Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

TSPY Pakes Threat

Started by tritons , Mar 22 2011 09:37 PM

  • This topic is locked This topic is locked
26 replies to this topic

#1 tritons

tritons

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 22 March 2011 - 09:37 PM

A few days ago my email got hacked into and spam links were emailed to my whole address book. I ran Trend Micro Housecall to see if it detect anything and it found one threat: tspy pakes in the file unwash6.exe

I haven't had any other visible problems since, but I am worried since my email got hacked and possibly my passwords leaked.

Any assistance will be greatly appreciated, thanks in advance!

Here is my HijackThis log file:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:36:08 PM, on 3/22/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Documents and Settings\Nil\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM7\aim.exe
C:\Documents and Settings\Nil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Nil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nil\Desktop\HiJackThis.exe
C:\Documents and Settings\Nil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-4191077757-343375518-4045940769-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-21-4191077757-343375518-4045940769-1010\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'postgres')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Nil\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\Ctrax Player\DMDownload.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.8.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn-2.ucsd.e...ries/vpnweb.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.../AFCStarter.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: TSigNP - TSigNP.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: Apache Tomcat 6 (Tomcat6) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 14384 bytes

    Advertisements

Register to Remove

#2 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 24 March 2011 - 09:30 AM

Hello and Posted Image

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:
  • Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
  • Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
  • Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!


http://www.bleepingc...opic385754.html
Looks like you have also posted in another forum. Just so you know all us forums work together and are all staffed by volunteers that do this in our spare time and with the amount of people posting with malware problems we cannot afford to have two forums and more than one helper helping you, it would be unfair to other people posting for help. I will gladly help you in our forum here, but I would ask that you ask for your request in the other forum to be closed so efforts are not duplicated.


If you have not already done so, you should change the password to your email account. More than likely your login credentials for your email were compromised by a phishing website. Changing the password will likely take care of the problem of spam being sent from your email, but we should investigate further just to ensure there is nothing else that needs to be removed from your computer since the item identified by Trend Micro was a Trojan.

HijackThis has largely been replaced by other tools. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. DDS includes all the scan locations of HijackThis and more.
Download and Run DDS by sUBs


I know you posted a DDS log in the other forum, but it is a few days old. I'd like to get a clean one please. Can you please right-click and delete the current DDS icon on your desktop and then follow these directions:

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please Please copy / paste the scan reults.

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post



Scan With RootKitUnHooker

  • Please choose one link and download Rootkit Unhooker and save it to your desktop.

    Link 1
    Link 2
    Link 3
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:/ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.[/b
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

[b]"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#3 tritons

tritons

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 24 March 2011 - 04:44 PM

Thanks for the response patndoris. Here are the results from the instructions you provided:

DDS:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Nil at 15:33:04.89 on Thu 03/24/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1332 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Nil\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nil\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Control Popups in Internet Explorer: {41353f8b-78ce-48a5-be44-153ed293d192} - c:\progra~1\popupp~1\PopLib.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
uRun: [Google Update] "c:\documents and settings\nil\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [TFNF5] TFNF5.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\nil\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\nil\application data\dropbox\bin\Dropbox.exe
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 48 (0x30)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Save with Download Manager... - file://c:\program files\ctrax player\DMDownload.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: ucsd.edu\vpn
Trusted Zone: ucsd.edu\vpn-2
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: psfus - psqlpwd.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
Notify: TSigNP - TSigNP.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - No File
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nil\applic~1\mozilla\firefox\profiles\92e63dqw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\nil\application data\mozilla\firefox\profiles\92e63dqw.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\winnt_x86-msvc\components\libchm.dll
FF - component: c:\program files\mozilla firefox 4.0 beta 10\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\nil\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-5-12 6144]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-11-30 10872]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R2 Tomcat6;Apache Tomcat 6;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2010-3-9 61440]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-2-2 604416]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-6-10 35968]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2009-3-1 14095]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-5-12 14208]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-9-21 16896]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys --> c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [?]
S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe --> c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [?]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [2009-5-3 57536]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-3-17 30192]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-2-27 24576]
S3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2006-5-31 641152]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\system32\drivers\vpnva.sys [2009-12-17 20152]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-5-12 14336]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\C-itNT.sys [2007-7-30 587588]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-9-19 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2006-5-12 8832]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2011-03-18 10:56 102,400 a------- c:\windows\RegBootClean.exe
2011-03-12 19:09 472,808 a------- c:\windows\system32\deployJava1.dll
2011-02-27 01:20 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2011-02-27 01:20 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2011-02-27 01:20 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2011-02-27 01:17 <DIR> --d----- c:\docume~1\nil\applic~1\Teleca
2011-02-27 01:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\HTC
2011-02-27 01:16 <DIR> --d----- c:\program files\common files\Teleca Shared
2011-02-27 01:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Teleca
2011-02-27 01:15 1,122,664 a------- c:\windows\system32\WdfCoInstaller01007.dll
2011-02-27 01:15 24,576 a------- c:\windows\system32\drivers\ANDROIDUSB.sys
2011-02-27 01:15 <DIR> --d----- c:\program files\Spirent Communications
2011-02-27 01:15 <DIR> --d----- c:\program files\HTC
2011-02-23 20:50 815,104 a------- c:\windows\system32\xvidcore.dll
2011-02-23 20:50 180,224 a------- c:\windows\system32\xvidvfw.dll
2011-02-23 20:50 77,824 a------- c:\windows\system32\xvid.ax

==================== Find3M ====================

2011-02-09 06:53 270,848 a------- c:\windows\system32\sbe.dll
2011-02-09 06:53 186,880 a------- c:\windows\system32\encdec.dll
2011-02-02 00:58 2,067,456 a------- c:\windows\system32\mstscax.dll
2011-01-27 04:57 677,888 a------- c:\windows\system32\mstsc.exe
2011-01-21 07:44 439,296 a------- c:\windows\system32\shimgvw.dll
2011-01-07 07:09 290,048 a------- c:\windows\system32\atmfd.dll
2010-12-31 06:10 1,854,976 a------- c:\windows\system32\win32k.sys
2007-08-31 17:14 47,360 -------- c:\docume~1\nil\applic~1\pcouffin.sys
2008-08-24 22:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082420080825\index.dat

============= FINISH: 15:34:25.60 ===============



RootkitUnhooker Report:


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6B77000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4435968 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3969024 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 84.52 )
0xB9409000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3653632 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 84.52 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2265088 bytes
0x804D7000 RAW 2265088 bytes
0x804D7000 WMIxWDM 2265088 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB91F3000 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys 1708032 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xB6A64000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1126400 bytes (Agere Systems, SoftModem Device Driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB6743000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB66B9000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 401408 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB9055000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB6876000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB4945000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF3DB000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB3E76000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9394000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 233472 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xB90B3000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9025000 C:\WINDOWS\system32\drivers\windrvr6.sys 196608 bytes (Jungo, WinDriver Device Driver 8.11)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF795A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB2529000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB67B3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB93CD000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB684E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB91A7000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xF7494000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB6828000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9133000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB91CF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9157000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB4242000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xB6806000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80700000 ACPI_HAL 134400 bytes
0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF745C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74D9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7831000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB917A000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 102400 bytes (Alps Electric Co., Ltd., Alps Pointing-device Driver)
0xB6943000 C:\WINDOWS\System32\Drivers\meiudf.sys 102400 bytes (Matsushita Electric Industrial Co.,Ltd., DVD-RAM UDF File System Driver)
0xF747C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB582E000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xF785E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB911C000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB5846000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB5818000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7434000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xB4205000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9193000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB93F5000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB68CF000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB4A65000 C:\WINDOWS\System32\Drivers\SENTINEL.SYS 77824 bytes (Rainbow Technologies, Inc., Sentinel System Driver (NT Parallel driver))
0xF784B000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF744A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7875000 TPkd.sys 73728 bytes (PACE Anti-Piracy, Inc., InterLok system file)
0xF74F7000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB910B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB6932000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xB97E5000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7568000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys 65536 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
0xB9845000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7607000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB9815000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7528000 C:\WINDOWS\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7518000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB97D5000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB4585000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA704000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7617000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7657000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB9835000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7508000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7887000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF7414000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA744000 C:\WINDOWS\system32\DRIVERS\tosporte.sys 49152 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0xF76C7000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB97F5000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7424000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB666D000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA734000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB48B5000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xBA764000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB6A24000 C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys 36864 bytes (UPEK Inc., Virtual disk encryption driver)
0xB9805000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB9825000 C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 36864 bytes (Infineon Technologies AG, Infineon Trusted Platform Module)
0xF7538000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7588000 C:\WINDOWS\System32\Drivers\LHidUsb.Sys 36864 bytes (Logitech, Inc., Logitech USB Mouse Function Driver.)
0xF7404000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA6D4000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB3ACE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7667000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7677000 thpdrv.sys 36864 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7817000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0xB97CD000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7767000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF776F000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 32768 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF7777000 C:\WINDOWS\System32\Drivers\tcusb.sys 32768 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xF777F000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77EF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB691A000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7807000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7787000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF774F000 C:\WINDOWS\system32\DRIVERS\vncmirror.sys 28672 bytes (RealVNC Ltd., VNC Mirror Miniport)
