c885b02847f5d2fd45a24e219ed93b32) F:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/13 07:37:46.0703 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) F:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/13 07:37:46.0734 cercsr6 (84853b3fd012251690570e9e7e43343f) F:\WINDOWS\system32\drivers\cercsr6.sys
2011/01/13 07:37:46.0875 CrystalSysInfo (f054744f67576a01139885173392502b) F:\Program Files\MediaCoder\SysInfo.sys
2011/01/13 07:37:46.0953 Disk (044452051f3e02e7963599fc8f4f3e25) F:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/13 07:37:47.0000 dmboot (d992fe1274bde0f84ad826acae022a41) F:\WINDOWS\system32\drivers\dmboot.sys
2011/01/13 07:37:47.0062 dmio (7c824cf7bbde77d95c08005717a95f6f) F:\WINDOWS\system32\drivers\dmio.sys
2011/01/13 07:37:47.0125 dmload (e9317282a63ca4d188c0df5e09c6ac5f) F:\WINDOWS\system32\drivers\dmload.sys
2011/01/13 07:37:47.0140 DMusic (8a208dfcf89792a484e76c40e5f50b45) F:\WINDOWS\system32\drivers\DMusic.sys
2011/01/13 07:37:47.0203 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) F:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/13 07:37:47.0250 Fastfat (38d332a6d56af32635675f132548343e) F:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/13 07:37:47.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) F:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/13 07:37:47.0328 FilterService (50104c5f1ee1e295781caf9521ca2e56) F:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/01/13 07:37:47.0343 Fips (d45926117eb9fa946a6af572fbe1caa3) F:\WINDOWS\system32\drivers\Fips.sys
2011/01/13 07:37:47.0359 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) F:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/13 07:37:47.0421 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) F:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/13 07:37:47.0453 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) F:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/13 07:37:47.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) F:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/13 07:37:47.0500 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) F:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/01/13 07:37:47.0531 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) F:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/13 07:37:47.0593 HDAudBus (573c7d0a32852b48f3058cfd8026f511) F:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/13 07:37:47.0640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) F:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/13 07:37:47.0765 HTTP (f80a415ef82cd06ffaf0d971528ead38) F:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/13 07:37:47.0812 hwinterface (448bb2fe30f1dde9eaa4f0e87b52b687) F:\WINDOWS\system32\Drivers\hwinterface.sys
2011/01/13 07:37:47.0875 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) F:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/13 07:37:47.0921 Imapi (083a052659f5310dd8b6a6cb05edcf8e) F:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/13 07:37:48.0203 IntcAzAudAddService (3fa02c6e3e9ebe8523a2d4e51d0ece1f) F:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/01/13 07:37:48.0312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) F:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/13 07:37:48.0359 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) F:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/13 07:37:48.0406 IpInIp (b87ab476dcf76e72010632b5550955f5) F:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/13 07:37:48.0437 IpNat (cc748ea12c6effde940ee98098bf96bb) F:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/13 07:37:48.0468 IPSec (23c74d75e36e7158768dd63d92789a91) F:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/13 07:37:48.0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) F:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/13 07:37:48.0531 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) F:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/13 07:37:48.0546 Kbdclass (463c1ec80cd17420a542b7f36a36f128) F:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/13 07:37:48.0578 kbdhid (9ef487a186dea361aa06913a75b3fa99) F:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/13 07:37:48.0625 kmixer (692bcf44383d056aed41b045a323d378) F:\WINDOWS\system32\drivers\kmixer.sys
2011/01/13 07:37:48.0703 KSecDD (b467646c54cc746128904e1654c750c1) F:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/13 07:37:48.0796 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) F:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/01/13 07:37:48.0859 LVRS (b895839b8743e400d7c7dae156f74e7e) F:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/01/13 07:37:48.0890 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) F:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/01/13 07:37:49.0015 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) F:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/01/13 07:37:49.0156 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) F:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/13 07:37:49.0218 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) F:\WINDOWS\system32\drivers\Modem.sys
2011/01/13 07:37:49.0375 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) F:\WINDOWS\system32\drivers\Monfilt.sys
2011/01/13 07:37:49.0406 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) F:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/13 07:37:49.0453 mouhid (b1c303e17fb9d46e87a98e4ba6769685) F:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/13 07:37:49.0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) F:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/13 07:37:49.0515 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) F:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/01/13 07:37:49.0578 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) F:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/13 07:37:49.0671 MRxSmb (f3aefb11abc521122b67095044169e98) F:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/13 07:37:49.0750 Msfs (c941ea2454ba8350021d774daf0f1027) F:\WINDOWS\system32\drivers\Msfs.sys
2011/01/13 07:37:49.0781 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) F:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/13 07:37:49.0812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) F:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/13 07:37:49.0843 MSPQM (bad59648ba099da4a17680b39730cb3d) F:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/13 07:37:49.0890 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) F:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/13 07:37:49.0921 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) F:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/13 07:37:49.0937 Mup (2f625d11385b1a94360bfc70aaefdee1) F:\WINDOWS\system32\drivers\Mup.sys
2011/01/13 07:37:49.0984 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/13 07:37:50.0031 NDIS (1df7f42665c94b825322fae71721130d) F:\WINDOWS\system32\drivers\NDIS.sys
2011/01/13 07:37:50.0062 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) F:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/13 07:37:50.0093 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) F:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/13 07:37:50.0109 Ndisuio (f927a4434c5028758a842943ef1a3849) F:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/13 07:37:50.0140 NdisWan (edc1531a49c80614b2cfda43ca8659ab) F:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/13 07:37:50.0171 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) F:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/13 07:37:50.0203 NEOFLTR_540_11359 (30ad5e9b8f1d3a41bfcf66e60c70d53c) F:\WINDOWS\system32\Drivers\NEOFLTR_540_11359.SYS
2011/01/13 07:37:50.0218 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) F:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/13 07:37:50.0250 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) F:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/13 07:37:50.0296 Npfs (3182d64ae053d6fb034f44b6def8034a) F:\WINDOWS\system32\drivers\Npfs.sys
2011/01/13 07:37:50.0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) F:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/13 07:37:50.0468 NuidFltr (cf7e041663119e09d2e118521ada9300) F:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/01/13 07:37:50.0718 Null (73c1e1f395918bc2c6dd67af7591a3ad) F:\WINDOWS\system32\drivers\Null.sys
2011/01/13 07:37:51.0468 nv (a05d99cbf55eb493c9e82b4bca848ef5) F:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/13 07:37:51.0843 nvata (11d1ad7e946538e02f9ef6a6e1792061) F:\WINDOWS\system32\DRIVERS\nvata.sys
2011/01/13 07:37:51.0906 NVENETFD (7d275ecda4628318912f6c945d5cf963) F:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/01/13 07:37:51.0968 nvgts (ea98bfe4931bd13d747d647c1859796e) F:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/01/13 07:37:52.0000 nvnetbus (b64aacefad2be5bff5353fe681253c67) F:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/01/13 07:37:52.0046 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) F:\WINDOWS\system32\DRIVERS\nvsmu.sys
