Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Update not happening


  • This topic is locked This topic is locked
113 replies to this topic

#1 WandaLou

WandaLou

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 08 February 2011 - 03:01 PM

Dear Friends,

I have been attempting to properly do my windows updates with security patches, but for some time now, they have not been properly downloading and installing. The installation process stops as a box appears telling me that these features are running:

Module Program Description
smss.exe Windows NT Session Manager
winlogon.exe Windows NT Logon Application
services.exe Services and controller app
lsass.exe LSA Shell (export version)

I have the program SUPERantispyware on my system and have run it fully. Also, my online service provided some support help and they downloaded Combofix, ran it and found that my system is apparently clean. I have Spybot Search & Destroy as well as HiJack This and have run them both, but do not understand the HiJack This well enough to know how to use it properly. In fact, since the SP3 became available, my system has not allowed me to install it so I have researched and downloaded so many programs that convinced me they could help. So far, nothing has helped.

However, whenever I research how to turn off the above programs, I am finding that they each have rampant reports as being virus. They do not allow you to kill them nor do they allow shutdown so that my updates can properly be handled.

The security person who helped me with the combo fix, was startled to see that the safe boot was not working on my system.


I have a SONY Vaio Computer Pentium 4CPU 3Ghz/ 2.99 GHz / 1.00 GB Ram using Windows XP 32 bit Home Edition Version 2002 with Service Pack 2

The HiJack this LOG I just ran shows the following:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:01:00 PM, on 2/8/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\SymcPCCULaunchSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\GPDBWatcher.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\sony\Wireless adapter\ZDWLan.EXE
C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - - (no file)
N3 - Netscape 7: # Mozilla User Preferences
// This is a generated file!

user_pref("browser.activation.checkedNNFlag", true);
user_pref("browser.bookmarks.added_static_root", true);
user_pref("browser.search.defaultengine", "http://www.google.com/");
user_pref("browser.startup.homepage_override.mstone", "rv:1.0.2");
user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-1");
user_pref("prefs.converted-to-utf8", true);
user_pref("timebomb.first_launch_time", "1150743395953000");
user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file");
(C:\Documents and Settings\LU\Application Data\Mozilla\Profiles\default\y585q6s6.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Wireless Adapter Manager] C:\Program Files\sony\Wireless adapter\ZDWLan.EXE -minisize
O4 - HKLM\..\Run: [AutoEJCD_0ACE20FF] C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE /VID=0ACE /PID=20FF
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [combofix] C:\ComboFix\CF23173.cfxxe /c C:\ComboFixCombobatch.bat
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - http://www.auctiva.com/Aurigma/ImageUploader55.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - http://www.egames.com/trials/158/ZenerchiWeb.1.0.0.8.cab
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} - http://www.egames.com/trials/74/SandScript.1.0.0.21.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - http://clubgames.pogo.com/online2/pogop/diner_dash/DinerDash.1.0.0.80.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://aolsvc.aol.com/onlinegames/chuzzledeluxe/popcaploader_v10.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\Sony\Giga Pocket\shwserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Internet Security. (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Live Client Connector (SierraLiveClientConnector) - Unknown owner - C:\Program Files\Sierra\ERA Trial\LiveConnector.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media DB Sync Service (VAIOMediaDBSyncService) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\GPDBWatcher.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14893 bytes


Please help. I believe it to be important to keep my patches up to date.

Edited by Budapest, 08 February 2011 - 08:26 PM.
Moved from AII ~BP


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:52 AM

Posted 13 February 2011 - 09:22 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 WandaLou

WandaLou
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 13 February 2011 - 06:56 PM

Thank you. I have printed this information out and will begin working on this tomorrow morning.

#4 WandaLou

WandaLou
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 14 February 2011 - 09:28 AM

Ok. Good Morning and Happy Valentines Day to you.

This morning I downloaded all the programs listed above and followed the directions.

1. Ran DDS and created txt file
2. Ran DeFogger - but it did not ask me to reboot my machine
3. Ran GMER and not a minute after it started, a box appeared stating "RANDOM TITLE has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something the information might be lost." There were two buttons - a DEBUG and a CLOSE. When I hit the close button, the computer went into restart and during restart began the system tools scan to repair all errors or disk check. As soon as that is completed and it reboots I will start over.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:52 AM

Posted 14 February 2011 - 05:29 PM

Please post the DDS logs. Then run RKU as below (this is like Gmer)

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
Posted Image
m0le is a proud member of UNITE

#6 WandaLou

WandaLou
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 14 February 2011 - 08:20 PM

From a laptop: here it is 12 hours later and my computer is still running the same scan disc, 49% completed stage 4 of 5. I have never shut my system off when it was running a scan disk. It should be completed in the morning and I will post as you requested. thank you so much.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:52 AM

Posted 14 February 2011 - 08:30 PM

Okay. Once the scan has been completed post the results. If it fails go to the RKU option :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 WandaLou

WandaLou
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 15 February 2011 - 12:02 PM

GMER froze up several times, so I ran the RK unhooker, here is that report:


