Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Re-direct Virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 junk2535

junk2535

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 07 February 2011 - 03:38 PM

I have tried all the regular virus and spyware removal products but no luck. Thanks in advance! JS
Here is the Txt file from D.D.S.



DDS (Ver_10-12-12.02) - NTFSx86
Run by NWMI-User at 14:04:36.39 on Mon 02/07/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.823 [GMT -6:00]

AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\rundll32.exe
svchost.exe
C:\windows\system32\IPSSVC.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\windows\system32\ICO.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\windows\system32\FSRremoS.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\Pelmiced.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PracticeBuilder\pbuilder.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\windows\system32\defrag.exe
C:\DOCUME~1\NWMI-U~1\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\EPSONP~1\EPSONCD.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\NWMI-User\My Documents\Downloads\Joses junk\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.ask.com?o=14597&l=dis
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
c:\documents and settings\nwmi-user\local settings\temp\dca.tmp\temp00
c:\documents and settings\nwmi-user\local settings\temp\dca.tmp\temp00
c:\documents and settings\nwmi-user\local settings\temp\dca.tmp\temp00
c:\documents and settings\nwmi-user\local settings\temp\dca.tmp\temp00
c:\documents and settings\nwmi-user\local settings\temp\dca.tmp\temp00
c:\documents and settings\nwmi-user\local settings\temp\dca.tmp\temp00
c:\documents and settings\nwmi-user\local settings\temp\dca.tmp\temp00
c:\documents and settings\nwmi-user\local settings\temp\dca.tmp\temp00
c:\documents and settings\nwmi-user\local settings\temp\dca.tmp\temp00
c:\documents and settings\nwmi-user\local settings\temp\dca.tmp\temp00
c:\documents and settings\nwmi-user\local settings\temp\dca.tmp\temp00
c:\documents and settings\nwmi-user\local settings\temp\dca.tmp\temp00
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eradpa~1.lnk - c:\windows\installer\{3a6f6c26-f40a-4f07-84fd-c0e46f5818a8}\pbuilder.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: nmff.org\connect
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A}
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2}
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}
DPF: {5C885ED3-9E77-4140-B63E-134BF7B19DEC} - hxxps://connect.nmff.org/ami/install/,DanaInfo=pacsweb.nmh.org,CT=java+amiviewer.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165256372125
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165256432921
DPF: {7A12449A-0E67-4C4E-A8E2-16C7A3A571AC} - hxxps://ezsend.proscan.com/EvenFlow/ctrl/StudyUploadTool.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9}
DPF: {8AA62806-B72E-11D3-9E87-00E0295624BD} - hxxp://pacs.nwmedicalimaging.com/download/pbax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://connect.nmff.org/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn.nmh.org/dana-cached/sc/JuniperSetupClient.cab
TCP: {F6AD677F-C452-4F37-BD60-A00EAC04B907} = 172.18.109.1,4.2.2.2
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nwmi-u~1\applic~1\mozilla\firefox\profiles\dqrtpmvy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ris.nwmedicalimaging.com/emr/interface/login/login_frame.php|http://172.18.109.50/cases/index.jsp?cContext=Context_32468|https://webmail.chi3.etrn.com/mail.nwmedicalimaging.com/webmail/src/login.php?SQMSESSID=4df122b54f042c486aa73e89bbfb90ed|http://www.radio-locator.com/cgi-bin/locate?select=city&city=chicago&state=IL&x=17&y=5
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - component: c:\documents and settings\nwmi-user\application data\mozilla\firefox\profiles\dqrtpmvy.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_31.dll
FF - component: c:\documents and settings\nwmi-user\application data\mozilla\firefox\profiles\dqrtpmvy.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\documents and settings\nwmi-user\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\documents and settings\nwmi-user\application data\mozilla\firefox\profiles\dqrtpmvy.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - %profile%\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\nwmi-user\application data\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-26 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-26 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-18 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-26 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-26 116784]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-5-12 3968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-21 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110204.001\IDSXpx86.sys [2011-2-4 341944]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-3-22 114952]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110207.002\NAVENG.SYS [2011-2-7 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110207.002\NAVEX15.SYS [2011-2-7 1360760]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-1-11 16968]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [2010-11-10 103424]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcmdmxp.sys [2010-11-10 105984]

=============== Created Last 30 ================

2011-02-07 14:34:21 -------- dc----w- c:\docume~1\nwmi-u~1\applic~1\ViralSubmitter
2011-02-04 21:21:52 -------- dc----w- c:\program files\Phoenix Labs
2011-02-04 21:21:52 -------- dc----w- c:\docume~1\nwmi-u~1\applic~1\PhoenixLabs
2011-01-26 16:59:30 -------- dc----w- c:\docume~1\nwmi-u~1\applic~1\Local
2011-01-26 16:57:38 -------- dc----w- c:\program files\DivX
2011-01-26 15:17:43 388096 -c--a-r- c:\docume~1\nwmi-u~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-26 15:17:43 -------- dc----w- c:\program files\Trend Micro
2011-01-17 15:55:04 2651716 -c--a-w- C:\TMPGEnc.exe
2011-01-17 15:24:15 5600 -c--a-w- c:\windows\system\WINASPI.DLL
2011-01-17 15:24:15 4672 -c--a-w- c:\windows\system\WOWPOST.EXE
2011-01-17 15:24:15 45056 -c--a-w- c:\windows\system32\WNASPI32.DLL
2011-01-17 15:24:15 16877 -c--a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-01-17 15:21:54 -------- dc----w- C:\adaptec
2011-01-17 14:57:51 -------- dc----w- c:\program files\DVD2SVCD
2011-01-13 15:02:44 -------- dc----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-01-12 23:06:24 -------- dc----w- c:\docume~1\nwmi-u~1\applic~1\FinalBurner Video DVD
2011-01-12 19:54:38 -------- dc----w- C:\finalburner
2011-01-12 19:05:41 -------- dc----w- C:\VCD2TK
2011-01-12 19:05:23 245088 -c--a-w- c:\windows\WINSTRUN.EXE
2011-01-12 17:52:45 -------- dc----w- c:\docume~1\alluse~1\applic~1\Nero
2011-01-12 17:35:07 4379984 -c--a-w- c:\windows\system32\D3DX9_40.dll
2011-01-12 17:34:28 3497832 -c--a-w- c:\windows\system32\d3dx9_34.dll
2011-01-12 16:41:42 -------- dc----w- c:\program files\FreeTime
2011-01-11 15:14:49 12872 -c--a-w- c:\windows\system32\bootdelete.exe
2011-01-11 14:58:53 16968 -c--a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-01-11 14:58:51 -------- dc----w- c:\program files\Hitman Pro 3.5
2011-01-11 14:57:37 -------- dc----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