2011/01/13 07:37:52.0093 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) F:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/13 07:37:52.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) F:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/13 07:37:52.0187 Parport (5575faf8f97ce5e713d108c2a58d7c7c) F:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/13 07:37:52.0218 PartMgr (beb3ba25197665d82ec7065b724171c6) F:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/13 07:37:52.0265 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) F:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/13 07:37:52.0296 PCI (a219903ccf74233761d92bef471a07b1) F:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/13 07:37:52.0375 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) F:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/13 07:37:52.0406 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) F:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/13 07:37:52.0593 pfc (444f122e68db44c0589227781f3c8b3f) F:\WINDOWS\system32\drivers\pfc.sys
2011/01/13 07:37:52.0625 Point32 (cf7c1868b90c90a265fc3f60ce46265b) F:\WINDOWS\system32\DRIVERS\point32.sys
2011/01/13 07:37:52.0671 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) F:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/13 07:37:52.0687 Processor (a32bebaf723557681bfc6bd93e98bd26) F:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/13 07:37:52.0718 PSched (09298ec810b07e5d582cb3a3f9255424) F:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/13 07:37:52.0765 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) F:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/13 07:37:52.0812 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) F:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/13 07:37:52.0937 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) F:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/13 07:37:52.0984 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) F:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/13 07:37:53.0015 RasPppoe (5bc962f2654137c9909c3d4603587dee) F:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/13 07:37:53.0031 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) F:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/13 07:37:53.0078 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) F:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/13 07:37:53.0109 RDPCDD (4912d5b403614ce99c28420f75353332) F:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/13 07:37:53.0140 rdpdr (15cabd0f7c00c47c70124907916af3f1) F:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/13 07:37:53.0187 RDPWD (6728e45b66f93c08f11de2e316fc70dd) F:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/13 07:37:53.0218 redbook (f828dd7e1419b6653894a8f97a0094c5) F:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/13 07:37:53.0296 RimUsb (5ec6fa6386ab2580b5ae3cf39ac1dfaf) F:\WINDOWS\system32\Drivers\RimUsb.sys
2011/01/13 07:37:53.0328 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) F:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/01/13 07:37:53.0390 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) F:\WINDOWS\system32\Drivers\RootMdm.sys
2011/01/13 07:37:53.0484 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) F:\WINDOWS\system32\drivers\SCDEmu.sys
2011/01/13 07:37:53.0546 Secdrv (90a3935d05b494a5a39d37e71f09a677) F:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/13 07:37:53.0578 serenum (0f29512ccd6bead730039fb4bd2c85ce) F:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/13 07:37:53.0625 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) F:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/13 07:37:53.0671 sfdrv01 (4c0d673281178cb496011a2e28571fc8) F:\WINDOWS\system32\drivers\sfdrv01.sys
2011/01/13 07:37:53.0718 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) F:\WINDOWS\system32\drivers\sfhlp02.sys
2011/01/13 07:37:53.0734 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) F:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/13 07:37:53.0765 sfvfs02 (9ef50060cc7e6953bab83f2a42ccc421) F:\WINDOWS\system32\drivers\sfvfs02.sys
2011/01/13 07:37:53.0828 SLIP (866d538ebe33709a5c9f5c62b73b7d14) F:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/13 07:37:53.0953 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) F:\WINDOWS\system32\drivers\splitter.sys
2011/01/13 07:37:54.0000 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) F:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/13 07:37:54.0078 Srv (0f6aefad3641a657e18081f52d0c15af) F:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/13 07:37:54.0156 sst8C (75d4f2bb0635ca2521c31e7f8c561249) F:\WINDOWS\system32\drivers\sst8C.sys
2011/01/13 07:37:54.0203 sst8D (75d4f2bb0635ca2521c31e7f8c561249) F:\WINDOWS\system32\drivers\sst8D.sys
2011/01/13 07:37:54.0328 streamip (77813007ba6265c4b6098187e6ed79d2) F:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/13 07:37:54.0406 swenum (3941d127aef12e93addf6fe6ee027e0f) F:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/13 07:37:54.0453 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) F:\WINDOWS\system32\drivers\swmidi.sys
2011/01/13 07:37:54.0656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) F:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/13 07:37:54.0875 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) F:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/13 07:37:55.0062 TDPIPE (6471a66807f5e104e4885f5b67349397) F:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/13 07:37:55.0218 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) F:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/13 07:37:55.0593 TermDD (88155247177638048422893737429d9e) F:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/13 07:37:55.0765 tmrkb (34ab6cec937cef8940eed356c46f5a45) F:\WINDOWS\system32\drivers\tmrkb.sys
2011/01/13 07:37:55.0765 Suspicious file (Forged): F:\WINDOWS\system32\drivers\tmrkb.sys. Real md5: 34ab6cec937cef8940eed356c46f5a45, Fake md5: b4c4030354cda45605410f9749908ce5
2011/01/13 07:37:55.0765 tmrkb - detected Forged file (1)
2011/01/13 07:37:55.0984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) F:\WINDOWS\system32\drivers\Udfs.sys
2011/01/13 07:37:56.0203 Update (402ddc88356b1bac0ee3dd1580c76a31) F:\WINDOWS\system32\DRIVERS\update.sys
2011/01/13 07:37:56.0703 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) F:\WINDOWS\system32\Drivers\usbaapl.sys
2011/01/13 07:37:56.0875 usbaudio (e919708db44ed8543a7c017953148330) F:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/13 07:37:56.0906 usbccgp (173f317ce0db8e21322e71b7e60a27e8) F:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/13 07:37:57.0000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) F:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/13 07:37:57.0062 usbhub (1ab3cdde553b6e064d2e754efe20285c) F:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/13 07:37:57.0140 usbohci (0daecce65366ea32b162f85f07c6753b) F:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/13 07:37:57.0218 usbprint (a717c8721046828520c9edf31288fc00) F:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/13 07:37:57.0312 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) F:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/13 07:37:57.0500 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/13 07:37:57.0671 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) F:\WINDOWS\System32\drivers\vga.sys
2011/01/13 07:37:57.0843 VolSnap (0fd6d2221c85dafe1a1a149972463458) F:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/13 07:37:57.0843 Suspicious file (Forged): F:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 0fd6d2221c85dafe1a1a149972463458, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/01/13 07:37:57.0843 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/01/13 07:37:57.0984 Wanarp (e20b95baedb550f32dd489265c1da1f6) F:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/13 07:37:58.0218 Wdf01000 (fd47474bd21794508af449d9d91af6e6) F:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/01/13 07:37:58.0609 wdmaud (6768acf64b18196494413695f0c3a00f) F:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/13 07:37:58.0906 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) F:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/13 07:37:59.0015 WSTCODEC (c98b39829c2bbd34e454150633c62c78) F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/13 07:37:59.0171 WudfPf (f15feafffbb3644ccc80c5da584e6311) F:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/13 07:37:59.0234 WudfRd (28b524262bce6de1f7ef9f510ba3985b) F:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/13 07:38:00.0406 ================================================================================
2011/01/13 07:38:00.0406 Scan finished
2011/01/13 07:38:00.0406 ================================================================================
2011/01/13 07:38:00.0421 Detected object count: 2
2011/01/13 07:39:03.0125 Forged file(tmrkb) - User select action: Skip
2011/01/13 07:39:03.0218 VolSnap (0fd6d2221c85dafe1a1a149972463458) F:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/13 07:39:03.0218 Suspicious file (Forged): F:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 0fd6d2221c85dafe1a1a149972463458, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/01/13 07:39:03.0421 Backup copy found, using it..
2011/01/13 07:39:03.0421 F:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/01/13 07:39:03.0421 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/01/13 07:39:09.0031 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 PM