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4530176 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 93.71 )
0xF41AD000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3997696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 93.71 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2252800 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2252800 bytes
0x804D7000 RAW 2252800 bytes
0x804D7000 WMIxWDM 2252800 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB83CA000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110214.035\NAVEX15.SYS 1355776 bytes (Symantec Corporation, AV Engine)
0xF3FD0000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1269760 bytes (Agere Systems, SoftModem Device Driver)
0xB79FF000 C:\WINDOWS\system32\DRIVERS\AE1000XP.sys 815104 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver)
0xECB03000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0xF74AB000 SYMEFA.SYS 671744 bytes
0xF7407000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB853D000 C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS 544768 bytes (Symantec Corporation, Symantec AutoProtect)
0xED2B0000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xED162000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF09E6000 C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0xF3F4F000 C:\WINDOWS\system32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xEEACC000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110214.001\IDSxpx86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0xF0A8C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB9419000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF7561000 SYMDS.SYS 356352 bytes
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB94E3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF0A3F000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xF7620000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF73DA000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB959C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xED347000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xED3DA000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF414F000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF09C0000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0xED394000 C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver)
0xB9470000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF4106000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF4176000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xED3B8000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xED372000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xF099F000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806FD000 ACPI_HAL 134400 bytes
0x806FD000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF75B8000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF75F0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xED110000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF0AF7000 C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys 110592 bytes (Microsoft Corporation, Microsoft Protection Service Helper Driver)
0xF73BF000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF75D8000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7494000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF3FB9000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF0B99000 C:\WINDOWS\system32\drivers\SBREdrv.sys 94208 bytes (Sunbelt Software, Anti-Rootkit Engine)
0xF0A77000 C:\WINDOWS\system32\DRIVERS\msfwdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0xB838E000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110214.035\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xF4129000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF4199000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF0AE4000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF413D000 C:\WINDOWS\system32\DRIVERS\LMouKE.Sys 73728 bytes (Logitech Inc., Logitech Filter Driver for Mouse Class.)
0xF754F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF760F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF3FA8000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEE407000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF774F000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys 65536 bytes (Logitech, Logitech Mouse Filter Driver)
0xF773F000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF6AC3000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF767F000 ohci1394.sys 61440 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF777F000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF77CF000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF772F000 C:\WINDOWS\system32\DRIVERS\L8042mou.Sys 57344 bytes (Logitech Inc., Logitech PS/2 Mouse Filter Driver.)
0xF768F000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 53248 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF776F000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76CF000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF787F000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF778F000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76AF000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF0E37000 C:\WINDOWS\System32\Drivers\Defrag32.SYS 49152 bytes (Raxco Software, Inc., Defragmentation Support Driver)
0xF76EF000 Defrag32b.sys 49152 bytes (Raxco Software, Inc., Defragmentation Support Driver)
0xF783F000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 49152 bytes (Microsoft Corporation, Microsoft Malware Protection Minifilter)
0xF626A000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76FF000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF775F000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF769F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF627A000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF78BF000 C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0xF77AF000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF621A000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF76BF000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF0E87000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF788F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF78CF000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF766F000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF625A000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF78AF000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEDC4D000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF76DF000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF6AD3000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF49ED000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF791F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF793F000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF79A7000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF79B7000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xF7A6F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF78EF000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF49C5000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xF7977000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF0BF0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF49BD000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF02A2000 C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys 24576 bytes (Logitech, Logitech HID Filter Driver)
0xF799F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF0292000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7907000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF49CD000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xF7A1F000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF0BF8000 C:\WINDOWS\system32\DRIVERS\HidBatt.sys 20480 bytes (Microsoft Corporation, Hid Battery Driver)
0xF7927000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78F7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF49DD000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF49D5000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF49E5000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF796F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xEE354000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A4F000 C:\WINDOWS\System32\Drivers\ZDPSp50.sys 20480 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 SPR Protocol Driver)
0xF7A87000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF334D000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7383000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF7A97000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF0FE9000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7A7F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A83000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xEE23E000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF3359000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF098F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF5D30000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7B5F000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7BFF000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7BE3000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B73000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7B6F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7BF3000 C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys 8192 bytes (Logitech, Logitech Keyboard Filter Driver)
0xF7BB5000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7BB7000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B8B000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7B8D000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7BA7000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B71000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CA7000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7CD4000 C:\WINDOWS\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
0xEDEAC000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7D12000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech Inc., Logitech Consumer Control Filter Driver.)
0xF7C45000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C37000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F79DA8 ] TID: 156
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F56020 ] TID: 160, 2687008 bytes
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86EBD9F0 ] TID: 164
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85B6D720 ] TID: 168
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85438020 ] TID: 180
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86EBFDA8 ] TID: 184, 7209071 bytes
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85B6E020 ] TID: 188
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85F6FDA8 ] TID: 196
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86EBCDA8 ] TID: 200
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85F70958 ] TID: 216
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F51958 ] TID: 224
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F4CDA8 ] TID: 228, 8781826 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x854EE2E8 ] TID: 236, 20055880 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F57710 ] TID: 240
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F48020 ] TID: 252
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86EB5B30 ] TID: 256, 8781837 bytes
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x853D1B48 ] TID: 260
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x854DFDA8 ] TID: 264
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F46840 ] TID: 272
0x80561500 Faked ServiceTable-->chrome.exe [ ETHREAD 0x85447900 ] TID: 276
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F23958 ] TID: 284
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F6D6E0 ] TID: 288
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86EB6D10 ] TID: 328
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85B38600 ] TID: 336
0x80561500 Faked ServiceTable-->VzCdbSvc.exe [ ETHREAD 0x85541878 ] TID: 340
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F70DA8 ] TID: 348
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C40730 ] TID: 356
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x85F48DA8 ] TID: 360, 8781872 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C49948 ] TID: 400
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F4E958 ] TID: 404
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F50508 ] TID: 416
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FAEB80 ] TID: 420
0x80561500 Faked ServiceTable-->chrome.exe [ ETHREAD 0x85B2AA30 ] TID: 428
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F3E020 ] TID: 432
0x80561500 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85C73950 ] TID: 436
0x80561500 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85C50468 ] TID: 444
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C92908 ] TID: 448
0x80561500 Faked ServiceTable-->chrome.exe [ ETHREAD 0x85DE55B0 ] TID: 456
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F59770 ] TID: 464
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F56B90 ] TID: 468
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B328D0 ] TID: 472
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F3A508 ] TID: 492
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F4CB30 ] TID: 516
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F45DA8 ] TID: 532
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85B47DA8 ] TID: 544
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x854B2790 ] TID: 548
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85CEADA8 ] TID: 580, 7536686 bytes
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x854AFDA8 ] TID: 588, 7864421 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BDE2F8 ] TID: 596, 196611 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85508618 ] TID: 600, 7209074 bytes
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x853E0DA8 ] TID: 604, 1355512 bytes
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x85F2A730 ] TID: 640, 7929971 bytes
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F22020 ] TID: 648, 3342445 bytes
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F6C6B0 ] TID: 652
0x80561500 Faked ServiceTable-->smss.exe [ ETHREAD 0x86AF49F0 ] TID: 680, 393238 bytes
0x80561500 Faked ServiceTable-->smss.exe [ ETHREAD 0x86A58B38 ] TID: 684
0x80561500 Faked ServiceTable-->smss.exe [ ETHREAD 0x86806388 ] TID: 688
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85E74C40 ] TID: 696
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85451020 ] TID: 700
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85B033A0 ] TID: 704
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85F325F8 ] TID: 732
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x853E2A78 ] TID: 752
0x80561500 Faked ServiceTable-->ViewMgr.exe [ ETHREAD 0x85383DA8 ] TID: 756
0x80561500 Faked ServiceTable-->chrome.exe [ ETHREAD 0x85B2E5B8 ] TID: 768
0x80561500 Faked ServiceTable-->csrss.exe [ ETHREAD 0x86EEC808 ] TID: 776
0x80561500 Faked ServiceTable-->csrss.exe [ ETHREAD 0x867D08F0 ] TID: 784
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F13958 ] TID: 812
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x852B59B8 ] TID: 816
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x853BBDA8 ] TID: 820
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86040DA8 ] TID: 824
0x80561500 Faked ServiceTable-->ViewMgr.exe [ ETHREAD 0x853709A8 ] TID: 828
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8603DDA8 ] TID: 832
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x867C2DA8 ] TID: 864
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x867C2B30 ] TID: 868
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x86B175D8 ] TID: 872
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8681DDA8 ] TID: 876
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86164498 ] TID: 880
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86BA9B98 ] TID: 884
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86B6F650 ] TID: 888
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8682ADA8 ] TID: 892
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86042DA8 ] TID: 908
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8612EDA8 ] TID: 920
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86A4D958 ] TID: 924
0x80561500 Faked ServiceTable-->WinPatrol.exe [ ETHREAD 0x85BF3DA8 ] TID: 928
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85493590 ] TID: 932, 7012467 bytes
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x86B16AB8 ] TID: 936
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86029020 ] TID: 948, 6094963 bytes
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x86023020 ] TID: 952
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x860237A0 ] TID: 956, 3801155 bytes
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x8601F8E0 ] TID: 960
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85E964B8 ] TID: 964
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F10390 ] TID: 968
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x8601D7D0 ] TID: 976
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x8601FDA8 ] TID: 984
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x86021DA8 ] TID: 992, 196611 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F0EB80 ] TID: 1004
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x86010DA8 ] TID: 1016, 34209795 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8601C840 ] TID: 1020
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8601C5C8 ] TID: 1024, 7471204 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8601C350 ] TID: 1028
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x8600E4B8 ] TID: 1040, 3801155 bytes
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8550F020 ] TID: 1048
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8601EDA8 ] TID: 1060, 7471172 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86017958 ] TID: 1064
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x860176E0 ] TID: 1068, 1203984 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86017468 ] TID: 1072
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FF72E8 ] TID: 1084
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FE0DA8 ] TID: 1100
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86009DA8 ] TID: 1104
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F14DA8 ] TID: 1116
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F0A5C8 ] TID: 1120
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8600EDA8 ] TID: 1136
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85EFF730 ] TID: 1152
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F02730 ] TID: 1156
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EFF4B8 ] TID: 1168
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FE0020 ] TID: 1172
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86005DA8 ] TID: 1184
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FE0B30 ] TID: 1196
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86020B50 ] TID: 1200
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FE1738 ] TID: 1216
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EEF2F8 ] TID: 1220
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86020660 ] TID: 1224
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F15DA8 ] TID: 1244
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x860058E0 ] TID: 1252, 5046388 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FDCDA8 ] TID: 1256
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C65978 ] TID: 1280
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8601BDA8 ] TID: 1324
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8546F718 ] TID: 1328
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FE2900 ] TID: 1336
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85B463A8 ] TID: 1344
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C92B80 ] TID: 1352
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x855608A8 ] TID: 1360
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FD3730 ] TID: 1376
0x80561500 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85FCD958 ] TID: 1388
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x854F1630 ] TID: 1400
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x853DFDA8 ] TID: 1404
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FCA730 ] TID: 1408
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85FD34B8 ] TID: 1416
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FEADA8 ] TID: 1420
0x80561500 Faked ServiceTable-->MDM.EXE [ ETHREAD 0x8555D908 ] TID: 1448
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FB3DA8 ] TID: 1456
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FB3B30 ] TID: 1460
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FB38B8 ] TID: 1464
0x80561500 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x854D4020 ] TID: 1496
0x80561500 Faked ServiceTable-->Crypserv.exe [ ETHREAD 0x85FB8B80 ] TID: 1504
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FB2508 ] TID: 1512, 7864421 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FB7BE8 ] TID: 1516
0x80561500 Faked ServiceTable-->Crypserv.exe [ ETHREAD 0x85FAB2E0 ] TID: 1532
0x80561500 Faked ServiceTable-->Crypserv.exe [ ETHREAD 0x85FA1DA8 ] TID: 1540
0x80561500 Faked ServiceTable-->Crypserv.exe [ ETHREAD 0x85FA1B30 ] TID: 1544
0x80561500 Faked ServiceTable-->Crypserv.exe [ ETHREAD 0x85FA18B8 ] TID: 1548