==================== Find3M ====================

2011-02-06 22:17:01 5427 -c--a-w- c:\windows\system32\EGATHDRV.SYS
2010-12-08 17:21:12 167424 -csha-r- c:\windows\system32\oleaccd.dll
2010-11-18 18:12:44 81920 -c----w- c:\windows\system32\isign32.dll
2010-11-17 05:41:00 323624 -c--a-w- c:\windows\system32\wiaaut.dll
2010-11-13 00:53:06 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2010-11-12 22:34:10 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2010-11-12 00:44:54 94208 -c--a-w- c:\windows\system32\dpl100.dll

============= FINISH: 14:06:01.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 10 February 2011 - 11:33 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 junk2535

junk2535
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 11 February 2011 - 04:19 PM

Thanks for your response. I found the response in my junk mail so i just now running the scans you told me. here are the results:







DDS (Ver_10-12-12.02) - NTFSx86
Run by NWMI-User at 15:14:39.59 on Fri 02/11/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.911 [GMT -6:00]

AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\rundll32.exe
svchost.exe
C:\windows\system32\IPSSVC.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\nvsvc32.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\windows\system32\ICO.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\windows\system32\FSRremoS.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\windows\system32\Pelmiced.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PracticeBuilder\pbuilder.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\DOCUME~1\NWMI-U~1\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\Documents and Settings\NWMI-User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.ask.com?o=14597&l=dis
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eradpa~1.lnk - c:\windows\installer\{3a6f6c26-f40a-4f07-84fd-c0e46f5818a8}\pbuilder.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: nmff.org\connect
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A}
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2}
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}
DPF: {5C885ED3-9E77-4140-B63E-134BF7B19DEC} - hxxps://connect.nmff.org/ami/install/,DanaInfo=pacsweb.nmh.org,CT=java+amiviewer.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165256372125
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165256432921
DPF: {7A12449A-0E67-4C4E-A8E2-16C7A3A571AC} - hxxps://ezsend.proscan.com/EvenFlow/ctrl/StudyUploadTool.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9}
DPF: {8AA62806-B72E-11D3-9E87-00E0295624BD} - hxxp://pacs.nwmedicalimaging.com/download/pbax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://connect.nmff.org/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webvpn.nmh.org/dana-cached/sc/JuniperSetupClient.cab
TCP: {F6AD677F-C452-4F37-BD60-A00EAC04B907} = 172.18.109.1,4.2.2.2
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nwmi-u~1\applic~1\mozilla\firefox\profiles\dqrtpmvy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ris.nwmedicalimaging.com/emr/interface/login/login_frame.php|http://172.18.109.50/cases/index.jsp?cContext=Context_32468|https://webmail.chi3.etrn.com/mail.nwmedicalimaging.com/webmail/src/login.php?SQMSESSID=4df122b54f042c486aa73e89bbfb90ed|http://www.radio-locator.com/cgi-bin/locate?select=city&city=chicago&state=IL&x=17&y=5
FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q=
FF - component: c:\documents and settings\nwmi-user\application data\mozilla\firefox\profiles\dqrtpmvy.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_31.dll
FF - component: c:\documents and settings\nwmi-user\application data\mozilla\firefox\profiles\dqrtpmvy.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\documents and settings\nwmi-user\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\documents and settings\nwmi-user\application data\mozilla\firefox\profiles\dqrtpmvy.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - %profile%\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\nwmi-user\application data\Move Networks

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-26 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-26 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-18 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-26 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-26 116784]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-5-12 3968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-21 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110210.001\IDSXpx86.sys [2011-2-10 341944]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-3-22 114952]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110210.020\NAVENG.SYS [2011-2-10 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110210.020\NAVEX15.SYS [2011-2-10 1360760]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-13 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-1-11 16968]
S3 qcserxp;HTC Diagnostic Port;c:\windows\system32\drivers\qcserxp.sys [2010-11-10 103424]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcmdmxp.sys [2010-11-10 105984]

=============== Created Last 30 ================

2011-02-07 14:34:21 -------- dc----w- c:\docume~1\nwmi-u~1\applic~1\ViralSubmitter
2011-02-04 21:21:52 -------- dc----w- c:\program files\Phoenix Labs
2011-02-04 21:21:52 -------- dc----w- c:\docume~1\nwmi-u~1\applic~1\PhoenixLabs
2011-01-30 20:57:00 103864 -c--a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 20:57:00 103864 -c--a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-26 16:59:30 -------- dc----w- c:\docume~1\nwmi-u~1\applic~1\Local
2011-01-26 16:57:38 -------- dc----w- c:\program files\DivX
2011-01-26 15:17:43 388096 -c--a-r- c:\docume~1\nwmi-u~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-26 15:17:43 -------- dc----w- c:\program files\Trend Micro
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-17 15:55:04 2651716 -c--a-w- C:\TMPGEnc.exe
2011-01-17 15:24:15 5600 -c--a-w- c:\windows\system\WINASPI.DLL
2011-01-17 15:24:15 4672 -c--a-w- c:\windows\system\WOWPOST.EXE
2011-01-17 15:24:15 45056 -c--a-w- c:\windows\system32\WNASPI32.DLL
2011-01-17 15:24:15 16877 -c--a-w- c:\windows\system32\drivers\ASPI32.SYS
2011-01-17 15:21:54 -------- dc----w- C:\adaptec
2011-01-17 14:57:51 -------- dc----w- c:\program files\DVD2SVCD
2011-01-13 15:02:44 -------- dc----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2011-01-12 23:06:24 -------- dc----w- c:\docume~1\nwmi-u~1\applic~1\FinalBurner Video DVD

==================== Find3M ====================

2011-02-06 22:17:01 5427 -c--a-w- c:\windows\system32\EGATHDRV.SYS
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\shimgvw.dll
2011-01-13 18:08:15 12872 -c--a-w- c:\windows\system32\bootdelete.exe
2011-01-12 19:05:23 245088 -c--a-w- c:\windows\WINSTRUN.EXE
2011-01-07 14:09:02 290048 -c--a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 -c----w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 -c--a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 -c----w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 -c----w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 -c--a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 -c----w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 -c----w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 -c----w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 -c----w- c:\windows\system32\ntkrnlpa.exe
2010-12-08 17:21:12 167424 -csha-r- c:\windows\system32\oleaccd.dll
2010-11-18 18:12:44 81920 -c----w- c:\windows\system32\isign32.dll
2010-11-17 05:41:00 323624 -c--a-w- c:\windows\system32\wiaaut.dll