0xB978D000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7747000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF781F000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF778F000 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys 24576 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF77FF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77BF000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB9785000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB97AD000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xB6902000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF780F000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 20480 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0xF775F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB97BD000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB97B5000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB97C5000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7717000 TVALZ.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0xF7757000 C:\WINDOWS\system32\drivers\VirtualAudio.sys 20480 bytes (Wondershare, Wondershare Virtual Audio Device)
0xF779F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA792000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB672B000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB58E8000 C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys 16384 bytes (UPEK Inc., File Disk Redirector)
0xB6FB2000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB6FC6000 C:\WINDOWS\System32\Drivers\LCcFltr.Sys 16384 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xB9E5E000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB56E8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB5860000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xBA7A2000 C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver.)
0xB6FD2000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xBA7B0000 C:\WINDOWS\system32\DRIVERS\wacompen.sys 16384 bytes (Microsoft Corporation, Wacom Serial Pen Tablet HID Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB6733000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA7B8000 C:\WINDOWS\system32\DRIVERS\itchfltr.sys 12288 bytes (Logitech, Inc., Logitech PS2 Keyboard Filter Driver.)
0xBA7F0000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA78E000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA79E000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xBA7E8000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9E5A000 C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 12288 bytes
0xBA796000 C:\WINDOWS\system32\DRIVERS\tosrfec.sys 12288 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth EC Driver)
0xBA7D4000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF79FD000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF79DD000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79BB000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF79F7000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7A01000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 8192 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xF79B9000 C:\WINDOWS\System32\Drivers\ElbyDelay.sys 8192 bytes (Elaborate Bytes AG, Elby Delay Lower Filter Driver)
0xF79DB000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79DF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79E1000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79BD000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF79C1000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF798D000 Thpevm.SYS 8192 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection - Shock Sensor Driver)
0xF79C5000 C:\WINDOWS\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA010000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AC0000 C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys 4096 bytes (GRISOFT, s.r.o., AVG7 Clean Driver)
0xF7A88000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA7AE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7ABF000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A94000 C:\Program Files\Protector Suite QL\smihlp.sys 4096 bytes (UPEK Inc., SMI helper driver)
==============================================
>Stealth
==============================================
0x80562520 Faked ServiceTable-->iFrmewrk.exe [ ETHREAD 0x89CAD908 ] TID: 136
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB86DA8 ] TID: 168
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA26660 ] TID: 208
0x80562520 Faked ServiceTable-->AOLacsd.exe [ ETHREAD 0x8A9ABDA8 ] TID: 212
0x80562520 Faked ServiceTable-->HTCVBTServer.exe [ ETHREAD 0x89AFD2E0 ] TID: 224
0x80562520 Faked ServiceTable-->tcserver.exe [ ETHREAD 0x89BF7DA8 ] TID: 232
0x80562520 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x8ACB6560 ] TID: 236
0x80562520 Faked ServiceTable-->RKUnhookerLE.EXE [ ETHREAD 0x8AA6C4A8 ] TID: 248
0x80562520 Faked ServiceTable-->tcserver.exe [ ETHREAD 0x8A9795E0 ] TID: 296
0x80562520 Faked ServiceTable-->vpnagent.exe [ ETHREAD 0x8A94DAA8 ] TID: 300
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AB92780 ] TID: 304
0x80562520 Faked ServiceTable-->tcserver.exe [ ETHREAD 0x89BFB020 ] TID: 316, 8781826 bytes
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AD40DA8 ] TID: 320
0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x8AC0E8D8 ] TID: 356, 8781826 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AC1C3D8 ] TID: 364
0x80562520 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x8AD41B50 ] TID: 372, 8781826 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA8D8B8 ] TID: 376
0x80562520 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x89B33520 ] TID: 408, 8781826 bytes
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A930690 ] TID: 484
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ABDDDA8 ] TID: 492, 8781826 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89A90670 ] TID: 540
0x80562520 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x89BBC6A0 ] TID: 544, 8781826 bytes
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8988DD40 ] TID: 552
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8AC73958 ] TID: 564, 8781829 bytes
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8AD3A690 ] TID: 568
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8ABFE988 ] TID: 572
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB967A8 ] TID: 592
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8B3330 ] TID: 596, 8781845 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA40020 ] TID: 600
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AB929F8 ] TID: 620, 8781853 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA7DDA8 ] TID: 628
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA7DB30 ] TID: 632
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA87DA8 ] TID: 636
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ABD9820 ] TID: 644