0x80561500 Faked ServiceTable-->VzCdbSvc.exe [ ETHREAD 0x85F9E020 ] TID: 1556
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FB1DA8 ] TID: 1564
0x80561500 Faked ServiceTable-->chrome.exe [ ETHREAD 0x85BA5DA8 ] TID: 1572, 5963808 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FB0DA8 ] TID: 1584
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BE4020 ] TID: 1624
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FBC3F8 ] TID: 1632
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BC8020 ] TID: 1640
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86BC8958 ] TID: 1644
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FBADA8 ] TID: 1648
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FBAB30 ] TID: 1652
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85FBA8B8 ] TID: 1656, 7274612 bytes
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85F0D5A0 ] TID: 1672
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85F2E730 ] TID: 1676
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CBEB88 ] TID: 1680
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F31020 ] TID: 1684
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85F82978 ] TID: 1688
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85F2E020 ] TID: 1692
0x80561500 Faked ServiceTable-->Crypserv.exe [ ETHREAD 0x86A622E0 ] TID: 1696
0x80561500 Faked ServiceTable-->shwserv.exe [ ETHREAD 0x86BC4B30 ] TID: 1708, 7536749 bytes
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85F056B0 ] TID: 1720
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85FA69A8 ] TID: 1724
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x86EC8DA8 ] TID: 1732
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85EFBDA8 ] TID: 1740
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85E98D78 ] TID: 1744
0x80561500 Faked ServiceTable-->GPDBWatcher.exe [ ETHREAD 0x85E96B80 ] TID: 1748
0x80561500 Faked ServiceTable-->jqs.exe [ ETHREAD 0x860455F8 ] TID: 1752
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85E95020 ] TID: 1760, 7209065 bytes
0x80561500 Faked ServiceTable-->jqs.exe [ ETHREAD 0x860E76E0 ] TID: 1764
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x86045958 ] TID: 1788
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85E954B0 ] TID: 1800
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BBDDA8 ] TID: 1808
0x80561500 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85500020 ] TID: 1824
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86ED1730 ] TID: 1828
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x8681CDA8 ] TID: 1840
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F89640 ] TID: 1848, 7209051 bytes
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86ECBDA8 ] TID: 1864
0x80561500 Faked ServiceTable-->SymcPCCULaunchSvc.exe [ ETHREAD 0x86ED3470 ] TID: 1876
0x80561500 Faked ServiceTable-->SymcPCCULaunchSvc.exe [ ETHREAD 0x85FA5B88 ] TID: 1880
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F7DDA8 ] TID: 1900
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85FA7960 ] TID: 1904
0x80561500 Faked ServiceTable-->jqs.exe [ ETHREAD 0x86ECA8D0 ] TID: 1908
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F77020 ] TID: 1912
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86BC7728 ] TID: 1916, 1015256 bytes
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86ED3DA8 ] TID: 1920
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86ED5B88 ] TID: 1924
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85E94020 ] TID: 1928
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86A62DA8 ] TID: 1936
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86AE98C0 ] TID: 1944
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86EC2B80 ] TID: 1952
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F85728 ] TID: 1956
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85E91DA8 ] TID: 1960, 3539000 bytes
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86EC7B88 ] TID: 1972
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F74C90 ] TID: 1980
0x80561500 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x8548EDA8 ] TID: 2008
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85BCA728 ] TID: 2012
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85B841A0 ] TID: 2024
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F80DA8 ] TID: 2028
0x80561500 Faked ServiceTable-->chrome.exe [ ETHREAD 0x85BDE020 ] TID: 2032
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x853E99A0 ] TID: 2060, 8061020 bytes
0x80561500 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8542D020 ] TID: 2068
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85BEC6E8 ] TID: 2072
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B836E0 ] TID: 2104
0x80561500 Faked ServiceTable-->VzCdbSvc.exe [ ETHREAD 0x85E8BDA8 ] TID: 2108
0x80561500 Faked ServiceTable-->VzCdbSvc.exe [ ETHREAD 0x85F62020 ] TID: 2112
0x80561500 Faked ServiceTable-->VzCdbSvc.exe [ ETHREAD 0x85F52020 ] TID: 2116
0x80561500 Faked ServiceTable-->VzCdbSvc.exe [ ETHREAD 0x85E76020 ] TID: 2120
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x852B45A0 ] TID: 2128, 3145784 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F63590 ] TID: 2160
0x80561500 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85E89DA8 ] TID: 2164
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85307500 ] TID: 2168
0x80561500 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85E7F6E0 ] TID: 2184
0x80561500 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85E35410 ] TID: 2196
0x80561500 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85F66B80 ] TID: 2200
0x80561500 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85F3CDA8 ] TID: 2204
0x80561500 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85E1EDA8 ] TID: 2212, 3538995 bytes
0x80561500 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85E1DDA8 ] TID: 2216
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x852C0B00 ] TID: 2256
0x80561500 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85F3C4B8 ] TID: 2264
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85D55DA8 ] TID: 2280
0x80561500 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85E1A4D0 ] TID: 2332
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85451580 ] TID: 2336
0x80561500 Faked ServiceTable-->explorer.exe [ ETHREAD 0x85E76CD8 ] TID: 2340
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x853CADA8 ] TID: 2360, 7209074 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D737D8 ] TID: 2364
0x80561500 Faked ServiceTable-->VzCdbSvc.exe [ ETHREAD 0x8556E430 ] TID: 2372
0x80561500 Faked ServiceTable-->PDSched.exe [ ETHREAD 0x85E06020 ] TID: 2376
0x80561500 Faked ServiceTable-->PDSched.exe [ ETHREAD 0x85E06B30 ] TID: 2384
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x853E1DA8 ] TID: 2396
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x8547CA98 ] TID: 2436
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85E8E4C8 ] TID: 2440
0x80561500 Faked ServiceTable-->VzFw.exe [ ETHREAD 0x85DF5020 ] TID: 2452, 7077993 bytes
0x80561500 Faked ServiceTable-->VzFw.exe [ ETHREAD 0x85E07DA8 ] TID: 2456
0x80561500 Faked ServiceTable-->VzFw.exe [ ETHREAD 0x85E07B30 ] TID: 2460
0x80561500 Faked ServiceTable-->VzFw.exe [ ETHREAD 0x85F53AF8 ] TID: 2464
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DF6B80 ] TID: 2468
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x853F3B08 ] TID: 2472
0x80561500 Faked ServiceTable-->VzFw.exe [ ETHREAD 0x85DF4020 ] TID: 2476
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85BE7DA8 ] TID: 2480
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E1D908 ] TID: 2484
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DF4730 ] TID: 2488
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DF2DA8 ] TID: 2492
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F3DB80 ] TID: 2496
0x80561500 Faked ServiceTable-->VzFw.exe [ ETHREAD 0x85E09338 ] TID: 2504
0x80561500 Faked ServiceTable-->VzFw.exe [ ETHREAD 0x85DEA020 ] TID: 2508
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CE1508 ] TID: 2512
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x86ACD7F8 ] TID: 2516
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C4C020 ] TID: 2520
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85541AF0 ] TID: 2536
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C48020 ] TID: 2544, 130 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C5D748 ] TID: 2548
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DEADA8 ] TID: 2560, 983050 bytes
0x80561500 Faked ServiceTable-->chrome.exe [ ETHREAD 0x85468020 ] TID: 2576, 3473459 bytes
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DCBB88 ] TID: 2608
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E14B30 ] TID: 2612
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DED748 ] TID: 2624, 6619182 bytes
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DECDA8 ] TID: 2632
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DF1B98 ] TID: 2636
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x852BB020 ] TID: 2640, 5046312 bytes
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DE15A0 ] TID: 2656
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F815A0 ] TID: 2668
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x854F8020 ] TID: 2676
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x8542FDA8 ] TID: 2680
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DF3B80 ] TID: 2696
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DEBC70 ] TID: 2700, 20032272 bytes
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x855682E8 ] TID: 2712
0x80561500 Faked ServiceTable-->SUPERAntiSpyware.exe [ ETHREAD 0x85C20B80 ] TID: 2728
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DDB510 ] TID: 2740
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85E0B958 ] TID: 2760
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EF9858 ] TID: 2764
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EF7AD8 ] TID: 2768
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DD3418 ] TID: 2772
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DFB378 ] TID: 2788
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DE4C90 ] TID: 2804
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85E0C5A0 ] TID: 2812
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F7C978 ] TID: 2820
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DFDDA8 ] TID: 2836
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x868A6140 ] TID: 2840
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85FA0510 ] TID: 2848
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DDBDA8 ] TID: 2856
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DC0A68 ] TID: 2864
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DFBB80 ] TID: 2876
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85B2E020 ] TID: 2888
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DC64D8 ] TID: 2896
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x85DC3DA8 ] TID: 2900
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DC3B30 ] TID: 2904
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x85DC5B80 ] TID: 2908
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x85DC5908 ] TID: 2912
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C35020 ] TID: 2916
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C59658 ] TID: 2924
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DCFDA8 ] TID: 2940
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DB2020 ] TID: 2944
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8555DB80 ] TID: 2952
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85EEF9F0 ] TID: 2956
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DC8020 ] TID: 2960
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DC6A88 ] TID: 2964
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85C4ADA8 ] TID: 2980
0x80561500 Faked ServiceTable-->Crypserv.exe [ ETHREAD 0x85DB94B8 ] TID: 2988
0x80561500 Faked ServiceTable-->SUPERAntiSpyware.exe [ ETHREAD 0x85C23DA8 ] TID: 3004
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CF6910 ] TID: 3008
0x80561500 Faked ServiceTable-->ViewMgr.exe [ ETHREAD 0x85C05DA8 ] TID: 3016
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DC7710 ] TID: 3040
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DFCDA8 ] TID: 3044
0x80561500 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85DFEA78 ] TID: 3048
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85EE9020 ] TID: 3056
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85EE9DA8 ] TID: 3060
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85EE9B30 ] TID: 3064
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DB2908 ] TID: 3068
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86ECDDA8 ] TID: 3072
0x80561500 Faked ServiceTable-->lexbces.exe [ ETHREAD 0x85C45B98 ] TID: 3076
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DB7B88 ] TID: 3084
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85DBF840 ] TID: 3088
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85F27B90 ] TID: 3100
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DB6618 ] TID: 3140
0x80561500 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85D7B3D0 ] TID: 3168
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D55848 ] TID: 3176
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D55408 ] TID: 3180
0x80561500 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85D482B0 ] TID: 3192
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x86AF6770 ] TID: 3196
0x80561500 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85D4F850 ] TID: 3200
0x80561500 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x854EB020 ] TID: 3220
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x852B6B00 ] TID: 3224
0x80561500 Faked ServiceTable-->SUPERAntiSpyware.exe [ ETHREAD 0x85C32020 ] TID: 3232
0x80561500 Faked ServiceTable-->chrome.exe [ ETHREAD 0x85B28020 ] TID: 3244
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x853E59B8 ] TID: 3256
0x80561500 Faked ServiceTable-->SUPERAntiSpyware.exe [ ETHREAD 0x85C64DA8 ] TID: 3260
0x80561500 Faked ServiceTable-->shwserv.exe [ ETHREAD 0x8557F2E0 ] TID: 3352
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x85CC4020 ] TID: 3388
0x80561500 Faked ServiceTable-->VzFw.exe [ ETHREAD 0x855515D0 ] TID: 3408
0x80561500 Faked ServiceTable-->VCSW.exe [ ETHREAD 0x85584440 ] TID: 3440
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x854EA3B8 ] TID: 3456
0x80561500 Faked ServiceTable-->WinPatrol.exe [ ETHREAD 0x85BDDDA8 ] TID: 3500
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8557E610 ] TID: 3508
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x854F6020 ] TID: 3552
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85BFBA78 ] TID: 3572
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x8548D870 ] TID: 3580
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85C97020 ] TID: 3592
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85C95300 ] TID: 3616
0x80561500 Faked ServiceTable-->services.exe [ ETHREAD 0x85DF0838 ] TID: 3632
0x80561500 Faked ServiceTable-->alg.exe [ ETHREAD 0x85551358 ] TID: 3636
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85C88800 ] TID: 3644
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85CE88B0 ] TID: 3648
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85438DA8 ] TID: 3672
0x80561500 Faked ServiceTable-->wmiprvse.exe [ ETHREAD 0x85BDA688 ] TID: 3696
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85DA8960 ] TID: 3700
0x80561500 Faked ServiceTable-->SUPERAntiSpyware.exe [ ETHREAD 0x853849C0 ] TID: 3704
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85461580 ] TID: 3708
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85422598 ] TID: 3716
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x852BADA8 ] TID: 3728
0x80561500 Faked ServiceTable-->jqs.exe [ ETHREAD 0x8532A890 ] TID: 3744
0x80561500 Faked ServiceTable-->wmpnetwk.exe [ ETHREAD 0x85C81DA8 ] TID: 3748
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85C734E8 ] TID: 3768
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85C654D8 ] TID: 3772
0x80561500 Faked ServiceTable-->ccSvcHst.exe [ ETHREAD 0x85C705B8 ] TID: 3776
0x80561500 Faked ServiceTable-->chrome.exe [ ETHREAD 0x854CDB00 ] TID: 3780
0x80561500 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8554D4B0 ] TID: 3784
0x80561500 Faked ServiceTable-->chrome.exe [ ETHREAD 0x854DE8E8 ] TID: 3788
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85447DA8 ] TID: 3800
0x80561500 Faked ServiceTable-->lexbces.exe [ ETHREAD 0x85C5E6C8 ] TID: 3820
0x80561500 Faked ServiceTable-->lexbces.exe [ ETHREAD 0x85C52B80 ] TID: 3824
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85514A18 ] TID: 3828
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x853EB580 ] TID: 3836
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8549A710 ] TID: 3848
0x80561500 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85C61AF8 ] TID: 3852
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B03DA8 ] TID: 3856
0x80561500 Faked ServiceTable-->lexbces.exe [ ETHREAD 0x85C73DA8 ] TID: 3860
0x80561500 Faked ServiceTable-->lexbces.exe [ ETHREAD 0x85C66C28 ] TID: 3864
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F38748 ] TID: 3876
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F58B98 ] TID: 3880
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85B46020 ] TID: 3888
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C53B80 ] TID: 3892
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C55730 ] TID: 3896
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C58668 ] TID: 3900
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C54020 ] TID: 3904
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C63378 ] TID: 3908
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C7C810 ] TID: 3912
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C625C0 ] TID: 3920
0x80561500 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8555F848 ] TID: 3924
0x80561500 Faked ServiceTable-->AluSchedulerSvc.exe [ ETHREAD 0x85BCDDA8 ] TID: 3928
0x80561500 Faked ServiceTable-->csrss.exe [ ETHREAD 0x85C5ADA8 ] TID: 3944
0x80561500 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85C5A6D8 ] TID: 3956
0x80561500 Faked ServiceTable-->ViewMgr.exe [ ETHREAD 0x85567DA8 ] TID: 3960
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85562020 ] TID: 3968
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C52020 ] TID: 3980
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C4F4C8 ] TID: 3988
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C51B80 ] TID: 3996
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x854D34F0 ] TID: 4000
0x80561500 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x86EC4B88 ] TID: 4004
0x80561500 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85C3F730 ] TID: 4008
0x80561500 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85C55DA8 ] TID: 4012
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x853B6DA8 ] TID: 4016
0x80561500 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85DE6960 ] TID: 4048
0x80561500 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C7BDA8 ] TID: 4056
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85B35DA8 ] TID: 4084
0x80561500 Faked ServiceTable-->iexplore.exe [ ETHREAD 0x85B2B020 ] TID: 4092
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [msfwhlpr.sys]
WARNING: Virus alike driver modification [NdisIP.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [SLIP.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [AGRSM.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [StreamIP.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [GEARAspiWDM.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [CCDECODE.sys]
WARNING: Virus alike driver modification [kmixer.sys]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [WSTCODEC.SYS]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [TVICHW32.SYS]
WARNING: Virus alike driver modification [atwpkt2.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [USBSTOR.SYS]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [fdc.sys]
WARNING: Virus alike driver modification [MpFilter.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [atwpkt264.sys]
WARNING: Virus alike driver modification [wanatw4.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [ndproxy.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [imapi.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [MSPQM.sys]
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [DMusic.sys]
WARNING: Virus alike driver modification [1394bus.sys]
WARNING: Virus alike driver modification [MSPCLOCK.sys]
WARNING: Virus alike driver modification [swmidi.sys]
WARNING: Virus alike driver modification [defrag32.sys]
WARNING: Virus alike driver modification [defrag32b.sys]
WARNING: Virus alike driver modification [intelide.sys]
WARNING: Virus alike driver modification [MSTEE.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
WARNING: Virus alike driver modification [ohci1394.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [enum1394.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [MSKSSRV.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [msfwdrv.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
WARNING: Virus alike driver modification [NABTSFEC.sys]
WARNING: Virus alike driver modification [asctrm.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [ndiswan.sys]
WARNING: Virus alike driver modification [atapi.sys]
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [scsiport.sys]