Posted 13 January 2011 - 08:14 AM

Hello

Very good now try to rerun combofix for me again


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 SpeckSlayer

SpeckSlayer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 13 January 2011 - 09:10 AM

ComboFix ran without Error. However, it removed a piece of software that I dont believe to be a virus/malware. It is my task manager "Anvir". Should/can I recover it?

I don't think I've said this enough. THANK YOU, THANK YOU for your Help!

ComboFix log below.

ComboFix 11-01-11.03 - Brad 01/13/2011 8:35.1.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1404 [GMT -5:00]
Running from: f:\documents and settings\Brad\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\Brad\Local Settings\Application Data\{861AFE65-B403-4CB7-BBB1-8DDC55EA966D}
f:\documents and settings\Brad\Local Settings\Application Data\{861AFE65-B403-4CB7-BBB1-8DDC55EA966D}\chrome.manifest
f:\documents and settings\Brad\Local Settings\Application Data\{861AFE65-B403-4CB7-BBB1-8DDC55EA966D}\chrome\content\_cfg.js
f:\documents and settings\Brad\Local Settings\Application Data\{861AFE65-B403-4CB7-BBB1-8DDC55EA966D}\chrome\content\overlay.xul
f:\documents and settings\Brad\Local Settings\Application Data\{861AFE65-B403-4CB7-BBB1-8DDC55EA966D}\install.rdf
f:\documents and settings\Brad\Start Menu\Programs\System Tool
f:\documents and settings\Brad\Start Menu\Programs\System Tool\System Tool 2011.lnk
f:\documents and settings\Tracy\Desktop\tagasaurus.exe
f:\progra~1\COMMON~1\{5C6C3~1
f:\progra~1\COMMON~1\{5C6C3~2
f:\program files\AnVir Task Manager\AnVIr.exe
f:\program files\asembl~1
f:\program files\Common Files\appatc~1
f:\program files\Common Files\crosof~1
f:\program files\Common Files\curity~1
f:\program files\Common Files\fnts~1
f:\program files\Common Files\icroso~1.net
f:\program files\Common Files\mbols~1
f:\program files\Common Files\mcroso~1.net
f:\program files\Common Files\racle~1
f:\program files\Common Files\racle~2
f:\program files\Common Files\scurit~1
f:\program files\Common Files\sks~1
f:\program files\Common Files\smante~1
f:\program files\Common Files\smbols~1
f:\program files\Common Files\ssembl~1
f:\program files\Common Files\sstem3~1
f:\program files\Common Files\stem32~1
f:\program files\Common Files\wnsxs~1
f:\program files\Common Files\ystem3~1
f:\program files\dobe~1
f:\program files\driver
f:\program files\ecurit~1
f:\program files\mbols~1
f:\program files\mcroso~1.net
f:\program files\ppatch~1
f:\program files\racle~1
f:\program files\racle~2
f:\program files\sks~1
f:\program files\smante~1
f:\program files\sstem~1
f:\program files\wnsxs~1
f:\program files\ymante~1
f:\program files\ymbols~1
f:\program files\ystem~1
f:\windows\appatc~1
f:\windows\asembl~1
f:\windows\crosof~1.net
f:\windows\icroso~1
f:\windows\icroso~1.net
f:\windows\mantec~1
f:\windows\mbols~1
f:\windows\ppatch~1
f:\windows\racle~1
f:\windows\scurit~1
f:\windows\sks~1
f:\windows\smbols~1
f:\windows\ssembl~1
f:\windows\system32\asembl~1
f:\windows\system32\asks~1
f:\windows\system32\Cache
f:\windows\system32\ccrpTmr6.dll
f:\windows\system32\crosof~1
f:\windows\system32\drivers\hwinterface.sys
f:\windows\system32\drivers\sst8C.sys
f:\windows\system32\drivers\sst8D.sys
f:\windows\system32\fnts~1
f:\windows\system32\gyavkgjp.ini
f:\windows\system32\icroso~1.net
f:\windows\system32\ppatch~1
f:\windows\system32\pppatc~1
f:\windows\system32\prutv.bak1
f:\windows\system32\prutv.ini
f:\windows\system32\rhskwnhw.ini
f:\windows\system32\ssembl~1
f:\windows\system32\sstem~1
f:\windows\system32\sstem3~1
f:\windows\system32\stem~1
f:\windows\system32\vybeg.ini
f:\windows\system32\wnsxs~1
f:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_hwinterface
-------\Legacy_sst8C
-------\Legacy_sst8D
-------\Service_hwinterface
-------\Service_sst8C
-------\Service_sst8D