============= FINISH: 15:15:17.57 ===============
Attached File  Attach.zip   3.7KB   0 downloads


















RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF012000 C:\windows\System32\nv4_disp.dll 3969024 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 84.15 )
0xB8956000 C:\windows\system32\DRIVERS\nv4_mini.sys 3649536 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 84.15 )
0x804D7000 C:\windows\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\windows\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAFEC5000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110210.020\NAVEX15.SYS 1355776 bytes (Symantec Corporation, AV Engine)
0xB5059000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0xB9D9B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB512D000 C:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xB5350000 C:\windows\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB51C9000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB87C7000 C:\windows\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5833000 C:\windows\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAFE59000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110210.001\IDSxpx86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0xB3380000 C:\windows\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB2D89000 C:\windows\System32\Drivers\N360\0403000.005\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0xB57DC000 C:\windows\System32\Drivers\N360\0403000.005\SYMTDI.SYS 356352 bytes (Symantec Corporation, Network Dispatch Driver)
0xB9E95000 SYMDS.SYS 352256 bytes
0xBF3DB000 C:\windows\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB34C8000 C:\windows\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB5F9F000 C:\windows\system32\drivers\ADIHdAud.sys 196608 bytes (Analog Devices, Inc., High Definition Audio Function Driver(Release Candidate 1))
0xB8825000 C:\windows\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB3559000 C:\windows\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D6E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9E68000 SYMEFA.SYS 184320 bytes
0xB53C0000 C:\windows\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB88D1000 C:\windows\system32\DRIVERS\b57xp32.sys 172032 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xB5558000 C:\windows\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB57B6000 C:\windows\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB88AC000 C:\windows\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB5791000 C:\windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xB0FA2000 C:\windows\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB5F7B000 C:\windows\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB891E000 C:\windows\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB88FB000 C:\windows\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB5536000 C:\windows\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\windows\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB5517000 C:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0xB51AC000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB8891000 C:\windows\System32\drivers\keyscrambler.sys 110592 bytes (QFX Software Corporation, KeyScrambler Keyboard Encryption Driver)
0xB9D54000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB3FF4000 C:\windows\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB4772000 C:\windows\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9E3B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8866000 C:\windows\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB400C000 C:\windows\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB3FDE000 C:\windows\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9E52000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xB2848000 C:\windows\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xAFEB1000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110210.020\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB887D000 C:\windows\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB8942000 C:\windows\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB588C000 C:\windows\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9E28000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\windows\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8855000 C:\windows\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA118000 C:\windows\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1B8000 C:\windows\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA1E8000 C:\windows\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB8CF1000 C:\windows\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB33F8000 C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys 61440 bytes (Utimaco Safeware AG, SafeGuardŽ PrivateDisk Driver)
0xBA1C8000 C:\windows\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB2FB8000 C:\windows\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8D61000 C:\windows\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA198000 C:\windows\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)
0xBA0E8000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA1D8000 C:\windows\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1F8000 C:\windows\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA218000 C:\windows\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA108000 C:\windows\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA1A8000 C:\windows\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA208000 C:\windows\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB5D43000 C:\windows\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA278000 C:\windows\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA0F8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA318000 C:\windows\system32\drivers\N360\0403000.005\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xBA238000 C:\windows\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2C8000 C:\windows\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA228000 C:\windows\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2D8000 C:\windows\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB26AA000 C:\windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA298000 C:\windows\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA430000 C:\windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0xBA3B8000 C:\windows\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA428000 C:\windows\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA380000 C:\windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA448000 C:\windows\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA3D0000 C:\windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA3E0000 C:\DOCUME~1\NWMI-U~1\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA328000 C:\windows\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB5DD9000 C:\windows\system32\DRIVERS\PROCDD.SYS 28672 bytes (Lenovo Group Limited, IPS Helper Driver)
0xBA3D8000 C:\windows\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB5403000 C:\windows\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA3A0000 C:\windows\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA438000 C:\windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA440000 C:\windows\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA470000 C:\windows\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3A8000 C:\windows\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3B0000 C:\windows\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA460000 C:\windows\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA468000 C:\windows\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA458000 C:\windows\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA450000 C:\windows\system32\DRIVERS\tvtpktfilter.sys 20480 bytes (Lenovo Group Limited, TVT NDIS 5.1 Intermediate Miniport Filter Driver)
0xBA420000 C:\windows\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA370000 C:\windows\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB3F6A000 C:\windows\System32\drivers\aspi32.sys 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xB335C000 C:\windows\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xB478A000 C:\windows\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA560000 C:\windows\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB5789000 C:\windows\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA540000 C:\windows\system32\DRIVERS\pelmouse.sys 16384 bytes (Primax Electronics Ltd., Mouse Suite Driver (For Windows 2000 and Whistler Only))
0xB9361000 C:\windows\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB321C000 C:\WINDOWS\system32\drivers\tvtfilter.sys 16384 bytes (Lenovo, Rescue and Recovery filter driver)
0xBA4B8000 C:\windows\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA56C000 C:\windows\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA548000 C:\windows\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9D06000 C:\windows\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB937D000 C:\windows\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9359000 C:\windows\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA53C000 C:\windows\system32\DRIVERS\pelusblf.sys 12288 bytes (Primax Electronics Ltd., USB Mouse Low Filter Driver(Win2000 only))
0xB9D02000 C:\windows\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA632000 C:\windows\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA600000 C:\windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA666000 C:\windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5CE000 C:\windows\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5C8000 C:\WINDOWS\SYSTEM32\EGATHDRV.SYS 8192 bytes (IBM Corporation, IBM eGatherer Kernel Module)
0xBA630000 C:\windows\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\windows\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA636000 C:\windows\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5F4000 C:\WINDOWS\System32\drivers\pmemnt.sys 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xBA638000 C:\windows\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA602000 C:\windows\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xBA604000 C:\windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA60C000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\windows\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7CB000 C:\windows\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7DE000 C:\windows\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA723000 C:\windows\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA775000 C:\windows\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA6FC000 C:\Program Files\SMI2\smi2.sys 4096 bytes (IBM Corp., SMI BIOS driver)
==============================================
>Stealth
==============================================