#9 WandaLou

WandaLou
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 15 February 2011 - 01:35 PM

DDS Report



DDS (Ver_10-12-12.01) - NTFSx86
Run by Lu at 19:06:59.60 on Sun 02/13/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.255 [GMT -5:00]

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\SymcPCCULaunchSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Media Integrated Server\GPDBWatcher.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\sony\Wireless adapter\ZDWLan.EXE
C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lu\Desktop\BLEEPING COMPUTER\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
BHO: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.5.0.125\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.5.0.125\coIEPlg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: WebFerret: {a58686ed-fc46-44c3-95c6-4a812ab776f1} - c:\program files\ferretsoft\webferret\FerretBand.dll
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
TB: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Copernic Agent Results: {6f480f82-c3a6-4d35-96f7-b297ad49fbe8} - c:\program files\copernic agent\CopernicAgentExt.dll
EB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Wireless Adapter Manager] c:\program files\sony\wireless adapter\ZDWLan.EXE -minisize
mRun: [AutoEJCD_0ACE20FF] c:\program files\autoinstall\zd1211b_auto_install_cd_only_gen_0ace20ff\AutoEJCD.EXE /VID=0ACE /PID=20FF
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRunOnce: [combofix] c:\combofix\cf23173.cfxxe /c c:\ComboFixCombobatch.bat
uPolicies-explorer: LegacyDrive = 6db2e18c583e9a8e0b36bf3703b54fa0c6b6abb06c853f345e7364315ece8578c811817c17575161aa16eb55c8096623e36e5e0519729aba00eaecd9a3435965c8bc7aa175d22226b2fc4132db8f99094369274fe56ab533c84f9b03156e685d02f71c94a47a985505a9528b775f4d7f28e24944f665365284d2ef718dc625d978dc99972d2e8f3228197f8fcb410d12f9d53b06e014de3f16d2114efde8b36214eeff9c4ae39aa001b489eb16d73cc108decb675d4c7f9341a7942171cf3d07578de98b766fc5b309d482fee7435851aa014b3410e2ad3ea15fe4ce93e96dfcea7d21d0e379ecb7b193ae8b20ccb69da64087dd0ae949a6c8a86588bf2cdf4a2a15e52fd159a87980e76a2cb98bd814a6129b0951ae2a72179be2085a0358dc7720ee9cf8a0a4120a4d31ed31ed52c43a6763ed5871282c1a15c5fded09e2fd2ccc52bfefab7f168a360d2b57f0baccb64a890751d31ff8a5a96ddfbd338f754112f481b054c0a6eaeb6e7ff15ebaedf0bfbeb07ddd5b351bbadaaf0340d369df242f4e5b685a29fb3913b95543e4b45e7c7f4f8662f8a38c8432559644977681db0da8769e2583be7f9537d7d6e872c7627484b08a8dc0a5e9f826bc0aa2406470924af9da1d9596c4592d2bed31d3bacfa885a4577d027b2751f49548dcc8f9bbeaa87b0da4aa292c1147e679dd0e551e5899f9a2c1c19abac50eea634371682d523685da853405276d47a9ea60000b5d799ac9bae030e508c24c2e6c34c6055663af24ae870423f230e141bda54410a334146f5dc662b926b6ee3c64e4eded8b0509593f3daadfb8ef741d6bd310a8e74a3000fdefcdc3236fb3201a9a408fcfba69bf7f23aefdd01f0b2ec3fb9c4d2f9d48d535f05dabb5a5d9a4c2d67f4854ea2ad63db862875fef2d171bb527820c8ed50bf6803783f9749cc80be0ba8ca4a3fe58bb3021d0f2effc380ee09d37a9829ac5db2bf3a5def6586128e17f7494e8c3def72131895ef2e8219882c625f56d413f4cbc92d1431419d0ca2dfdd5e9861371bc5801c1bbc8a3433f60ade842c0926b6791a5e03abb7e90b8d8a004e312e85860ae46e8f26fdae50b3691de0ea90a3ec6339274fd4b53514afac8b12a97745d52d5d430440092792184fba1beafb30ef9b8a8464eff4458a596e7776e0194e9f03aea1fdef857262c9a31883e20de24c7acfeb965fbddf65c4a961c3cf9d7afc3e2e471ffe9df90b3d4461ffc5dbdc334860eaf172d6ed224e0014e46f2a12db4cfdb4f168c3ba7e9c3caa7249dd4f91c30ef70a50cf8383e7a10e067df82e875845f286eadf09603909ec50afe07ac2f4652a9e657bfc5a324823a4e4dd132f1fb3cd2b40b3d770c7010402fd2c4cccb7b9245f7746f9d6aebdd17ebd8060a08e00bf9e10b7a9a672a50be41fee8fcbc36839bca8d464346f997ca8026ca4af522fd775e5a402fedc5f953d35f87d605d92613408f13644abaf0f07be769c47da718255089a62591453475fb3af97add2e1b2ca3afe524f93114bdf81316ff9d2900fac0bf80f4a4db12c7cdc3778411bf635cf22076c12b816ec8894d9bd2fc81936beeb42672d354957a0232fe71c3411b7fa99a2c3122c432d74ca4335e2a0a0ec93357356568db833417bc50b808b73baa5d6f26eebe0581c7b3e8cc4851ef570b19a54d241de3f05864a5268b90163578beedcba5aefc41952406203f8ed2e5bfe67d014cda14cb246a2b62bb605307b7ed6aca91374a318b04f24e382c28db3e4e62895bc3e796a6d0329e182097b34a7128af808ddac9e77ce4671bf86833ec21557162728c90fef442ff43b1a541756cc244d4a18fa6efdd65c3fad1899602779f87dd1e41112bb53c222d46fdc5dac146fe30fb25f5c9f62757ae63c9fa6f652fc0749819bd8e52129cd129ea3ea6b567a51c9638117fb92a682cd89edba395403bc7ded7e0d9e15ddd7693f2625accd9377faf7bae403aafd7be1b38f283c68f2a65c4e380ad4e5f05791aab4c5f75b51f5392b171cb225e9420248cac38ffdb6462cec5df81fbdff16d0f955b9096c8d285eb6c4067fa5e50ca58efdbb44376ab5086a384e79d10650b1a190b1647eeb7d30de6317a14170de22c232df2ec54875898ec287e48b679ba47e1c2c5ba0eec6f82a88b916374bf1b4265698a4e7ac1f7e36250ba8ecc15a466be0f88873651fac3115956932d9e0454cb68fbb037e4845aaa7841fe6f546d77454a654305df683584a29b6abbbc507e25c9870069e6b523390bf2c5b67a9b5d56a53a62e26ddfbe2fa22a61fd55f7852a3d33372659ee13a7d7b24f9e3514fa69a688864ab77a8518329ab03442772dbfd94f120a4f25254e4b15e59ee7e5cf190fdcda642ad7954457fd9990f7cc63cfa5c2c4209492b373815fdb929ed93661cfaadd6418101f8356cbd00a2e39e3f444c03b69ad6cbf85a6d9ad5b8654303af13d342e4faf79ca7c63e625c1d22123049a5ceaf63b2371e42682324a3e9efae1e8918840ef510ea2318f84ea99df42e44d1acece2800f3176a221366aeffbdde1d6e82a0e23c0592dd15525f9ca871bf87063af95a4b6aa6d981f7b7bec1a1d1baf79bca580eb88723e9bef78eb374d43d1a274780bb4c011ada668746572bcdfcdde207705d0fbcdbbb521c7fc68d93e56e459e6a314bdef9d79b6a1a5f846a2c3909e2eeb687cb45bc99689539be39d740eb28e6bfa68f29ce37e6493bc0159fd272d902dc006adde6545b84c481c1c8d4fa97c88701610b1e6210ccb260269577f01a0f4125fe1948ec5f1728f96d8d2c015beccb2a09abab73bfe19a8629fe74a21b94b3260c8ca8f2ea6eca6d0d844fcd693cf99309cf3354b8205cbf01e763dc5b0e94929d5bb16cb850459ca45035419b0298e586fac84ab497b966d2278aac18525afb8dc0b55d3fbccd2fbda817680ffe7570cb89d494dc1c0c5a828307129aba26ae205de0d4f260ac30d600220fbff95d2a4cfaa3bf925648e71bfccf232ea95338515c253d0d0ab7f2f194b953c2d9f6816d70c1b071f4cb13073a25c7e4f14da19f2aa5ccc01824b41a154c235ce65caae240c643d18be33462e5e6377e6a0ed78cb3201d869c156c534b10aa516e93a030c3f1a407de0775a1ca272766182255bfa6f3b660b72145a7439ac8945af7022b01022b1a3c759d9c6c05d09ddb9f881f96f24ddc7b2d1c2d920a5c2aa00b1313fa035aee98d90e726a89c924ef6b11c003b8cfdaf8fb4a02c5e9a3b4b44b312d1fc5d068694291c3bf44bafa437b0e566a964e22a259ff5f39f06eb87a83f2b8190a713bd06325234ba1a04c42a70ec1e4f6bb307cc4d49b4f4e7251c36fd41dc77095ecbd6e221e95dd2a44a5689df5b9f8cd07dfb062521ed0acb765d93761c2f1a04bd48aa803833f87adeefe824aa56cc03b19855a005083b146de020421106142966a6b1c5c54375fe3104c819596ef09795dc544d4679a320626a287fe9b6fdefdd3665aa7b2708e5aeff19ac060fe97a078ca36fa0d62a3525f9bb04c57482f790cb09f718b3f0c22d87b3067303adedc9112a0f17c129f3ed1faafc416dd011d5f483082a17228785ca695559f8e0ba5d6b284cde43c10ee72fec80d86b604705790ce4b5fec969bb36226539003d9b636e20804f9d3c6589573cdd1c269b7f008eb7241d59b83ee3ecd13187061160cd7a32a868c58cb9aa54f62a659f27e84641b6104ad29be992752c152f53a500cd1c590e6ae2aacf69c4ad23aed3f7dd29637fa6cd78325ff1feb74bc2a4538416c45aa1f11b297fc41072bcb73d4d1ef084c05bf92070c4188ed40353e56a756146fcbdcede0c645e3ac9d553858cf5c904f2db75e85eb999d5bf80bc0c28b32eba4fed1637fe00e4353467972bf61f24ad16756eab99849b6a42fbbff2ab7175530d187055cd90ce0cbc6ce3e0752b043335b2861898a4e1e07323318647b734649bf0e80be347342e2ccdeade059e4ce1ef54c23b7a1215b2c2c05d75e5656c88da0363a4b72d93dbcf02c1ecce51c2574fafb6a382c26ebf57de5dcd9e9923eb39bfeb36d611091d65eaf35a5fee299bb2f3629a9cf60d37260245e920376fc3fa4de22ee7221979c19921dcb4014f56b2e266e327d8799025c3fb333908e492bb9229f2fd78c53780cf53e8aa30d9bc152456b2dbc3e179f3a815804db7054f2a97c09812f99ef5c38efd918d8d31dc4b1f5f4c1ec6fdb24d3958edc797c93df7a981ce4c1fe803d6a23e9b81de74cc39bd29fd3969d4606c6f4ce06397add31eb0e69f8964c2985cb5749a142d662d46e3da9ce554e66059fdfa9a0eddd38946cef91cb0da9227c0fa75c795d2eaffc9a677b7daea68a256b87de87703cae8b4e25abaaeaa187612225b8dfb48b7a015bac13813a305a6a7ea57ad040cff4bda83fe36e582784c0086df5e56dfeda3d5b60658d1f3c9cc51e88223aecd64db7b8eae2c1801fe3208107a89af2523102f1f1bb72be7a91d427cf25a743fa5fff635c35ce46077c638c68fe306d29ccd0ab55d548c5beb88e6e9cd7cf473d76add5a646619129d89b55c973963ec0bb76b071d6dd9a9eceb9fbdb365fa54311de4069ef8d939159e7ff216f994c52d0d8a82bbaf8edb0723b2357e7e746bb929b4994a0e25ae75309ff687aa62ee38b309ac3c14a50cb6374e60fc8f594b40fc28bf70fa18870918ea898bd5e7e8ad3a263061cce0dbb1f9b63c617a99076a5695752c33aa65df9d26d98d3e0b0c992efdb7b228e5795464cae5a502d4b0314e74fa66296b364a785e7006fa274ed2830dfac29bcd154f2527672b6f02314163b3b21307153ecd89f94082514615d30153a7b18d2e12f4a99bb54ff4a78ec050bf66fbec33d636377aea22dc310f12768aac8f3514d040ed38a44a8332294b369be493a23e02bf40d1ada19507d6a74585551b9db13831a178bdb155b60bd90c8bcf9275944f3c5214b0171d445156b95897f9c78be0ea67a9d0546437deb3cabac6dd1e06c4f03fe3ba8e2e0584f3a35829172d60325b456ed614edba4ad592d9c39980d64eba2c8e49b440ce28321f9cbf19b7bb13ff7d89005bb85bbd58d5b3e218815554aff1a4ba28cee9d7dc911e0ed09df10d046b5260d5b55e81a738c05c2c211612573b1ae00e1a93c2e0954126f3f063d69213768eccae4ad7a4732ab074f54d9fd2eb019d683033d91ff2b30b6d9fdd7a982b8c5c7b6b92f7bfef296577897a664da1a5fb6b55a7243f717eef4b4aa1bfd26f3a66af292fffbac5a00329e02cfaac51e05aa1d4e10fa1eb6d5f687ae9ae0f35aba247b28bc1cd58e68b76400f99654c522eb204348de607dee2fe1da711cfb28f5851fe09f4eb0ac04051426e2c50ae30e5a3eb0aea51a1ba842e0365a69f6978c1280a3a35d340c17306acc9927227326cb982cebea2dd301cd581921d34878af6713c6f830100bb8878190e02e7638963fed137c623e313543b7b425448329796ed01968ae30dab83e40ab836188003b53a31bec80a0dca4c1f4a7daca13e0b2fc8a909f7a85854c1222b5e60b2622741eef016bc2aa1a7dacc672b397a928bb41a19d83b61dd706d01d2866ffe70a3c46fc4e2c864a76bcffa35f66146e22eb4e9d3debd7a4deeeb3fa16e056e70b09ffbb60d385c1c77a40c172b51cc9ca98eb2d64b900cd3192f996f526dc4cfae7668605d89ffa89efb2fa1bbdfc3f265063e6e059e9b87c8a80aea14220b41c6c1895aed1a4a1b9f89cb9b386bf2ffde814fa7ff764ceed299ff149047c4baad960bd3bae81b4867c4bfef39b02dc8b7aaa58029324d9f59e99f470051b85b3998aff3683b500ea7dc229c242d02cb77242da26769bdf30574540302a8c69f559c4b384a63889ac6c63cae128636f4639aa6e0ce4f7defb9b845b4e7f81acc423c2a3f493b545e195962bce2ee6285468192cb1538e69634ac5b4f5c277cd2d1a99fb22f805e131c6eb7ead99dbb3437b88f6debecb4ac78feb6f11ce1b56341d44d7f83805a69584f88418ea38b208e520ab4ada551242a906ea3b81720509f8abbfec5b9aebb84295440e33684bcbbfbab89f39aef7cf20d6239efab584c2f3d15719c809cd99e3295585c7bc1ee7af21d83a72e2bb67aa40cbf315135a763bd1ce4f52eca5965e61b5529c8db9ec214309e4bf1dbfa9c3280f85515642fb072a1f9ac753a92acb7111ecdb7a8422c45d48d205e607c8cbe26bda2083ea6f5f06e442eb92eb64206461808a29496355ab57bc05b04920671f7a51c865b5bf641747f34f21d9585c7e7e7bfbc67083848953984e4ce58bb980296772b1c449f200a77148d3ee9819cb0884e5f619db8b479c3510434d749cfc4658c543684e101afc89b5689a54a3f04aa7c484eaf8d38276d0538a50afadd0c5bf76d3e7186d22995fb81f48a53403d68c0a22d7ac837000351d45dcd5dd5dc1dce823039e4d2f6718260ddbd7df406416d5865726235ecc13b8c85085ad4cdae4d6e33d00c0983f6b6ffa0789f8fe62812f31796c228153c2b44f9b1288c5a4f7216aaa4747f35b8dac5c95bacf3872172146827e664457ca5f08478ca6cc6dffd9caf13ffa0889b5167640d6253695760d323b29f5bc1572cc5b0b5324a66bafdc551e9a4fa37fd3cbf66d8f45c29f794bab38f639ea9cadb0f181474452497375dd8f2ee1080041b7946c0b6f6e1c80b9d46772b3b8800f5e6992aaac53700fc0b2b844345cf332da6238993abcf155953ff4ed24c9f06aa1bf0b6508b9c9649f7b306734272abda6b22a1ca69512f1bfc554f594e458016ab91e23e6de25f117b88b1db6ac754a9cad90b11ed7609a9907333da54b6dbaee7235ecf3cb2a4c5d3051129043529e81f8e517c7548752f47371f525d0cadcd8c11cbbfe41050551f22f0de862816b098e97a23ea570ffab0e67c49eb5ab6586686054d46ccfd719756638c44c9ca1a68b77909bac52856c65ddfdf43865a4824556c77f64fe08517093557ee5781b15aebcb64a38e32c60cbea1ccc1a85f19719ab5b040e540073eb95826e85db7e55811b64f3f60be1cfa2853caa936d93b38c8967faaa935b27478d396c1f5536b8b179772ee84cd4d5fb3adb91925818522a3f938bba1b9be597ffc235957b29ac6f71fe4e6924b742a63392d0b711049b3539e337f67ccd9ba329e825b32f77de9a81abff3dbfbbb5aa123622065798a4c6811c592238d2e3c7c6f168cd346edde8b0ce85e23238b44960ced964ae3dbb6cc993f103f93651fbbb36c2956aee8baf00c48295250cc4c8ebe401febb5c1b698fdbf03c62bd736ce54102b374a3f3db48857139ee938677f8677897f2aa5935977dda0d451760bcafaf5acbd29cd1aee92abb40782511a74cd8b1dbaff1e020a8ed78f97c8b8a3f76804771e46c214b620d2d9a5bb2cc4eccf38ad14ba0469748f793f6941a5f391fbfd2f0062a7989cd58a425e87e0da481b1ba02fa75e724e7a01e98795adbde7541d6197e39f4eeb4b275e889296f1bd0f27b081734aec13735cb4d29d8b64e1c632ce1c486b2c6f499cbc16f266e40fba7b73db891dd66b091647caf1594f955df0e29f569f44c4a700bc2f77fe664c24d29cf218c925c5b7a3b52ebb3195b2549c9351c168caac2518fc251607137eaedff297c3c4213e8bcbbfe63dcedf51b1f1cb81d7355b476beae3398bb95cfd10004b12f166fa6eb559e9acfabd2984823008f1ac1275753ade0ef7d943709184cb9c847b7cec8cae94a5f2c8d3e223e8414abc3d0db9a6db1dfda090d7d25f61535cbdb2601af99ede5bf927fcfc894bd8882f71c123627ecc8e2f73dcb342e52a5a042522caf6341a99abb2f3a17f5af7573fc8b4ee105b63b11cf82950529134221b5149181eda8658e63a496d44dfb940e40794e83953cb55296e9413598202335e0ad891d1e54b869ec1146aba6a4892d7c4d4fd8c5d5cf5496cde071941a69c606b219972ea058fcda4e7d4036034188e4ab73b54fd7ee8b3c04c912a120cd3cbbe14a2cc95bd96f6880a1b11f2b710bec6fe04fadc84af93dad1562e0693937e126ff2a794b08e7f308924a0e2ef7cfa345764a87d836d8b3148815a2916d8ffb70587b70a635a7e697a9b0d6e7959c75f38df5cb0d29a4723597e64822c4c4bdd3c0dd877615669789586f4b3ffd68e5256fe33c05609bb10a5eb66526a847a9b13f17b75340a59f23706b83101963078015ca043828247c7c92a180d377e5fd3cdc158d71cecef9a7fe0a26c113e296c44ea4318b6e2746bbd15bcdfadd24ef5c9e69c71eb0676b97604c266b0e010802d547a1396e05095752e023421f0d23f23d634e27c1b5fe0157925ef5ebca1dc1aa5f24a176026b7536474a0d130747a3e7022ca9f2c95dc5cfdc691ba70fdfcaa53263b9aaf0019341f8c010d55b7b772135ec60e9900abfe885951e09a4ef2ada962dd1713d016e6a60ac6bb6f0e450a58a1ecafc73dd62f688d709887853f4e930d5aa5297fd5b027cad7386cc6a6f370905ef04f77a0d729918eee05be29610913601e320ac6f647b41ff08d2b57ff73485318300df2db43b01916baf1c1a7fa6e4005aac41d6539747b137c5688c29a5e8ebad7992bfff5aaa8aa97c22c354b3107cdf366042aea3c6454544f7b81591197b95f678f895d67a4acf95cfd5a5c040fff2b608e6b92991e2444e0de802ea00002964fff99f1fb75b1b06309d87695398a907ab3c036c6882f87da9a12f51fb853d421c7d7e440534437628e233f7f7c3ebfba5c8e81eed308da7f79f8c0af18890fe56d66c5badc9ec0b463e0c6f133168feb980f430e7f2ed9ae777105a73b209b5c9b42eff010b6dbb9ffb8304650b6f2b6ac327a270b5891973ba94e67e7ed8aac2b33f2b32e9d19e9ba8e6afba948cc1ba36f7c9076181496bc3ef8277bbf6e5256afdccbb0d2567f38a87f95848bc44f344a34127625e15da009e41d5d121196ee9787764140eb00a6c66c7a82beda4e11ebd4ff9ca1955d5ac525039c869075acc663895f3a7956129770c8370e24b8082c88458b8316d712ae08bd2182bb191890ac38f316dc06298d300937918ba0a688ec8c6b850afd19cd3e8da748cbe26a7ebfca3cbe60f999c9fa7ca618b73f7651837a6ab941f21de4a52c287eecb6e823b6460b3da3428f5861bf3536e9b0c7