((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.

2011-01-13 12:52 . 2010-11-10 01:33 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF05D7E5-0832-4CE6-9217-1F1496216BFA}\mpengine.dll
2011-01-08 15:46 . 2011-01-08 15:46 -------- d-----w- f:\documents and settings\Brad\Local Settings\Application Data\Unity
2011-01-08 02:53 . 2011-01-08 03:04 -------- d-----w- f:\program files\TweakNow PowerPack 2010
2011-01-08 02:53 . 2011-01-08 02:53 -------- d-----w- f:\documents and settings\Brad\Application Data\TweakNow PowerPack 2010
2011-01-08 02:32 . 2011-01-08 02:32 -------- d-----w- f:\program files\ESET
2011-01-08 02:07 . 2011-01-08 02:07 -------- d-----w- f:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
2011-01-08 02:07 . 2011-01-08 02:07 -------- d-----w- f:\program files\Frontline Registry Cleaner
2011-01-08 00:55 . 2011-01-08 00:55 -------- d-----w- f:\documents and settings\Brad\log
2011-01-08 00:55 . 2011-01-08 00:55 190032 ----a-w- f:\windows\system32\drivers\tmcomm.sys
2011-01-08 00:55 . 2011-01-08 00:55 56400 ----a-w- f:\windows\system32\drivers\tmrkb.sys
2011-01-08 00:48 . 2011-01-08 00:48 388096 ----a-r- f:\documents and settings\Brad\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-01-08 00:48 . 2011-01-08 00:48 -------- d-----w- f:\program files\TrendMicro
2011-01-07 00:14 . 2010-11-10 01:33 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-05 15:13 . 2011-01-05 15:14 -------- d-----w- f:\program files\Microsoft Security Client
2011-01-04 06:52 . 2010-11-16 17:01 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{5E893E9F-B6E6-40FA-A825-1E2918AAAFCA}\mpengine.dll
2011-01-03 12:45 . 2011-01-03 12:45 0 ----a-w- f:\windows\system32\drivers\sst8D.tmp
2011-01-03 12:45 . 2011-01-03 12:45 0 ----a-w- f:\windows\system32\drivers\sst8C.tmp
2010-12-18 18:46 . 2010-12-18 18:46 -------- d-----w- f:\documents and settings\Brad\Application Data\Malwarebytes
2010-12-18 18:29 . 2010-12-18 18:29 -------- d-----w- f:\documents and settings\Tracy\Application Data\Malwarebytes
2010-12-18 18:29 . 2010-12-20 23:09 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 18:29 . 2010-12-18 18:29 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-18 18:29 . 2011-01-05 14:41 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2010-12-18 18:29 . 2010-12-20 23:08 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-12-15 21:56 . 2010-11-02 15:17 40960 -c----w- f:\windows\system32\dllcache\ndproxy.sys
2010-12-15 21:55 . 2010-10-11 14:59 45568 -c----w- f:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 12:40 . 2004-08-04 12:00 52352 ----a-w- f:\windows\system32\drivers\volsnap.sys
2010-11-18 18:12 . 2006-04-12 09:54 81920 ----a-w- f:\windows\system32\isign32.dll
2010-11-16 17:01 . 2008-02-06 07:07 6273872 ------w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2010-11-16 17:01 . 2006-04-14 21:30 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-09 14:52 . 2004-08-04 12:00 249856 ----a-w- f:\windows\system32\odbc32.dll
2010-11-07 05:11 . 2007-03-17 17:24 15256 ----a-w- f:\documents and settings\Tracy\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2010-11-06 00:34 . 2004-08-04 12:00 832512 ----a-w- f:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-04 12:00 78336 ----a-w- f:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-04 12:00 1830912 ----a-w- f:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-04 12:00 17408 ----a-w- f:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-04 12:00 389120 ----a-w- f:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- f:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- f:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- f:\windows\system32\win32k.sys
2010-10-25 02:25 . 2010-10-25 02:25 165264 ----a-w- f:\windows\system32\drivers\MpFilter.sys
2010-10-19 20:51 . 2009-10-02 22:27 222080 ------w- f:\windows\system32\MpSigStub.exe
2004-03-11 17:27 . 2006-04-11 22:59 40960 ----a-w- f:\program files\Uninstall_CDS.exe
2008-12-17 23:33 . 2008-12-17 23:33 122880 ----a-w- f:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="f:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"BitTorrent DNA"="f:\program files\DNA\btdna.exe" [2009-11-13 323392]
"ISUSPM"="f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"MP4 Player"="f:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="f:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"SunJavaUpdateSched"="f:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
"SetIcon"="\Program Files\SMSC\SetIcon.exe" [2004-04-28 42496]
"PWRISOVM.EXE"="f:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"RoxWatchTray"="f:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 228088]
"Google Desktop Search"="f:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-17 30192]
"itype"="f:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="f:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"LogitechCommunicationsManager"="f:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"Monitor"="f:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"MSC"="f:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="f:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\system32\\mmc.exe"=
"f:\\StubInstaller.exe"=
"f:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"f:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"f:\\Program Files\\Sony Pictures Games\\JEOPARDY!\\JEOPARDY!.exe"=
"f:\\Program Files\\Sony Pictures Games\\Rock and Roll JEOPARDY!\\Rock & Roll JEOPARDY!.exe"=
"f:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"f:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"f:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"f:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"f:\\WINDOWS\\system32\\java.exe"=
"f:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"f:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamUI.exe"=
"f:\\Program Files\\BitTorrent\\bittorrent.exe"=
"f:\\Program Files\\Research In Motion\\BlackBerry VS8 Plugin\\bin\\MDS.NET.AGController.exe"=
"f:\\Program Files\\Research In Motion\\BlackBerry VS8 Plugin\\MDS Services\\jre\\bin\\java.exe"=
"f:\\Program Files\\Research In Motion\\BlackBerry VS8 Plugin\\handheld\\simulator\\fledge.exe"=
"f:\\Program Files\\DNA\\btdna.exe"=
"f:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCGui.exe"=
"f:\\Program Files\\SMART Technologies\\SMART Product Drivers\\SMARTSNMPAgent.exe"=
"f:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCService.exe"=
"f:\\Program Files\\SMART Technologies\\SMART Product Drivers\\WebServer.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 BIOS;BIOS;f:\windows\system32\drivers\BIOS.sys [4/12/2006 5:03 AM 13696]
R1 NEOFLTR_540_11359;Juniper Networks TDI Filter Driver (NEOFLTR_540_11359);f:\windows\system32\drivers\NEOFLTR_540_11359.sys [11/30/2006 1:31 AM 57559]
R2 SMART Display Controller;SMART Display Controller;f:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [1/5/2010 12:43 PM 779560]
R2 TomTomHOMEService;TomTomHOMEService;f:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 7:46 AM 92008]
S2 gupdate1c9fd1cac020f1c;Google Update Service (gupdate1c9fd1cac020f1c);f:\program files\Google\Update\GoogleUpdate.exe [7/4/2009 9:59 PM 133104]
S2 tmrkb;tmrkb;f:\windows\system32\drivers\tmrkb.sys [1/7/2011 7:55 PM 56400]
S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [9/8/2010 7:25 AM 1684736]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;f:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/17/2008 6:32 PM 30192]
S3 KProcWatch;KProcWatch;\??\f:\windows\system32\drivers\KProcWatch.sys --> f:\windows\system32\drivers\KProcWatch.sys [?]
S3 MdsTomcat;BlackBerry MDS Services - Apache Tomcat Service;f:\program files\Research In Motion\BlackBerry VS8 Plugin\MDS Services\bin\javaservice.exe [9/26/2007 10:05 AM 102400]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;f:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [1/5/2010 12:44 PM 1053992]
S3 SMART Web Server;SMART Web Server;f:\program files\SMART Technologies\SMART Product Drivers\WebServer.exe [1/5/2010 12:44 PM 1262888]
S3 WinDefend;Windows Defender;f:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
.
Contents of the 'Scheduled Tasks' folder