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8887CB30 ] TID: 112, 24 bytes
0x8055C700 Faked ServiceTable-->E_S30RP1.EXE [ ETHREAD 0x8988FD30 ] TID: 152, 4194368 bytes
0x8055C700 Faked ServiceTable-->E_S30RP1.EXE [ ETHREAD 0x89875378 ] TID: 160
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8986CDA8 ] TID: 184
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8976C350 ] TID: 188
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89778448 ] TID: 204
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8976C5C8 ] TID: 212
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89796DA8 ] TID: 220
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89796B30 ] TID: 224
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89774650 ] TID: 228
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89776998 ] TID: 236, 8781826 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8976B848 ] TID: 240, 547136 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89534BE0 ] TID: 244, 19750872 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88A27020 ] TID: 248, 20009688 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898606C8 ] TID: 252, 7012468 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892AE020 ] TID: 272
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89870A28 ] TID: 276, 8781847 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89874DA8 ] TID: 340
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8985EBE8 ] TID: 348
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89853750 ] TID: 356
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89855A28 ] TID: 360
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898557B0 ] TID: 364
0x8055C700 Faked ServiceTable-->logmon.exe [ ETHREAD 0x89744BE8 ] TID: 368
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89855538 ] TID: 372
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8985F868 ] TID: 376
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89760020 ] TID: 392
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x898707B0 ] TID: 408
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x898494E8 ] TID: 420
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89858DA8 ] TID: 424
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8886E5C0 ] TID: 428
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8975DDA8 ] TID: 472
0x8055C700 Faked ServiceTable-->tvtsched.exe [ ETHREAD 0x89758258 ] TID: 484
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89775AF8 ] TID: 488
0x8055C700 Faked ServiceTable-->tvtsched.exe [ ETHREAD 0x89758DA8 ] TID: 492
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897A0810 ] TID: 504
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8963F020 ] TID: 528
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A67C958 ] TID: 532
0x8055C700 Faked ServiceTable-->HPTLBXFX.exe [ ETHREAD 0x89766A30 ] TID: 536
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889C48B8 ] TID: 544
0x8055C700 Faked ServiceTable-->MDM.EXE [ ETHREAD 0x89811020 ] TID: 564
0x8055C700 Faked ServiceTable-->tvtsched.exe [ ETHREAD 0x889FC8B8 ] TID: 600
0x8055C700 Faked ServiceTable-->winvnc4.exe [ ETHREAD 0x89759DA8 ] TID: 608
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x887EC2B8 ] TID: 628
0x8055C700 Faked ServiceTable-->tvtsched.exe [ ETHREAD 0x89758AA8 ] TID: 632, 384648 bytes
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88FE6020 ] TID: 636, 1261768 bytes
0x8055C700 Faked ServiceTable-->DDMService.exe [ ETHREAD 0x88816950 ] TID: 640, 3145776 bytes
0x8055C700 Faked ServiceTable-->HPTLBXFX.exe [ ETHREAD 0x88803BD8 ] TID: 668, 5374017 bytes
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x897ED430 ] TID: 676, 7864420 bytes
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x897EB4E8 ] TID: 680
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x897EE790 ] TID: 684
0x8055C700 Faked ServiceTable-->WLIDSVC.EXE [ ETHREAD 0x897522A0 ] TID: 692
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x889EF8D0 ] TID: 728
0x8055C700 Faked ServiceTable-->tvtsched.exe [ ETHREAD 0x89770A48 ] TID: 732
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89802808 ] TID: 748
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x897E4BF0 ] TID: 752
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x897BE020 ] TID: 756
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89520B50 ] TID: 776
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x897BF7A8 ] TID: 812
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x897B1328 ] TID: 820
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x897ACDA8 ] TID: 832
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8A2A0510 ] TID: 876
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89744970 ] TID: 884
0x8055C700 Faked ServiceTable-->DivXUpdate.exe [ ETHREAD 0x8880E500 ] TID: 908
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897C0DA8 ] TID: 912
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x889E7020 ] TID: 916
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A4F2020 ] TID: 928
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A4A0DA8 ] TID: 932
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A455160 ] TID: 936
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x888CC5F8 ] TID: 960
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8927B650 ] TID: 968
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89A15BE8 ] TID: 976
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8A477398 ] TID: 992
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89A15340 ] TID: 1016
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A45FDA8 ] TID: 1028
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8868DD80 ] TID: 1032
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A483A00 ] TID: 1036, 7209040 bytes
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8886A9E8 ] TID: 1044
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A06A1D8 ] TID: 1060, 34209801 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x899FE2A0 ] TID: 1064
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A072A78 ] TID: 1068, 7340140 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A0687C0 ] TID: 1076
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89D3ADA8 ] TID: 1080
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89A87DA8 ] TID: 1084
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89A03BF0 ] TID: 1088, 196621 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89A14DA8 ] TID: 1092
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88871950 ] TID: 1096, 3211320 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88A7F020 ] TID: 1104
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A077C20 ] TID: 1108, 7536761 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x897A2020 ] TID: 1116
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x897A2BA0 ] TID: 1120, 19907192 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A12DB28 ] TID: 1136
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A4711F0 ] TID: 1140, 5374020 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A45E1C0 ] TID: 1152
0x8055C700 Faked ServiceTable-->notepad.exe [ ETHREAD 0x88A30C78 ] TID: 1164, 7536759 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A08BDA8 ] TID: 1172
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A4F3020 ] TID: 1176
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A4F3568 ] TID: 1180
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A45F320 ] TID: 1184
0x8055C700 Faked ServiceTable-->SeaPort.exe [ ETHREAD 0x897A64C8 ] TID: 1192
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89A13508 ] TID: 1196
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89A05358 ] TID: 1204
0x8055C700 Faked ServiceTable-->SeaPort.exe [ ETHREAD 0x897BECA0 ] TID: 1216
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A48AA28 ] TID: 1220
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8885E020 ] TID: 1224
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A28B680 ] TID: 1228
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897A3A28 ] TID: 1256
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A532868 ] TID: 1260
0x8055C700 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x89731DA8 ] TID: 1264
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897E1308 ] TID: 1272
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89797DA8 ] TID: 1280
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897A35F0 ] TID: 1296
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x888CE9E8 ] TID: 1300
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A460020 ] TID: 1304
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x899FEDA8 ] TID: 1308
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A44F5E0 ] TID: 1312
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8A47CA28 ] TID: 1324
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A460658 ] TID: 1344
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A504020 ] TID: 1348
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A28B408 ] TID: 1352
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A4A4DA8 ] TID: 1356
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8919F020 ] TID: 1364
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897AD7C8 ] TID: 1372
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89728DA8 ] TID: 1384, 6094949 bytes
0x8055C700 Faked ServiceTable-->TeaTimer.exe [ ETHREAD 0x887C7950 ] TID: 1396
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89274828 ] TID: 1416
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A46F6D0 ] TID: 1456
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A070C18 ] TID: 1460
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88793618 ] TID: 1468
0x8055C700 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x89755970 ] TID: 1472
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89790020 ] TID: 1476
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A4889C0 ] TID: 1504, 7209051 bytes
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89294B40 ] TID: 1512
0x8055C700 Faked ServiceTable-->pbuilder.exe [ ETHREAD 0x8882E9F8 ] TID: 1516
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A4AA6F0 ] TID: 1532
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A4A8DA8 ] TID: 1540
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889C4B30 ] TID: 1552
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889C4DA8 ] TID: 1556
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x88871BC8 ] TID: 1568
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A453DA8 ] TID: 1584
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A453B30 ] TID: 1588
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A488718 ] TID: 1592
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A4884A0 ] TID: 1596
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889C5DA8 ] TID: 1600
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8979A4B8 ] TID: 1604
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8978BDA8 ] TID: 1608
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897B1938 ] TID: 1612