bdaeaa36f1245cd7e7b86cd7304f9920cc06c80aed485ac7456945802d3e9390033f6cf497bfb6abb9a799782a097f1992cc43a8d239eaa85a812867f48c5f5dc74b30f1f351638f21b8aac69766e5a8bc98df60f7cfe4a63d148cdf219ca76a7285bd2a0ad062d557ae7f7ed0b5e53dd71cd64c98c20bd0d17bb7e53e4b0c0656936343f7c5606695be80884efbe0c22521f91db8e77a39ca84cfc43dd746f692b86877f138e6b1d9d0504969e0062d0bd36a75c539ce9779f1e6e09c363cd9f2bf4009bbafa1422184925354e9e8a1d90254d0d593fde03bd8108effb00231753cc8cba17ba52f3036732e1d179c6050928f9eb17fdbe0d9fda01f415d03bdea088bb122abedaafa886fd13514ab61ae1e446933fb261f15eed304361369c670272ca7a34d8e292074815b0cddfdef07bc888035155f0dfbe4e8cb57e88ac2405ba00ac208d5b65daf2ecb6f19cb878af995ef431692634f1f46af53f9233f27e700866903604cc8fe72be9be08fe0cbf044d9506cf4db48dcaea73c9e75ff7dd0d03020ebe66bd78f79cb5ff57d92388843e7068caf39af81c06760e3bc33341aaa254de0fffdab688d1ed229cd2704471e1d98f40a440890771b5cf7e6fd75a4bf8a20279428940273fc5387dc1ecf7e4e2c5f977a35beeb4d350bd783374ca2ad796f27436cf9ae2bd07cc008a6c74c44950abb6f3106daf8df4efe112563217ae07d83e2cee3625b2f2ac81ac1a313406f332cf9e339d55f99b3841342238cb3e4f0f6845e785906ec80ac3c9154bdace8493034b5f5314675f92d6e7c7ddaf6d4478e4f86801aeab595191cfcba3e91a2bf8c5321db9f96d299f6fdbb1d0be86274bfef87c85dafedc54e6ac980d33a164e9218cc2ae75efbe8bacd523dc438e9d4f8d066f6bbb30125d9bb4621a9b53ea9530bf623578b076861d34c92e7d463a2409a3661cebd96e45eca1fa37946e7e279346bb5e5fd189e91fb0d591c80fe60d867ee4775dfce09afd10557bd942afe383db5fa025ad01b14f57c74dec6a112775cb3ef16459c21feccf79ede7eb3ba30fd0b11872a86775208f223b27ac7388c1a18c95cb26538479f0b55949d83d463539e5ef2b2d9a2c5dc48d68a62ad65e8e5ad010d9940dd6510e3db0c6e651db525cdfa2e13ec977f1a31a4297dc30f9c3a82071c4a756740f127c133ca89d3d51ec8b91438d7e71ba26fd581527026d97ae1359585fed495445ec7685c376068cca4c0359580200413fb3005128f293e1d704426cb14c2d9f7b06f3af6438d2f046e60fa42986991008b3e9d5d8262c7ec7e1a456c2ad4c7c39c7bb39de26d74a904c217917bcff8f069e8f818e2ea9156c051447bd9af9ec14089795ca1239b6956465085c1b572b4a88ad9022316496d21903f34a4216568e6fde4a0a2e475e26161a831b4e74b505bd4e77de39ea3ff7d88c1870a4c1eed213f704a3a284e9896ceba9b3fb5b40755e7954327c5f237fa7e5b985751f67a7cb2672653a1c08818f6a7860a54ca1b27e90ab55929af67767ac50fc62ca646b1fdd878e5b79fc8a8cb61cf051c12981b68c1be61024a3a127406a449b1599e180729fc14c082e59f309877950f6f8c7c7b1a36c29da800dd758a5fd2b36c6b113b1f874ff8fba5bfeb2cf357c23ecc35b2e15afa5685b3b21cfdae8e3736cf1c220c3190d3db5a67af4d6ae5f934c912533dfc7f9975000
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: &AOL Toolbar Search
IE: E&xport to Microsoft Excel
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~3\office\1033\phdintl.dll/phdContext.htm
IE: Search Using Copernic Agent
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: CabBuilder
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/pcpitstop.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134}
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1297620857046
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7}
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D}
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://clubgames.pogo.com/online2/pogop/diner_dash/DinerDash.1.0.0.80.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lu\applic~1\mozilla\firefox\profiles\3vqx4if2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\lu\application data\mozilla\firefox\profiles\3vqx4if2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\lu\application data\mozilla\firefox\profiles\3vqx4if2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\lu\application data\mozilla\firefox\profiles\3vqx4if2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\lu\application data\mozilla\firefox\profiles\3vqx4if2.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMyGames.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Read It Later: isreaditlater@ideashower.com - c:\docume~1\lu\applic~1\mozilla\firefox\profiles\3vqx4if2.default\extensions\isreaditlater@ideashower.com
FF - Extension: Echofon: twitternotifier@naan.net - c:\docume~1\lu\applic~1\mozilla\firefox\profiles\3vqx4if2.default\extensions\twitternotifier@naan.net
FF - Extension: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - c:\docume~1\lu\applic~1\mozilla\firefox\profiles\3vqx4if2.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Extension: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\docume~1\lu\applic~1\mozilla\firefox\profiles\3vqx4if2.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Extension: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - c:\docume~1\lu\applic~1\mozilla\firefox\profiles\3vqx4if2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - c:\docume~1\lu\applic~1\mozilla\firefox\profiles\3vqx4if2.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\docume~1\lu\applic~1\mozilla\firefox\profiles\3vqx4if2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - c:\docume~1\lu\applic~1\mozilla\firefox\profiles\3vqx4if2.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\docume~1\lu\applic~1\mozilla\firefox\profiles\3vqx4if2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: ScribeFire: {F807FACD-E46A-4793-B345-D58CB177673C} - c:\docume~1\lu\applic~1\mozilla\firefox\profiles\3vqx4if2.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1205000.07d\SymDS.sys [2011-1-30 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1205000.07d\SymEFA.sys [2011-1-30 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\bashdefs\20110114.001\BHDrvx86.sys [2011-1-30 691248]
R1 MpFilter;MpFilter;c:\windows\system32\drivers\MpFilter.sys [2006-6-11 27648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-2-3 98392]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1205000.07d\Ironx86.sys [2011-1-30 136312]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-3-15 3712]
R2 NIS;Norton Internet Security.;c:\program files\norton internet security\engine\18.5.0.125\ccSvcHst.exe [2011-1-30 130000]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.2.543\SymcPCCULaunchSvc.exe [2010-3-25 120248]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.2.543\ccSvcHst.exe [2010-3-25 126392]
R2 PDSched;PDScheduler;c:\program files\raxco\perfectdisk\PDSched.exe [2004-2-11 200771]
R2 VAIOMediaDBSyncService;VAIO Media DB Sync Service;c:\program files\sony\vaio media integrated server\GPDBWatcher.exe [2006-5-26 790528]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-10 24652]
R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [2011-1-25 816672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-9 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\ipsdefs\20110211.002\IDSXpx86.sys [2011-2-13 341944]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110213.003\NAVENG.SYS [2011-2-13 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.5.0.125\definitions\virusdefs\20110213.003\NAVEX15.SYS [2011-2-13 1360760]
S3 ADASPROT;SYSTWEAKASO;c:\program files\advanced system optimizer 3\adasprot32.sys [2010-7-26 6656]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 SierraLiveClientConnector;Live Client Connector;c:\program files\sierra\era trial\LiveConnector.exe [2009-3-13 776704]
S3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [2009-3-5 13359]
S4 gupdate1c9bf6ff610d786;Google Update Service (gupdate1c9bf6ff610d786);c:\program files\google\update\GoogleUpdate.exe [2009-4-17 133104]