2010-12-25 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2011-01-08 f:\windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Brad.job
- f:\program files\Frontline Registry Cleaner\FrontlineRegistryCleaner.exe [2010-05-11 22:20]

2011-01-13 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-07-05 02:59]

2011-01-13 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-07-05 02:59]

2011-01-13 f:\windows\Tasks\MP Scheduled Scan.job
- f:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = https://remote.cintas.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cintas.com\remote
DPF: {A60CCC4B-A858-11D1-91CB-00805F3E69CD} - hxxps://remote.cintas.com/launch/LaunchFilenet.CAB,DanaInfo=home5.cintas.com+
FF - ProfilePath - f:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\q22ok9ix.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: TorrentBar: {7b821b0e-b102-4f9b-b6e3-433ede1fe379} - %profile%\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
FF - Ext: InstantAction.com Game Launcher: iaplayer@instantaction.com - %profile%\extensions\iaplayer@instantaction.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - f:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - f:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: SMART Notebook Extension: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262} - f:\program files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AnVir Task Manager - f:\program files\AnVir Task Manager\AnVir.exe
HKLM-Run-PicasaNet - f:\program files\Hello\Hello.exe
Notify-ljjhiih - ljjhiih.dll
SafeBoot-klmdb.sys
AddRemove-AnVir Task Manager - f:\program files\AnVir Task Manager\AnVir.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 08:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-764733703-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:63,dc,e0,e2,cf,80,8e,1f,b8,6d,48,02,a4,9f,47,41,01,e7,00,ae,5f,
6f,27,48,e6,19,77,c5,d2,90,d9,06,36,85,85,48,0d,54,fd,3a,eb,d6,3a,8e,76,62,\
"rkeysecu"=hex:09,b5,f7,90,16,45,64,30,c3,da,15,11,84,a5,c3,16
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4720)
f:\windows\system32\WININET.dll
f:\windows\TEMP\logishrd\LVPrcInj01.dll
f:\windows\system32\ieframe.dll
f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\nvsvc32.exe
f:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
f:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\windows\system32\inetsrv\inetinfo.exe
f:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
f:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
f:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
f:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
f:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
f:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
f:\program files\SMSC\SetIcon.exe
f:\windows\RTHDCPL.EXE
f:\windows\system32\wscntfy.exe
f:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
f:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-01-13 09:00:04 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-13 13:59

Pre-Run: 13,052,227,584 bytes free
Post-Run: 15,053,307,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - ADF22C62433A424E77BC146BE971F5E8

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 PM

Posted 13 January 2011 - 09:21 AM

Greetings

It is my task manager "Anvir".
What program is this?



Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 SpeckSlayer

SpeckSlayer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 13 January 2011 - 10:40 AM

It is my task manager "Anvir".
What program is this


This is a program I have been using for a couple of years to help monitor/kill processes. I do a little DIY programing and this has been a handy utility.

Below is the link to the Website where I purchased the software.

AnVir Task Manager

I will be at work for the remainder of the day and wont be able to run the custom ComboFix script until tonight.

Thanks Again.

BS

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 PM

Posted 13 January 2011 - 10:53 AM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\ComboFix-quarantined-files.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 SpeckSlayer

SpeckSlayer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 15 January 2011 - 09:05 AM

Sorry for the delay...

ComboFix logs


ComboFix 11-01-11.03 - Brad 01/14/2011 7:13.2.3 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1362 [GMT -5:00]
Running from: f:\documents and settings\Brad\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\Brad\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.

((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-13 14:00 . 2010-11-10 01:33 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8A050041-22BC-4DF6-A4F4-6229ED352D54}\mpengine.dll
2011-01-08 15:46 . 2011-01-08 15:46 -------- d-----w- f:\documents and settings\Brad\Local Settings\Application Data\Unity
2011-01-08 02:53 . 2011-01-08 03:04 -------- d-----w- f:\program files\TweakNow PowerPack 2010
2011-01-08 02:53 . 2011-01-08 02:53 -------- d-----w- f:\documents and settings\Brad\Application Data\TweakNow PowerPack 2010
2011-01-08 02:32 . 2011-01-08 02:32 -------- d-----w- f:\program files\ESET
2011-01-08 02:07 . 2011-01-08 02:07 -------- d-----w- f:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
2011-01-08 02:07 . 2011-01-08 02:07 -------- d-----w- f:\program files\Frontline Registry Cleaner
2011-01-08 00:55 . 2011-01-08 00:55 -------- d-----w- f:\documents and settings\Brad\log
2011-01-08 00:55 . 2011-01-08 00:55 190032 ----a-w- f:\windows\system32\drivers\tmcomm.sys
2011-01-08 00:55 . 2011-01-08 00:55 56400 ----a-w- f:\windows\system32\drivers\tmrkb.sys
2011-01-08 00:48 . 2011-01-08 00:48 388096 ----a-r- f:\documents and settings\Brad\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2011-01-08 00:48 . 2011-01-08 00:48 -------- d-----w- f:\program files\TrendMicro
2011-01-07 00:14 . 2010-11-10 01:33 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-05 15:13 . 2011-01-05 15:14 -------- d-----w- f:\program files\Microsoft Security Client
2011-01-04 06:52 . 2010-11-16 17:01 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{5E893E9F-B6E6-40FA-A825-1E2918AAAFCA}\mpengine.dll
2011-01-03 12:45 . 2011-01-03 12:45 0 ----a-w- f:\windows\system32\drivers\sst8D.tmp
2011-01-03 12:45 . 2011-01-03 12:45 0 ----a-w- f:\windows\system32\drivers\sst8C.tmp
2010-12-18 18:46 . 2010-12-18 18:46 -------- d-----w- f:\documents and settings\Brad\Application Data\Malwarebytes
2010-12-18 18:29 . 2010-12-18 18:29 -------- d-----w- f:\documents and settings\Tracy\Application Data\Malwarebytes
2010-12-18 18:29 . 2010-12-20 23:09 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 18:29 . 2010-12-18 18:29 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-18 18:29 . 2011-01-05 14:41 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2010-12-18 18:29 . 2010-12-20 23:08 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-12-15 21:56 . 2010-11-02 15:17 40960 -c----w- f:\windows\system32\dllcache\ndproxy.sys
2010-12-15 21:55 . 2010-10-11 14:59 45568 -c----w- f:\windows\system32\dllcache\wab.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 12:40 . 2004-08-04 12:00 52352 ----a-w- f:\windows\system32\drivers\volsnap.sys
2010-11-18 18:12 . 2006-04-12 09:54 81920 ----a-w- f:\windows\system32\isign32.dll
2010-11-16 17:01 . 2008-02-06 07:07 6273872 ------w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2010-11-16 17:01 . 2006-04-14 21:30 6273872 ----a-w- f:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-09 14:52 . 2004-08-04 12:00 249856 ----a-w- f:\windows\system32\odbc32.dll
2010-11-07 05:11 . 2007-03-17 17:24 15256 ----a-w- f:\documents and settings\Tracy\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2010-11-06 00:34 . 2004-08-04 12:00 832512 ----a-w- f:\windows\system32\wininet.dll
2010-11-06 00:34 . 2004-08-04 12:00 78336 ----a-w- f:\windows\system32\ieencode.dll
2010-11-06 00:34 . 2004-08-04 12:00 1830912 ----a-w- f:\windows\system32\inetcpl.cpl
2010-11-06 00:34 . 2004-08-04 12:00 17408 ----a-w- f:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-04 12:00 389120 ----a-w- f:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- f:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- f:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- f:\windows\system32\win32k.sys
2010-10-25 02:25 . 2010-10-25 02:25 165264 ----a-w- f:\windows\system32\drivers\MpFilter.sys
2010-10-19 20:51 . 2009-10-02 22:27 222080 ------w- f:\windows\system32\MpSigStub.exe
2004-03-11 17:27 . 2006-04-11 22:59 40960 ----a-w- f:\program files\Uninstall_CDS.exe
2008-12-17 23:33 . 2008-12-17 23:33 122880 ----a-w- f:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="f:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"BitTorrent DNA"="f:\program files\DNA\btdna.exe" [2009-11-13 323392]
"ISUSPM"="f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"MP4 Player"="f:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="f:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"SunJavaUpdateSched"="f:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263]
"SetIcon"="\Program Files\SMSC\SetIcon.exe" [2004-04-28 42496]
"PWRISOVM.EXE"="f:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"RoxWatchTray"="f:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 228088]
"Google Desktop Search"="f:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-17 30192]
"itype"="f:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="f:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"LogitechCommunicationsManager"="f:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"Monitor"="f:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"MSC"="f:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="f:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\system32\\mmc.exe"=
"f:\\StubInstaller.exe"=
"f:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"f:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"f:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"f:\\Program Files\\Sony Pictures Games\\JEOPARDY!\\JEOPARDY!.exe"=
"f:\\Program Files\\Sony Pictures Games\\Rock and Roll JEOPARDY!\\Rock & Roll JEOPARDY!.exe"=
"f:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"f:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"f:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"f:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=
"f:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=
"f:\\WINDOWS\\system32\\java.exe"=
"f:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"f:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamUI.exe"=
"f:\\Program Files\\BitTorrent\\bittorrent.exe"=
"f:\\Program Files\\Research In Motion\\BlackBerry VS8 Plugin\\bin\\MDS.NET.AGController.exe"=
"f:\\Program Files\\Research In Motion\\BlackBerry VS8 Plugin\\MDS Services\\jre\\bin\\java.exe"=
"f:\\Program Files\\Research In Motion\\BlackBerry VS8 Plugin\\handheld\\simulator\\fledge.exe"=
"f:\\Program Files\\DNA\\btdna.exe"=
"f:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCGui.exe"=
"f:\\Program Files\\SMART Technologies\\SMART Product Drivers\\SMARTSNMPAgent.exe"=
"f:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCService.exe"=
"f:\\Program Files\\SMART Technologies\\SMART Product Drivers\\WebServer.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 BIOS;BIOS;f:\windows\system32\drivers\BIOS.sys [4/12/2006 5:03 AM 13696]
R1 NEOFLTR_540_11359;Juniper Networks TDI Filter Driver (NEOFLTR_540_11359);f:\windows\system32\drivers\NEOFLTR_540_11359.sys [11/30/2006 1:31 AM 57559]
R2 SMART Display Controller;SMART Display Controller;f:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [1/5/2010 12:43 PM 779560]
R2 TomTomHOMEService;TomTomHOMEService;f:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/3/2009 7:46 AM 92008]
S2 gupdate1c9fd1cac020f1c;Google Update Service (gupdate1c9fd1cac020f1c);f:\program files\Google\Update\GoogleUpdate.exe [7/4/2009 9:59 PM 133104]
S2 tmrkb;tmrkb;f:\windows\system32\drivers\tmrkb.sys [1/7/2011 7:55 PM 56400]
S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [9/8/2010 7:25 AM 1684736]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;f:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/17/2008 6:32 PM 30192]
S3 KProcWatch;KProcWatch;\??\f:\windows\system32\drivers\KProcWatch.sys --> f:\windows\system32\drivers\KProcWatch.sys [?]
S3 MdsTomcat;BlackBerry MDS Services - Apache Tomcat Service;f:\program files\Research In Motion\BlackBerry VS8 Plugin\MDS Services\bin\javaservice.exe [9/26/2007 10:05 AM 102400]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;f:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [1/5/2010 12:44 PM 1053992]
S3 SMART Web Server;SMART Web Server;f:\program files\SMART Technologies\SMART Product Drivers\WebServer.exe [1/5/2010 12:44 PM 1262888]
S3 WinDefend;Windows Defender;f:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
.
Contents of the 'Scheduled Tasks' folder