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A082DA8 ] TID: 1616, 4587572 bytes
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x8979B808 ] TID: 1624
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x8985E7B0 ] TID: 1628
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x8979DBC8 ] TID: 1632
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x89791B30 ] TID: 1640
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89786B80 ] TID: 1648
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89786908 ] TID: 1656
0x8055C700 Faked ServiceTable-->SUService.exe [ ETHREAD 0x897816A8 ] TID: 1660
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8977F868 ] TID: 1668, 5963808 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A469688 ] TID: 1672
0x8055C700 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x89727328 ] TID: 1692
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x8979A838 ] TID: 1696
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x8978FDA8 ] TID: 1700
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8977FDA8 ] TID: 1712
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x8978E878 ] TID: 1716
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x89787450 ] TID: 1724
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x897876C8 ] TID: 1736, 6357107 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A487758 ] TID: 1740
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89A8ACF0 ] TID: 1744
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A082858 ] TID: 1760
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x89788AB0 ] TID: 1764
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x89785730 ] TID: 1768
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x897854B8 ] TID: 1772
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x89785240 ] TID: 1776
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89F8F9F0 ] TID: 1780, 7340130 bytes
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x888CE020 ] TID: 1784
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A078C10 ] TID: 1788
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A078458 ] TID: 1792
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898D14B8 ] TID: 1796
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898D1240 ] TID: 1800
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898D2A28 ] TID: 1804
0x8055C700 Faked ServiceTable-->tvt_reg_monitor_svc.exe [ ETHREAD 0x89788838 ] TID: 1820
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898C4678 ] TID: 1852, 4390965 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898C06A8 ] TID: 1860
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A0DDA8 ] TID: 1864
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x894D0020 ] TID: 1880
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89766310 ] TID: 1908
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x898BAA28 ] TID: 1920
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x886D2278 ] TID: 1928
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x8988F500 ] TID: 1944
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x898ACB98 ] TID: 1948, 5963776 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89895DA8 ] TID: 1956
0x8055C700 Faked ServiceTable-->IUService.exe [ ETHREAD 0x89766DA8 ] TID: 1988
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8895A8B8 ] TID: 1992
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x898755F0 ] TID: 2000
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898834F8 ] TID: 2004
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89886A38 ] TID: 2008
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898867C0 ] TID: 2012
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89875DA8 ] TID: 2024, 7340147 bytes
0x8055C700 Faked ServiceTable-->IUService.exe [ ETHREAD 0x897776D8 ] TID: 2040
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889C5B30 ] TID: 2052
0x8055C700 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x8971F020 ] TID: 2084
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x88A155B8 ] TID: 2088
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88A31A08 ] TID: 2092
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x897E45D8 ] TID: 2100
0x8055C700 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x897289F8 ] TID: 2116
0x8055C700 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x8972A9F8 ] TID: 2120, 6094949 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89734BF0 ] TID: 2124
0x8055C700 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x89727DA8 ] TID: 2148
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89733DA8 ] TID: 2152
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889F53C8 ] TID: 2160
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x891FC888 ] TID: 2168
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x888F1958 ] TID: 2172
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88EEFA00 ] TID: 2176
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89718020 ] TID: 2188
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889E6B38 ] TID: 2196
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x888D3DA8 ] TID: 2204
0x8055C700 Faked ServiceTable-->wmpnscfg.exe [ ETHREAD 0x8895DC90 ] TID: 2220
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88FFBD28 ] TID: 2228
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88988DA8 ] TID: 2236
0x8055C700 Faked ServiceTable-->DivXUpdate.exe [ ETHREAD 0x889AF3D8 ] TID: 2244
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89717020 ] TID: 2280
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89711618 ] TID: 2292
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8897A020 ] TID: 2300
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x897036A8 ] TID: 2312
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89225A98 ] TID: 2320, 34209820 bytes
0x8055C700 Faked ServiceTable-->scheduler_proxy.exe [ ETHREAD 0x8887B950 ] TID: 2332
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8971FB80 ] TID: 2340
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89702278 ] TID: 2356
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x889AB020 ] TID: 2412
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x8881DC40 ] TID: 2416, 3276853 bytes
0x8055C700 Faked ServiceTable-->rrservice.exe [ ETHREAD 0x89701508 ] TID: 2448
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x896F49E8 ] TID: 2456
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89177A50 ] TID: 2480
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89700C10 ] TID: 2508
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89463DA8 ] TID: 2512
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x88915DA8 ] TID: 2532
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x886E0598 ] TID: 2536
0x8055C700 Faked ServiceTable-->LPMGR.EXE [ ETHREAD 0x88A70020 ] TID: 2540, 7929971 bytes
0x8055C700 Faked ServiceTable-->FSRremoS.EXE [ ETHREAD 0x88913DA8 ] TID: 2548
0x8055C700 Faked ServiceTable-->pbuilder.exe [ ETHREAD 0x887C9020 ] TID: 2556
0x8055C700 Faked ServiceTable-->DDMService.exe [ ETHREAD 0x88790850 ] TID: 2580
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x889A28F0 ] TID: 2600
0x8055C700 Faked ServiceTable-->DDMService.exe [ ETHREAD 0x8888AC38 ] TID: 2604
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x895FB020 ] TID: 2608
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x896EC5F8 ] TID: 2632
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8992DBC8 ] TID: 2636, 6553710 bytes
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x88B16348 ] TID: 2656
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889FBAE8 ] TID: 2664
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889B0DA8 ] TID: 2668
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8890B848 ] TID: 2672
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x89543AF8 ] TID: 2688
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x896E8DA8 ] TID: 2696
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89690BC8 ] TID: 2708
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8A082178 ] TID: 2712
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8885CDA8 ] TID: 2736
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88A8CA88 ] TID: 2760, 5374021 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x888B1C08 ] TID: 2764
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x887A0DA8 ] TID: 2768
0x8055C700 Faked ServiceTable-->HPTLBXFX.exe [ ETHREAD 0x88AAF020 ] TID: 2772
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x887D25A0 ] TID: 2784
0x8055C700 Faked ServiceTable-->TeaTimer.exe [ ETHREAD 0x887E6B30 ] TID: 2796
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x896E5BC8 ] TID: 2828
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x896E5770 ] TID: 2832
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x896E54F8 ] TID: 2836
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x896E99F0 ] TID: 2840
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x888AF020 ] TID: 2852
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88867B30 ] TID: 2876
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x896F3778 ] TID: 2888
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89753BF0 ] TID: 2892, 6684780 bytes
0x8055C700 Faked ServiceTable-->DDMService.exe [ ETHREAD 0x887C2B90 ] TID: 2912
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889DE4E0 ] TID: 2928
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x89396A68 ] TID: 2940
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x896FC9E8 ] TID: 2952
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89710890 ] TID: 2956
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8973FA30 ] TID: 2960
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x897AFDA8 ] TID: 2964
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89684020 ] TID: 2972
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8968EDA8 ] TID: 2976
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x889A33C0 ] TID: 2980
0x8055C700 Faked ServiceTable-->pdservice.exe [ ETHREAD 0x887CF7C0 ] TID: 2988
0x8055C700 Faked ServiceTable-->logmon.exe [ ETHREAD 0x896F6BC8 ] TID: 2992
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896D9470 ] TID: 2996
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88AA6AA0 ] TID: 3000
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889D4B30 ] TID: 3004
0x8055C700 Faked ServiceTable-->WLIDSVC.EXE [ ETHREAD 0x89681BC8 ] TID: 3016
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x893D2020 ] TID: 3028
0x8055C700 Faked ServiceTable-->WLIDSVCM.EXE [ ETHREAD 0x896D79F8 ] TID: 3032
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x896EFDA8 ] TID: 3044
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88818290 ] TID: 3048
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x888C85D0 ] TID: 3056
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x888CC020 ] TID: 3064
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x889EF5D0 ] TID: 3068
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88962DA8 ] TID: 3076