=============== File Associations ===============

.txt=emeditor.txt

=============== Created Last 30 ================

2011-02-13 19:10:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\UAB
2011-02-13 19:10:33 -------- d-----w- c:\docume~1\lu\locals~1\applic~1\PC_Drivers_Headquarters
2011-02-13 19:10:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Driver Boost
2011-02-13 19:09:01 -------- d-----w- c:\program files\DriverBoost
2011-02-13 18:18:32 1044480 ----a-w- c:\windows\SMax4PNP.exe
2011-02-08 19:29:52 -------- d-----w- C:\!KillBox
2011-02-08 17:03:20 68886 ----a-w- c:\windows\system32\drivers\LMouFlt2.sys
2011-02-08 17:03:20 5846 ----a-w- c:\windows\system32\drivers\LKbdFlt2.sys
2011-02-08 17:03:20 52166 ----a-w- c:\windows\system32\drivers\L8042Pr2.sys
2011-02-08 17:03:20 23270 ----a-w- c:\windows\system32\drivers\LHidFlt2.sys
2011-02-08 17:03:20 19188 ----a-w- c:\windows\system32\LCoInst.dll
2011-02-08 16:47:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Innovative Solutions
2011-02-08 16:44:14 -------- d-----w- c:\docume~1\lu\locals~1\applic~1\Innovative Solutions
2011-02-08 16:44:02 -------- d-----w- c:\program files\Innovative Solutions
2011-02-07 22:45:59 -------- d-----w- c:\windows\LMIA4.tmp
2011-02-06 18:17:26 -------- d-----w- C:\h
2011-02-06 18:12:36 7168 ----a-w- c:\docume~1\alluse~1\applic~1\Z@!-78d4eb89-d76d-4244-833a-d9c60b87dadc.tmp
2011-02-04 20:01:25 -------- d-----w- c:\windows\system32\drivers\nss\0203000.02C
2011-02-04 20:01:25 -------- d-----w- c:\windows\system32\drivers\NSS
2011-02-04 18:46:04 -------- d-----w- c:\program files\Ask.com
2011-02-04 17:40:42 364607 ----a-w- c:\program files\common files\microsoft shared\ink\SKCHUI.DLL
2011-02-03 13:24:56 -------- d-----w- c:\docume~1\lu\applic~1\SUPERAntiSpyware.com
2011-02-03 13:24:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-02-03 13:24:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-03 10:27:28 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-03 10:27:28 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-02-03 10:27:01 -------- d-----w- C:\VIPRERESCUE
2011-01-31 11:19:09 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc27.tmp
2011-01-30 20:52:21 -------- d-----w- c:\docume~1\lu\locals~1\applic~1\NPE
2011-01-30 19:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 19:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-30 17:27:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\RegCure
2011-01-30 14:11:27 -------- d-sha-r- C:\cmdcons
2011-01-30 14:06:12 98816 ----a-w- c:\windows\sed.exe
2011-01-30 14:06:12 89088 ----a-w- c:\windows\MBR.exe
2011-01-30 14:06:12 256512 ----a-w- c:\windows\PEV.exe
2011-01-30 14:06:12 161792 ----a-w- c:\windows\SWREG.exe
2011-01-30 11:27:57 368248 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\symtdi.sys
2011-01-30 11:27:57 330360 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\symtdiv.sys
2011-01-30 11:27:56 652336 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\SymEFA.sys
2011-01-30 11:27:56 50168 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\srtspx.sys
2011-01-30 11:27:56 340016 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\SymDS.sys
2011-01-30 11:27:56 295032 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\symnets.sys
2011-01-30 11:27:55 509560 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\srtsp.sys
2011-01-30 11:27:55 136312 ----a-r- c:\windows\system32\drivers\nis\1205000.07d\Ironx86.sys
2011-01-30 11:27:33 -------- d-----w- c:\windows\system32\drivers\nis\1205000.07D
2011-01-25 20:43:06 816672 ----a-r- c:\windows\system32\drivers\AE1000XP.sys
2011-01-25 20:43:06 226592 ----a-r- c:\windows\system32\RaCoInst.dll
2011-01-21 17:27:13 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys
2011-01-21 17:27:13 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys
2011-01-21 17:27:12 -------- d-----w- c:\program files\AutoInstall
2011-01-21 17:12:41 -------- d-----w- c:\docume~1\lu\applic~1\Driver Smith

==================== Find3M ====================

2011-01-30 11:29:26 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-03-09 16:54:20 250880 ----a-w- c:\program files\UltimateEXPLORERHUS.exe
2009-03-09 16:54:19 264704 ----a-w- c:\program files\UltimateEXPLORER.exe

============= FINISH: 19:14:37.67 ===============

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:52 AM

Posted 15 February 2011 - 05:22 PM

Please run TDSSKiller now

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#11 WandaLou

WandaLou
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 15 February 2011 - 07:10 PM

Ok the TDSSKiller scan is below. Also, for your records, I re=attempted the GMER scan and it seems to freeze up the system at the same spot each time