2010-12-25 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2011-01-08 f:\windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Brad.job
- f:\program files\Frontline Registry Cleaner\FrontlineRegistryCleaner.exe [2010-05-11 22:20]

2011-01-13 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-07-05 02:59]

2011-01-14 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2009-07-05 02:59]

2011-01-13 f:\windows\Tasks\MP Scheduled Scan.job
- f:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = https://remote.cintas.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cintas.com\remote
DPF: {A60CCC4B-A858-11D1-91CB-00805F3E69CD} - hxxps://remote.cintas.com/launch/LaunchFilenet.CAB,DanaInfo=home5.cintas.com+
FF - ProfilePath - f:\documents and settings\Brad\Application Data\Mozilla\Firefox\Profiles\q22ok9ix.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: TorrentBar: {7b821b0e-b102-4f9b-b6e3-433ede1fe379} - %profile%\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
FF - Ext: InstantAction.com Game Launcher: iaplayer@instantaction.com - %profile%\extensions\iaplayer@instantaction.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - f:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - f:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: SMART Notebook Extension: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262} - f:\program files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 07:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-764733703-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:63,dc,e0,e2,cf,80,8e,1f,b8,6d,48,02,a4,9f,47,41,01,e7,00,ae,5f,
6f,27,48,e6,19,77,c5,d2,90,d9,06,36,85,85,48,0d,54,fd,3a,eb,d6,3a,8e,76,62,\
"rkeysecu"=hex:09,b5,f7,90,16,45,64,30,c3,da,15,11,84,a5,c3,16
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5112)
f:\windows\system32\WININET.dll
f:\windows\system32\ieframe.dll
f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(5316)
f:\windows\system32\WININET.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-14 07:31:54
ComboFix-quarantined-files.txt 2011-01-14 12:31
ComboFix2.txt 2011-01-13 14:00