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88867DA8 ] TID: 3080
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x895B2358 ] TID: 3100
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x888678B8 ] TID: 3108
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889FB870 ] TID: 3116
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8967E760 ] TID: 3124
0x8055C700 Faked ServiceTable-->logmon.exe [ ETHREAD 0x89678808 ] TID: 3132
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8965E2E8 ] TID: 3144
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8882DDA8 ] TID: 3172
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x894C5780 ] TID: 3176
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8960BD00 ] TID: 3184
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x88BEAB90 ] TID: 3196
0x8055C700 Faked ServiceTable-->AwaySch.EXE [ ETHREAD 0x88849580 ] TID: 3204
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88A10020 ] TID: 3208
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88A40B30 ] TID: 3220
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x896512E8 ] TID: 3228
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x89645DA8 ] TID: 3240
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x89642520 ] TID: 3244
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8949CB48 ] TID: 3248
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88B6AAD8 ] TID: 3252
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x893B4020 ] TID: 3268
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x887C43F0 ] TID: 3272
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89642828 ] TID: 3284
0x8055C700 Faked ServiceTable-->DDMService.exe [ ETHREAD 0x889B17C0 ] TID: 3296
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89411020 ] TID: 3300
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x889D1DA8 ] TID: 3308
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889F4B30 ] TID: 3320
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x88A15328 ] TID: 3324
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x88861948 ] TID: 3336
0x8055C700 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x896275A0 ] TID: 3344
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8885E578 ] TID: 3356
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88D50DA8 ] TID: 3360
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8883F238 ] TID: 3364
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x890D1340 ] TID: 3368
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x896455C8 ] TID: 3372
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8963BDA8 ] TID: 3376
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8963DC00 ] TID: 3384
0x8055C700 Faked ServiceTable-->SeaPort.exe [ ETHREAD 0x89638670 ] TID: 3388
0x8055C700 Faked ServiceTable-->SeaPort.exe [ ETHREAD 0x896327F0 ] TID: 3392
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x887C1DA8 ] TID: 3396
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89627328 ] TID: 3400
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89632BB0 ] TID: 3404
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8962ADA8 ] TID: 3408
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89631DA8 ] TID: 3412
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89642DA8 ] TID: 3416
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8962B5E0 ] TID: 3420
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8962D9E8 ] TID: 3424
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89618DA8 ] TID: 3428
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8963D4B8 ] TID: 3432
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x896359F0 ] TID: 3436
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89635778 ] TID: 3440
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8962F590 ] TID: 3448
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8963CC08 ] TID: 3452
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8963C990 ] TID: 3456
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89628020 ] TID: 3460
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89628448 ] TID: 3464
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89625A18 ] TID: 3468
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x896257A0 ] TID: 3472
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x886D8020 ] TID: 3476
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89628DA8 ] TID: 3480
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89628B30 ] TID: 3484
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x896288B8 ] TID: 3488
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8962E9F0 ] TID: 3492
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8962E778 ] TID: 3496
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8962E500 ] TID: 3500
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89624020 ] TID: 3504
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x896245C0 ] TID: 3508
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89624348 ] TID: 3512
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89626020 ] TID: 3516
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x896265D8 ] TID: 3520
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89626360 ] TID: 3524
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89618020 ] TID: 3528
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x896185E8 ] TID: 3532
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89618370 ] TID: 3536
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89629DA8 ] TID: 3540
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x89629B30 ] TID: 3544
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x896298B8 ] TID: 3548
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x896293C8 ] TID: 3556
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8966A020 ] TID: 3560
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8966ADA8 ] TID: 3564
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898CFBC8 ] TID: 3576
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x898D0020 ] TID: 3580
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88C7EAB8 ] TID: 3584
0x8055C700 Faked ServiceTable-->DDMService.exe [ ETHREAD 0x888A2B38 ] TID: 3596
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A26B5B8 ] TID: 3600
0x8055C700 Faked ServiceTable-->wmpnscfg.exe [ ETHREAD 0x88841020 ] TID: 3604
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8895AB30 ] TID: 3612
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89872950 ] TID: 3628
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x889BA350 ] TID: 3644
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88C24020 ] TID: 3648
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89771B90 ] TID: 3652
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896D59F0 ] TID: 3660
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89762A30 ] TID: 3664
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A2B8598 ] TID: 3668
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8988CD10 ] TID: 3672
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89636DA8 ] TID: 3676
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8978C020 ] TID: 3680
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898726D8 ] TID: 3684
0x8055C700 Faked ServiceTable-->HPTLBXFX.exe [ ETHREAD 0x889B1020 ] TID: 3688
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896FB020 ] TID: 3696
0x8055C700 Faked ServiceTable-->DDMService.exe [ ETHREAD 0x887D1DA8 ] TID: 3708
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89498968 ] TID: 3720
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E73020 ] TID: 3760
0x8055C700 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x88DA5128 ] TID: 3776
0x8055C700 Faked ServiceTable-->AwaySch.EXE [ ETHREAD 0x888485A0 ] TID: 3784
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88CC9C70 ] TID: 3788
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8963A628 ] TID: 3796
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88CFC020 ] TID: 3804
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x8A277B38 ] TID: 3808
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x896279E8 ] TID: 3816
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x89844818 ] TID: 3820
0x8055C700 Faked ServiceTable-->rundll32.exe [ ETHREAD 0x899284F8 ] TID: 3828
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896DB8E0 ] TID: 3848
0x8055C700 Faked ServiceTable-->HPTLBXFX.exe [ ETHREAD 0x88A07898 ] TID: 3856
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897A7470 ] TID: 3864
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A67CDA8 ] TID: 3868
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89768DA8 ] TID: 3872
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89A10558 ] TID: 3880
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889D1460 ] TID: 3888
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8936D020 ] TID: 3904
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8921CC88 ] TID: 3912
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x88836020 ] TID: 3932
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89840448 ] TID: 3940
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8974EBC8 ] TID: 3944
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88BBDA40 ] TID: 3960
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889E7598 ] TID: 3980
0x8055C700 Faked ServiceTable-->wmpnscfg.exe [ ETHREAD 0x888339E8 ] TID: 3992
0x8055C700 Faked ServiceTable-->DLACTRLW.EXE [ ETHREAD 0x89727878 ] TID: 4020
0x8055C700 Faked ServiceTable-->HPTLBXFX.exe [ ETHREAD 0x898C62C8 ] TID: 4048
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8882B9E8 ] TID: 4052
0x8055C700 Faked ServiceTable-->wmpnscfg.exe [ ETHREAD 0x88876DA8 ] TID: 4056
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889EADA8 ] TID: 4068
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898BEB30 ] TID: 4088
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897C2BE8 ] TID: 4092
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x886EC020 ] TID: 4108
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889E47C0 ] TID: 4116
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89311020 ] TID: 4120
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x894FADA8 ] TID: 4168
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88647020 ] TID: 4184
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x895F63E0 ] TID: 4188
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89501020 ] TID: 4228
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x893BFDA8 ] TID: 4240
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x892492E0 ] TID: 4248
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88968BD0 ] TID: 4268
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x898E2DA8 ] TID: 4292
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x88BBE820 ] TID: 4296
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88D90020 ] TID: 4300
0x8055C700 Faked ServiceTable-->pbuilder.exe [ ETHREAD 0x895C5DA8 ] TID: 4304