Sections: C:\Windows|system32\drivers\sr.sys


TDSSKiller Report


2011/02/15 19:05:17.0750 1316 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/15 19:05:19.0765 1316 ================================================================================
2011/02/15 19:05:19.0765 1316 SystemInfo:
2011/02/15 19:05:19.0765 1316
2011/02/15 19:05:19.0765 1316 OS Version: 5.1.2600 ServicePack: 2.0
2011/02/15 19:05:19.0765 1316 Product type: Workstation
2011/02/15 19:05:19.0765 1316 ComputerName: 9535DEE118EC44B
2011/02/15 19:05:19.0906 1316 UserName: Lu
2011/02/15 19:05:19.0906 1316 Windows directory: C:\WINDOWS
2011/02/15 19:05:19.0906 1316 System windows directory: C:\WINDOWS
2011/02/15 19:05:19.0906 1316 Processor architecture: Intel x86
2011/02/15 19:05:19.0906 1316 Number of processors: 2
2011/02/15 19:05:19.0906 1316 Page size: 0x1000
2011/02/15 19:05:19.0906 1316 Boot type: Normal boot
2011/02/15 19:05:19.0906 1316 ================================================================================
2011/02/15 19:05:22.0687 1316 Initialize success
2011/02/15 19:05:39.0640 0876 ================================================================================
2011/02/15 19:05:39.0640 0876 Scan started
2011/02/15 19:05:39.0640 0876 Mode: Manual;
2011/02/15 19:05:39.0640 0876 ================================================================================
2011/02/15 19:05:42.0234 0876 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/15 19:05:42.0953 0876 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/15 19:05:43.0187 0876 ADASPROT (e9b047e166480f67fb6d50b3eec8bd35) C:\Program Files\Advanced System Optimizer 3\adasprot32.sys
2011/02/15 19:05:44.0921 0876 AE1000 (678c8fdb9d6094d41f322b7159853c54) C:\WINDOWS\system32\DRIVERS\AE1000XP.sys
2011/02/15 19:05:46.0093 0876 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/02/15 19:05:46.0984 0876 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/02/15 19:05:47.0937 0876 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/02/15 19:05:49.0500 0876 AgereSoftModem (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/02/15 19:05:51.0234 0876 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/15 19:05:54.0703 0876 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/15 19:05:57.0312 0876 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/15 19:05:58.0156 0876 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/15 19:05:59.0281 0876 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/15 19:05:59.0984 0876 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/15 19:06:00.0765 0876 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/15 19:06:01.0515 0876 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110114.001\BHDrvx86.sys
2011/02/15 19:06:02.0562 0876 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/15 19:06:03.0015 0876 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/15 19:06:03.0734 0876 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/15 19:06:04.0125 0876 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/15 19:06:04.0843 0876 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/15 19:06:06.0390 0876 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/15 19:06:07.0625 0876 Defrag32 (a4034899eba1f11f6edebeb568a27705) C:\WINDOWS\system32\drivers\Defrag32.sys
2011/02/15 19:06:08.0093 0876 Defrag32b (09e0d8db0ad818c9b94f375e7fadae3a) C:\WINDOWS\system32\drivers\Defrag32b.sys
2011/02/15 19:06:08.0500 0876 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/15 19:06:09.0078 0876 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/15 19:06:09.0500 0876 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/02/15 19:06:10.0000 0876 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/15 19:06:10.0375 0876 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/15 19:06:10.0703 0876 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/15 19:06:11.0453 0876 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/15 19:06:11.0812 0876 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/15 19:06:12.0312 0876 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/02/15 19:06:12.0640 0876 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/02/15 19:06:13.0250 0876 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/15 19:06:13.0671 0876 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/15 19:06:14.0140 0876 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/15 19:06:14.0468 0876 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/15 19:06:15.0093 0876 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/15 19:06:16.0109 0876 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/15 19:06:16.0593 0876 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/15 19:06:17.0390 0876 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/15 19:06:18.0140 0876 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/15 19:06:18.0703 0876 HidBatt (13c0d55da4b7148ef980e130b85d9f2c) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/02/15 19:06:19.0453 0876 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/15 19:06:20.0296 0876 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/15 19:06:20.0687 0876 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/15 19:06:21.0250 0876 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/15 19:06:21.0718 0876 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/15 19:06:22.0765 0876 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/15 19:06:23.0375 0876 IDSxpx86 (0308238c582a55d83d34feee39542793) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110215.001\IDSxpx86.sys
2011/02/15 19:06:23.0859 0876 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/15 19:06:24.0640 0876 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/15 19:06:25.0093 0876 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/15 19:06:25.0609 0876 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/15 19:06:26.0078 0876 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/15 19:06:26.0406 0876 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/15 19:06:26.0843 0876 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/15 19:06:27.0359 0876 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/15 19:06:27.0750 0876 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/15 19:06:28.0234 0876 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/15 19:06:28.0593 0876 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/15 19:06:28.0953 0876 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/15 19:06:29.0453 0876 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/15 19:06:29.0890 0876 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/15 19:06:30.0500 0876 L8042Kbd (0f5ae6805ef05dbbe205e5b196cadf31) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/02/15 19:06:31.0046 0876 L8042mou (ee1c6c057a83f93ad9ae7cdf12f0baa0) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/02/15 19:06:31.0562 0876 L8042Pr2 (956e6d0d0994491bcf62c3bcd4d05ce4) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
2011/02/15 19:06:31.0921 0876 LBeepKE (17638894e150efee66d97bce8f037519) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/02/15 19:06:32.0625 0876 LHidFlt2 (27bbea62dfafc495e956d3911ebc3045) C:\WINDOWS\system32\DRIVERS\LHidFlt2.sys
2011/02/15 19:06:32.0968 0876 LHidKe (eaed22460dad9ccd9c9a58c78e717497) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2011/02/15 19:06:33.0390 0876 LKbdFlt2 (bbc297ea4fc97fc7b85f70915345c80a) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
2011/02/15 19:06:33.0765 0876 LMouFlt2 (45df10f44f6a140a4f3dd377676603f2) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
2011/02/15 19:06:34.0140 0876 LMouKE (d1fd76ea56cd653d7b55a0fac96ee416) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/02/15 19:06:34.0734 0876 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/15 19:06:35.0109 0876 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/15 19:06:35.0703 0876 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/15 19:06:36.0078 0876 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/15 19:06:36.0515 0876 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/15 19:06:36.0859 0876 MpFilter (e19853d99473d7956799046088faa9db) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/02/15 19:06:37.0640 0876 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/15 19:06:38.0375 0876 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/15 19:06:39.0000 0876 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/15 19:06:39.0484 0876 MSFWDrv (9bb2980f73fd069b1e3f668e4f5eef74) C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
2011/02/15 19:06:39.0875 0876 MSFWHLPR (43a9f2a76c51750b2881349c9d5f9594) C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
2011/02/15 19:06:40.0296 0876 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/15 19:06:40.0703 0876 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/15 19:06:41.0015 0876 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/15 19:06:41.0515 0876 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/15 19:06:41.0953 0876 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/15 19:06:43.0187 0876 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/15 19:06:44.0281 0876 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/15 19:06:44.0828 0876 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110215.002\NAVENG.SYS
2011/02/15 19:06:45.0968 0876 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110215.002\NAVEX15.SYS
2011/02/15 19:06:47.0578 0876 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/15 19:06:48.0265 0876 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/15 19:06:48.0750 0876 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/15 19:06:49.0093 0876 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/15 19:06:49.0531 0876 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/15 19:06:49.0937 0876 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/15 19:06:50.0296 0876 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/15 19:06:50.0812 0876 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/15 19:06:51.0234 0876 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/15 19:06:51.0703 0876 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/15 19:06:52.0218 0876 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/15 19:06:52.0843 0876 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/15 19:06:55.0031 0876 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/15 19:06:58.0218 0876 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/15 19:06:58.0875 0876 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/15 19:06:59.0390 0876 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/15 19:07:00.0109 0876 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/15 19:07:00.0562 0876 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/15 19:07:01.0187 0876 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/15 19:07:01.0796 0876 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/15 19:07:02.0812 0876 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/15 19:07:03.0281 0876 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/15 19:07:06.0218 0876 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/15 19:07:06.0828 0876 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/15 19:07:07.0359 0876 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/02/15 19:07:07.0843 0876 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/15 19:07:08.0187 0876 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/15 19:07:10.0156 0876 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/15 19:07:10.0765 0876 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/15 19:07:11.0484 0876 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/15 19:07:12.0328 0876 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/15 19:07:12.0718 0876 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/15 19:07:13.0281 0876 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/15 19:07:13.0656 0876 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/15 19:07:14.0203 0876 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/15 19:07:14.0812 0876 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/02/15 19:07:15.0437 0876 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/02/15 19:07:15.0984 0876 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/02/15 19:07:16.0203 0876 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/15 19:07:16.0328 0876 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/15 19:07:16.0671 0876 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREdrv.sys
2011/02/15 19:07:17.0125 0876 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/15 19:07:17.0468 0876 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/02/15 19:07:17.0906 0876 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/15 19:07:18.0250 0876 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/15 19:07:18.0578 0876 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/15 19:07:19.0296 0876 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/15 19:07:19.0875 0876 smrt (f5929f7d3f383a43f255b53989c01462) C:\WINDOWS\system32\DRIVERS\smrt.sys
2011/02/15 19:07:20.0796 0876 smwdm (13739b36bd8d94d0fed7662aa7a4235d) C:\WINDOWS\system32\drivers\smwdm.sys
2011/02/15 19:07:21.0718 0876 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/15 19:07:22.0203 0876 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/15 19:07:22.0765 0876 SRTSP (a7a104a61c4e30de9c58f8c372a5c209) C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS
2011/02/15 19:07:23.0359 0876 SRTSPX (2833445f786bd000bb14c84a9d91347a) C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS
2011/02/15 19:07:23.0796 0876 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/15 19:07:24.0343 0876 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/15 19:07:24.0656 0876 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/15 19:07:25.0078 0876 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/15 19:07:25.0421 0876 SydexFDD (9b2bdd7a8629a9c5a55cd5635ddf136f) C:\WINDOWS\system32\Drivers\SydexFDD.sys
2011/02/15 19:07:26.0531 0876 SymDS (bdf077b897b5f9f929b6bf0cfd436962) C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS
2011/02/15 19:07:27.0328 0876 SymEFA (7732298ad2eddd364c1d4f439d99ae7c) C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS
2011/02/15 19:07:27.0921 0876 SymEvent (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/02/15 19:07:29.0093 0876 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/02/15 19:07:29.0140 0876 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/02/15 19:07:29.0515 0876 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS
2011/02/15 19:07:30.0390 0876 SYMTDI (8c07683bf02b63ad71bcb2cf28af2d06) C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS
2011/02/15 19:07:31.0625 0876 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/15 19:07:32.0171 0876 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/15 19:07:32.0687 0876 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/15 19:07:33.0031 0876 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/15 19:07:33.0453 0876 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/15 19:07:34.0203 0876 TVICHW32 (37b56163c80462e3689fd74644a337c9) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
2011/02/15 19:07:34.0531 0876 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/15 19:07:35.0375 0876 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/15 19:07:35.0890 0876 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/15 19:07:36.0343 0876 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/15 19:07:36.0687 0876 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/15 19:07:37.0031 0876 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/15 19:07:37.0500 0876 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/15 19:07:37.0828 0876 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/15 19:07:38.0265 0876 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/15 19:07:38.0578 0876 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/02/15 19:07:38.0953 0876 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/02/15 19:07:39.0640 0876 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/15 19:07:40.0031 0876 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/15 19:07:40.0484 0876 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/02/15 19:07:41.0343 0876 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/15 19:07:41.0781 0876 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/15 19:07:42.0109 0876 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/15 19:07:42.0593 0876 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/15 19:07:42.0953 0876 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/02/15 19:07:43.0484 0876 ================================================================================
2011/02/15 19:07:43.0500 0876 Scan finished
2011/02/15 19:07:43.0500 0876 ================================================================================

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:52 AM

Posted 15 February 2011 - 07:29 PM

Apart from the updates not working is there anything else causing problems?

Please answer that and also run the ESET online scanner

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#13 WandaLou

WandaLou
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 15 February 2011 - 07:42 PM

Yes. There is a problem with the mouse - it jumps to upper left screen (My Computer icon) or to the lower right screen to the time section, and every once in a while to the start button.

Also, never had a problem with programs freezing up until those you gave me to run on the system.

scan you sent is now downloaded so will close all browsers and come back to post when finished.
Running scan now.

#14 WandaLou

WandaLou
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 15 February 2011 - 08:43 PM

Am on Laptop - the scan is at 18% so I will post the log tomorrow. I wanted to add in that my internet explorer will not update either. The Mozilla stopped working entirely about 1 year ago even with uninstall and reinstall. I have never used the other one (Netscape) that was included with the system.

#15 WandaLou

WandaLou
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 16 February 2011 - 08:10 AM

Good Morning to you, Mole. How can we be certain the list below are everything? Is there anyway to check my D drive? Thank you SO MUCH for all you are doing to help me.


C:\Documents and Settings\Lu\desktop\pogo\games paid\ap1 downloads\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AK application cleaned by deleting - quarantined
C:\Documents and Settings\Lu\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0002d2 multiple threats deleted - quarantined
C:\Documents and Settings\Lu\My Documents\downloads\Farm_Frenzy_3_Madagascar.rar probably a variant of Win32/Agent.EKZBUZY trojan deleted - quarantined
C:\Documents and Settings\Lu\My Documents\LimeWire\Saved\Embroidery Dakota CH2003.zip multiple threats deleted - quarantined
C:\Documents and Settings\Lu\My Documents\LimeWire\Saved\embroidery-dakota2001 zip.zip multiple threats deleted - quarantined
C:\Documents and Settings\Lu\My Documents\VersionTracker Pro\drvgenpro[1].exe probably a variant of Win32/TrojanDownloader.Adload.KXYLVMS trojan deleted - quarantined
C:\Program Files\BadgeHelp\DotBot\DotBot.Exe probably a variant of Win32/PSW.Delf.ICOOFMO trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{38D7A734-29B2-45EC-900F-164D8C1D9EF8}\RP2924\A0681367.exe a variant of Win32/Adware.Gamevance.AK application cleaned by deleting - quarantined
C:\System Volume Information\_restore{38D7A734-29B2-45EC-900F-164D8C1D9EF8}\RP2924\A0681368.Exe probably a variant of Win32/PSW.Delf.ICOOFMO trojan cleaned by deleting - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users