Pre-Run: 14,969,802,752 bytes free
Post-Run: 14,934,048,768 bytes free

- - End Of File - - E6E205FB454E1D4470F58C9649AF08D8

ComboFix-quarantined-files.txt

2011-01-14 12:13:39 . 2011-01-14 12:13:39 0 ----a-w- F:\Qoobox\Quarantine\catchme.txt
2011-01-13 13:58:21 . 2011-01-13 13:58:21 512 ----a-w- F:\Qoobox\Quarantine\Registry_backups\AddRemove-AnVir Task Manager.reg.dat
2011-01-13 13:58:08 . 2011-01-13 13:58:08 546 ----a-w- F:\Qoobox\Quarantine\Registry_backups\SafeBoot-klmdb.sys.reg.dat
2011-01-13 13:58:07 . 2011-01-13 13:58:07 512 ----a-w- F:\Qoobox\Quarantine\Registry_backups\Notify-ljjhiih.reg.dat
2011-01-13 13:58:02 . 2011-01-13 13:58:02 138 ----a-w- F:\Qoobox\Quarantine\Registry_backups\HKLM-Run-PicasaNet.reg.dat
2011-01-13 13:58:01 . 2011-01-13 13:58:01 166 ----a-w- F:\Qoobox\Quarantine\Registry_backups\HKCU-Run-AnVir Task Manager.reg.dat
2011-01-13 13:47:57 . 2011-01-13 13:47:57 53,955 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\Temp\logishrd\_LVPrcInj01_.dll.zip
2011-01-13 13:41:21 . 2011-01-13 13:41:21 708 ----a-w- F:\Qoobox\Quarantine\Registry_backups\Service_sst8D.reg.dat
2011-01-13 13:41:21 . 2011-01-13 13:41:21 708 ----a-w- F:\Qoobox\Quarantine\Registry_backups\Service_sst8C.reg.dat
2011-01-13 13:41:21 . 2011-01-13 13:41:21 2,478 ----a-w- F:\Qoobox\Quarantine\Registry_backups\Service_hwinterface.reg.dat
2011-01-13 13:41:21 . 2011-01-13 13:41:21 1,184 ----a-w- F:\Qoobox\Quarantine\Registry_backups\Legacy_sst8D.reg.dat
2011-01-13 13:41:21 . 2011-01-13 13:41:21 1,432 ----a-w- F:\Qoobox\Quarantine\Registry_backups\Legacy_hwinterface.reg.dat
2011-01-13 13:41:21 . 2011-01-13 13:41:21 1,184 ----a-w- F:\Qoobox\Quarantine\Registry_backups\Legacy_sst8C.reg.dat
2011-01-13 13:40:29 . 2011-01-14 12:28:05 6,013 ----a-w- F:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-01-13 13:18:09 . 2011-01-14 12:12:22 288 ----a-w- F:\Qoobox\Quarantine\catchme.log
2011-01-13 12:41:13 . 2008-07-26 12:25:24 109,080 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\Temp\logishrd\LVPrcInj01.dll.vir
2011-01-03 12:45:22 . 2011-01-03 12:45:25 53,248 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\drivers\sst8D.sys.vir
2011-01-03 12:45:16 . 2011-01-03 12:45:22 53,248 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\drivers\sst8C.sys.vir
2010-12-18 18:09:16 . 2010-12-18 18:09:16 2,012 ----a-w- F:\Qoobox\Quarantine\F\Documents and Settings\Brad\Start Menu\Programs\System Tool\System Tool 2011.lnk.vir
2010-12-18 18:00:46 . 2010-12-18 18:00:46 5,954 ----a-w- F:\Qoobox\Quarantine\F\Documents and Settings\Brad\Local Settings\Application Data\{861AFE65-B403-4CB7-BBB1-8DDC55EA966D}\chrome\content\overlay.xul.vir
2010-12-18 18:00:46 . 2010-12-18 18:00:46 2,238 ----a-w- F:\Qoobox\Quarantine\F\Documents and Settings\Brad\Local Settings\Application Data\{861AFE65-B403-4CB7-BBB1-8DDC55EA966D}\chrome\content\_cfg.js.vir
2010-12-18 18:00:46 . 2010-12-18 18:00:46 764 ----a-w- F:\Qoobox\Quarantine\F\Documents and Settings\Brad\Local Settings\Application Data\{861AFE65-B403-4CB7-BBB1-8DDC55EA966D}\install.rdf.vir
2010-12-18 18:00:46 . 2010-12-18 18:00:46 122 ----a-w- F:\Qoobox\Quarantine\F\Documents and Settings\Brad\Local Settings\Application Data\{861AFE65-B403-4CB7-BBB1-8DDC55EA966D}\chrome.manifest.vir
2007-10-30 01:06:18 . 2007-10-30 01:06:18 3,026 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\drivers\hwinterface.sys.vir
2007-07-16 14:35:36 . 2007-07-17 14:36:03 1,185,890 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\rhskwnhw.ini.vir
2007-07-15 14:28:50 . 2007-07-15 21:54:37 1,185,710 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\gyavkgjp.ini.vir
2007-07-14 16:13:43 . 2007-07-14 16:13:52 1,947,514 -c--a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\prutv.bak1.vir
2007-07-14 16:13:30 . 2007-07-14 16:13:31 353 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\vybeg.ini.vir
2007-07-14 16:13:30 . 2007-07-15 06:06:35 1,952,619 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\prutv.ini.vir
2006-12-14 21:44:57 . 2006-12-14 21:44:57 118,784 ----a-w- F:\Qoobox\Quarantine\F\Documents and Settings\Tracy\Desktop\TagASaurus.exe.vir
2006-11-20 07:44:10 . 2006-11-20 07:44:10 90,112 ----a-w- F:\Qoobox\Quarantine\F\WINDOWS\system32\ccrpTmr6.dll.vir
2006-08-16 20:39:11 . 2006-06-26 03:20:00 413,184 ----a-w- F:\Qoobox\Quarantine\F\Program Files\AnVir Task Manager\AnVir.exe.vir

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 PM

Posted 15 January 2011 - 12:50 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

DeQuarantine::
F:\Qoobox\Quarantine\F\Program Files\AnVir Task Manager\AnVir.exe.vir


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Now I need you to navagate to this file and double click it - F:\Qoobox\Quarantine\Registry_backups\HKCU-Run-AnVir Task Manager.reg.dat

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Edited by gringo_pr, 15 January 2011 - 12:50 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 PM

Posted 17 January 2011 - 11:32 PM

Hello

three day bump

It has been Three days since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users