0x8055C700 Faked ServiceTable-->HPTLBXFX.exe [ ETHREAD 0x895DCDA8 ] TID: 4316
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89763598 ] TID: 4348
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88839408 ] TID: 4376
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x8882E020 ] TID: 4396
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E7F368 ] TID: 4404
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88CA1828 ] TID: 4420
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8922D020 ] TID: 4468
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89179DA8 ] TID: 4488
0x8055C700 Faked ServiceTable-->notepad.exe [ ETHREAD 0x898E1AD8 ] TID: 4500
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89783570 ] TID: 4508
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x88771C48 ] TID: 4540
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A749BF0 ] TID: 4568
0x8055C700 Faked ServiceTable-->WLIDSVC.EXE [ ETHREAD 0x895E7460 ] TID: 4616
0x8055C700 Faked ServiceTable-->notepad.exe [ ETHREAD 0x88B19890 ] TID: 4632
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8897E6B0 ] TID: 4668
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8A669020 ] TID: 4748
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88A33DA8 ] TID: 4756
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88839DA8 ] TID: 4828
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x887A02E0 ] TID: 4876
0x8055C700 Faked ServiceTable-->pbuilder.exe [ ETHREAD 0x88795020 ] TID: 4916
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8896EAA0 ] TID: 4920
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89095A88 ] TID: 4936
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89262DA8 ] TID: 5012
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D64518 ] TID: 5028, 4325888 bytes
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x88FE0DA8 ] TID: 5064
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x894E4DA8 ] TID: 5084
0x8055C700 Faked ServiceTable-->WLIDSVC.EXE [ ETHREAD 0x8A25BB30 ] TID: 5088
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x89456890 ] TID: 5104
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F96818 ] TID: 5120
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88E35020 ] TID: 5124
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x88A9CBD8 ] TID: 5152
0x8055C700 Faked ServiceTable-->pbuilder.exe [ ETHREAD 0x88D08968 ] TID: 5228
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8A2DC2E0 ] TID: 5244
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89633B30 ] TID: 5276
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8869ADA8 ] TID: 5288
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x8A2B3020 ] TID: 5316
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x88D76020 ] TID: 5324
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8917B020 ] TID: 5356
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8904B220 ] TID: 5360
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x890DAA10 ] TID: 5380
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88A11588 ] TID: 5520
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x895B04D0 ] TID: 5524
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88F70D38 ] TID: 5528
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x895E7A50 ] TID: 5568
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88702470 ] TID: 5572
0x8055C700 Faked ServiceTable-->IPSSVC.EXE [ ETHREAD 0x88F07020 ] TID: 5592
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x892F9020 ] TID: 5640
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x88A96578 ] TID: 5652
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B1CA10 ] TID: 5684
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x88A7A950 ] TID: 5696
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x89392D28 ] TID: 5700
0x8055C700 Faked ServiceTable-->notepad.exe [ ETHREAD 0x892BC928 ] TID: 5712
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88AF6738 ] TID: 5716
0x8055C700 Faked ServiceTable-->SeaPort.exe [ ETHREAD 0x88EDDDA8 ] TID: 5796
0x8055C700 Faked ServiceTable-->plugin-container.exe [ ETHREAD 0x886A2DA8 ] TID: 5804
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x894B46B8 ] TID: 5840
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x887731A0 ] TID: 5856
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x89337020 ] TID: 5940
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88F5E020 ] TID: 5944
0x8055C700 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x88A4CDA8 ] TID: 5980
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x891907D0 ] TID: 5984
0x8055C700 Faked ServiceTable-->WLIDSVC.EXE [ ETHREAD 0x895D2020 ] TID: 5988
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x88ACE740 ] TID: 6020
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x88978CE0 ] TID: 6036
0x8055C700 Faked ServiceTable-->notepad.exe [ ETHREAD 0x890BE020 ] TID: 6064
0x8055C700 Faked ServiceTable-->ccsvchst.exe [ ETHREAD 0x889B8418 ] TID: 6068
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [adpu160m.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [qcserxp.sys]
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [qcmdmxp.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [keyscrambler.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [afc.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [e100b325.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [amsint.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [tvtfilter.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [aha154x.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [afd.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [ks.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [usbport.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [Hdaudio.sys]
WARNING: Virus alike driver modification [portcls.sys]
WARNING: Virus alike driver modification [dac960nt.sys]
WARNING: Virus alike driver modification [asc3550.sys]
WARNING: Virus alike driver modification [cpqarray.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [b57xp32.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [ini910u.sys]
WARNING: Virus alike driver modification [symc810.sys]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [nwrdr.sys]
WARNING: Virus alike driver modification [PELMOUSE.SYS]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [ASPI32.SYS]
WARNING: Virus alike driver modification [hitmanpro35.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [usbohci.sys]
WARNING: Virus alike driver modification [kmixer.sys]
WARNING: Virus alike driver modification [mraid35x.sys]
WARNING: Virus alike driver modification [psadd.sys]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [tvtpktfilter.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [ADIHdAud.sys]
WARNING: Virus alike driver modification [dac2w2k.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [PELPS2M.SYS]
WARNING: Virus alike driver modification [mrxdav.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [i2omp.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [sparrow.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [dpti2o.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [usbuhci.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [mbam.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [asc3350p.sys]
WARNING: Virus alike driver modification [DLARTL_N.SYS]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [mouclass.sys]
WARNING: Virus alike driver modification [ABP480N5.SYS]
WARNING: Virus alike driver modification [kbdclass.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [hpn.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [usbstor.sys]
WARNING: Virus alike driver modification [asc.sys]
WARNING: Virus alike driver modification [http.sys]
WARNING: Virus alike driver modification [GEARAspiWDM.sys]
WARNING: Virus alike driver modification [RimSerial.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [perc2.sys]
WARNING: Virus alike driver modification [fdc.sys]
WARNING: Virus alike driver modification [sym_hi.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [USBkey.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [sym_u3.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [wdfldr.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [symc8xx.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [ql10wnt.sys]
WARNING: Virus alike driver modification [AmdPPM.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [srv.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [ultra.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [usbaapl.sys]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [mbamswissarmy.sys]
WARNING: Virus alike driver modification [update.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [ql1080.sys]
WARNING: Virus alike driver modification [ql1240.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [DRVNDDM.SYS]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [ndproxy.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [imapi.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [ql12160.sys]
WARNING: Virus alike driver modification [mrxsmb.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [irbus.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [ql1280.sys]
WARNING: Virus alike driver modification [wdf01000.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [toside.sys]
WARNING: Virus alike driver modification [PROCDD.SYS]
WARNING: Virus alike driver modification [atnt40k.sys]
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [aliide.sys]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [dmusic.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [viaide.sys]
WARNING: Virus alike driver modification [intelide.sys]
WARNING: Virus alike driver modification [perc2hib.sys]
WARNING: Virus alike driver modification [aic78u2.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [swmidi.sys]
WARNING: Virus alike driver modification [DLACDBHM.SYS]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [aic78xx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [usbhub.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [drmk.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [cmdide.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [serscan.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [pmemnt.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [cd20xrnt.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
WARNING: Virus alike driver modification [bpictyljieip.sys]
WARNING: Virus alike driver modification [fdxnmiudwgei.sys]
WARNING: Virus alike driver modification [i2omgmt.sys]
WARNING: Virus alike driver modification [iaStor.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [DRVMCDB.SYS]
WARNING: Virus alike driver modification [ndiswan.sys]
WARNING: Virus alike driver modification [PELUSBLF.SYS]
WARNING: Virus alike driver modification [mqac.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [ac97intc.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [atapi.sys]