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB42B30 ] TID: 660
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8AC01B80 ] TID: 672
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89DF37E8 ] TID: 688
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8E2DA8 ] TID: 716
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8E2B30 ] TID: 720
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A952730 ] TID: 724
0x80562520 Faked ServiceTable-->TUProgSt.exe [ ETHREAD 0x89A61A18 ] TID: 732
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x8A9524B8 ] TID: 736, 8781862 bytes
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9DADA8 ] TID: 740
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A930908 ] TID: 744
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AB3F508 ] TID: 748
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A992DA8 ] TID: 752
0x80562520 Faked ServiceTable-->Dropbox.exe [ ETHREAD 0x89B5FB80 ] TID: 756
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89A22020 ] TID: 760
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A923B80 ] TID: 764
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9236E0 ] TID: 768
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A923468 ] TID: 772
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A930B80 ] TID: 776
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A930418 ] TID: 828
0x80562520 Faked ServiceTable-->iFrmewrk.exe [ ETHREAD 0x89CADB80 ] TID: 832
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8B5508 ] TID: 848
0x80562520 Faked ServiceTable-->EvtEng.exe [ ETHREAD 0x8AC16DA8 ] TID: 852
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A90DDA8 ] TID: 860
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8E4DA8 ] TID: 872
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8ACA64E0 ] TID: 884
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8E4B30 ] TID: 888
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A8B3DA8 ] TID: 896
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8AA1B980 ] TID: 900
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AC23578 ] TID: 924
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9E6260 ] TID: 932
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8A978B80 ] TID: 940
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A8D6020 ] TID: 948
0x80562520 Faked ServiceTable-->RKUnhookerLE.EXE [ ETHREAD 0x89A0F588 ] TID: 956
0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8A9DEDA8 ] TID: 972
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8D9428 ] TID: 996
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8AD309B8 ] TID: 1008
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A9E7220 ] TID: 1016
0x80562520 Faked ServiceTable-->epmworker.exe [ ETHREAD 0x89B1BDA8 ] TID: 1024
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9CFBC8 ] TID: 1036
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA5CDA8 ] TID: 1044
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AB5ADA8 ] TID: 1048
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA389E0 ] TID: 1052
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AD37548 ] TID: 1056
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AA0E278 ] TID: 1060
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AD1CA10 ] TID: 1064
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AD39480 ] TID: 1068
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AA352E8 ] TID: 1072
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8A8B8B30 ] TID: 1080
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AD13450 ] TID: 1084
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AD514F8 ] TID: 1120
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A9FD2C8 ] TID: 1124
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A9E8A30 ] TID: 1136
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8AA7E918 ] TID: 1148
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A8B7DA8 ] TID: 1152
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A933DA8 ] TID: 1156
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8AA32C18 ] TID: 1160
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA3B6E0 ] TID: 1164
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x8A9E3BA8 ] TID: 1168
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AA75DA8 ] TID: 1172
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AC58B80 ] TID: 1184
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8D4508 ] TID: 1192
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9D2B88 ] TID: 1196
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA33600 ] TID: 1204, 7077998 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA29580 ] TID: 1212
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9CF950 ] TID: 1244, 5439534 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA90020 ] TID: 1248
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9A6A10 ] TID: 1252, 34209801 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA90388 ] TID: 1260
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8D4DA8 ] TID: 1268
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA713A0 ] TID: 1272
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB6A730 ] TID: 1292, 196621 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ABB85F0 ] TID: 1296
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ABB8378 ] TID: 1300, 3145783 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA7BDA8 ] TID: 1304, 558092716 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8A9DA8 ] TID: 1316, 1653025001 bytes
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8D4B30 ] TID: 1320
0x80562520 Faked ServiceTable-->S24EvMon.exe [ ETHREAD 0x8AA84DA8 ] TID: 1336
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A96ADA8 ] TID: 1368
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A96A690 ] TID: 1372, 7274610 bytes
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A96A418 ] TID: 1376
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB913B8 ] TID: 1384, 7471204 bytes
0x80562520 Faked ServiceTable-->pg_ctl.exe [ ETHREAD 0x8A8CFB88 ] TID: 1408
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB80DA8 ] TID: 1436
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB80B30 ] TID: 1440
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BA3AF8 ] TID: 1444
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA26DA8 ] TID: 1448
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AD123B0 ] TID: 1452
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA3E290 ] TID: 1496
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9ACAC8 ] TID: 1500
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AC06A38 ] TID: 1504
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB623F0 ] TID: 1508
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A94E830 ] TID: 1536
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8A92BB80 ] TID: 1552
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8AA70520 ] TID: 1560, 7536751 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A8B3930 ] TID: 1564
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8AA74B80 ] TID: 1572