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 11 February 2011 - 04:43 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 14 February 2011 - 03:28 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 junk2535

junk2535
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 14 February 2011 - 09:15 AM

Sorry. I was away from the computer all weekend. here is the log from combo fix

Attached Files

  • Attached File  log.txt   50.91KB   4 downloads


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 14 February 2011 - 02:08 PM

  • Click Start, click Run, type Notepad, and then click OK.
  • Copy the following text, and then paste the text into Notepad.
net stop wuauserv
cd %systemroot%\SoftwareDistribution
ren Download Download.old
net start wuauserv
net stop bits
net start bits
net stop cryptsvc
cd %systemroot%\system32
ren catroot2 catroot2old
net start cryptsvc
  • Click File, click Save As, and then type Repair.bat.
  • In the Save as type box, click All Files.
  • In the Save in box, click Desktop, and then click Save.
  • On the File menu, click Exit.
    Double-click the Repair.bat file

Now I need you to go to windows update and download any update that it wants you to download.

Once that is complete please rerun combofix for me and if it asks you to update please allow it to.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 junk2535

junk2535
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 16 February 2011 - 12:32 PM

I was away from the computer yesterday but now i think the virus has been removed!

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 16 February 2011 - 01:15 PM

Yes but I am trying to fix something else now


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 19 February 2011 - 02:17 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 junk2535

junk2535
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 21 February 2011 - 06:18 PM

Grrr! keeps going to junk file. So, you are telling me there are more problems with this computer?
Please tell me what else I need to do......

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 21 February 2011 - 09:27 PM

hello

what part are you having problems with ?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 junk2535

junk2535
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 23 February 2011 - 09:50 AM

Hello,
No problems now. so far.
I thought you were working on another problem. Maybe I misunderstood . I found your last post (16 February 2011 - 12:15 PM) in my spam file. I thought you wanted me to do something else....

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 23 February 2011 - 10:26 AM

Hello


yes it looks like you have a busted catroot folder - it will cause problems down the road if we don't fix it - so I want you to run my instructions from post 7 please



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 PM

Posted 26 February 2011 - 01:56 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users