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A919970 ] TID: 1584
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AB59DA8 ] TID: 1676
0x80562520 Faked ServiceTable-->keyboardsurrogate.exe [ ETHREAD 0x8AB6D558 ] TID: 1688
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AB89DA8 ] TID: 1700
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8AB72738 ] TID: 1716
0x80562520 Faked ServiceTable-->keyboardsurrogate.exe [ ETHREAD 0x8A997DA8 ] TID: 1740, 6619182 bytes
0x80562520 Faked ServiceTable-->keyboardsurrogate.exe [ ETHREAD 0x8AB53BC0 ] TID: 1744
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA587A0 ] TID: 1748
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8ABD86D8 ] TID: 1752
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A96BB80 ] TID: 1756
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AD0CDA8 ] TID: 1760
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8AD3F730 ] TID: 1764
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A970730 ] TID: 1768
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B8F200 ] TID: 1772, 7536751 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ADC84C8 ] TID: 1780
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA6B6C8 ] TID: 1800
0x80562520 Faked ServiceTable-->EvtEng.exe [ ETHREAD 0x8A997590 ] TID: 1804
0x80562520 Faked ServiceTable-->EvtEng.exe [ ETHREAD 0x8AA24DA8 ] TID: 1808
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ADB3490 ] TID: 1836
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA8F580 ] TID: 1840
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x8AA54980 ] TID: 1864
0x80562520 Faked ServiceTable-->AOLacsd.exe [ ETHREAD 0x8A96C4B8 ] TID: 1876
0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x8A9B5BA0 ] TID: 1888
0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x8A9B5928 ] TID: 1892
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8A96B908 ] TID: 1896
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA75648 ] TID: 1900
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8AA4ADA8 ] TID: 1904
0x80562520 Faked ServiceTable-->AOLacsd.exe [ ETHREAD 0x8AA14468 ] TID: 1908
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AC614E8 ] TID: 1912
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8A970DA8 ] TID: 1920, 7929956 bytes
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A970B30 ] TID: 1928
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA65B80 ] TID: 1944
0x80562520 Faked ServiceTable-->DVDRAMSV.exe [ ETHREAD 0x8AA65908 ] TID: 1948
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9B56B0 ] TID: 1952
0x80562520 Faked ServiceTable-->DVDRAMSV.exe [ ETHREAD 0x8A9E3758 ] TID: 1956
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A94C400 ] TID: 1968
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9CDB30 ] TID: 1972
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8A91F6E0 ] TID: 1976, 7143523 bytes
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8AB59960 ] TID: 1980
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB6E9E8 ] TID: 2008
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ABC6548 ] TID: 2012
0x80562520 Faked ServiceTable-->AOLacsd.exe [ ETHREAD 0x8A9C84E0 ] TID: 2044
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AB4EDA8 ] TID: 2052
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A99EB80 ] TID: 2064
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8AB48DA8 ] TID: 2076
0x80562520 Faked ServiceTable-->RKUnhookerLE.EXE [ ETHREAD 0x8A8FB748 ] TID: 2080, 6094931 bytes
0x80562520 Faked ServiceTable-->swupdtmr.exe [ ETHREAD 0x8AB48B30 ] TID: 2108
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9DF528 ] TID: 2116, 119 bytes
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x89CBDAF0 ] TID: 2128
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9D0DA8 ] TID: 2132
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA46DA8 ] TID: 2136
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A99E908 ] TID: 2140
0x80562520 Faked ServiceTable-->ThpSrv.exe [ ETHREAD 0x8A995B30 ] TID: 2156
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8D5730 ] TID: 2176
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x898B2CC0 ] TID: 2228
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A8BEDA8 ] TID: 2232
0x80562520 Faked ServiceTable-->TODDSrv.exe [ ETHREAD 0x8A8BCC10 ] TID: 2256
0x80562520 Faked ServiceTable-->TODDSrv.exe [ ETHREAD 0x8A8BC998 ] TID: 2260
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D57AA8 ] TID: 2300
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9AE958 ] TID: 2308
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A968B30 ] TID: 2316
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A8F6DA8 ] TID: 2340, 3276855 bytes
0x80562520 Faked ServiceTable-->TUProgSt.exe [ ETHREAD 0x8A9C46F8 ] TID: 2344
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C39DA8 ] TID: 2360
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A960B80 ] TID: 2368
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9604B8 ] TID: 2372
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9636E0 ] TID: 2380
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB756F8 ] TID: 2384
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA04370 ] TID: 2388
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8ADDA8 ] TID: 2404, 7471195 bytes
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A8F4DA8 ] TID: 2424
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AD763A8 ] TID: 2432
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A8F9DA8 ] TID: 2452
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A954B88 ] TID: 2464
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A917B80 ] TID: 2468
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A982B80 ] TID: 2472
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9ADDA8 ] TID: 2476, 64228784 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89907020 ] TID: 2480, 3276800 bytes
0x80562520 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x89B70020 ] TID: 2484
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AD76620 ] TID: 2488
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A959730 ] TID: 2492
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8CCB90 ] TID: 2496
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8DD6E0 ] TID: 2500
0x80562520 Faked ServiceTable-->iFrmewrk.exe [ ETHREAD 0x89ABE970 ] TID: 2504
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A921958 ] TID: 2508
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x899A2318 ] TID: 2516
0x80562520 Faked ServiceTable-->HTCVBTServer.exe [ ETHREAD 0x89B53960 ] TID: 2520
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A954910 ] TID: 2536
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A954698 ] TID: 2540
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A962B30 ] TID: 2544
0x80562520 Faked ServiceTable-->igfxsrvc.exe [ ETHREAD 0x898FE3E0 ] TID: 2564
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A91DDA8 ] TID: 2568
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A91DB30 ] TID: 2572
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A93E730 ] TID: 2576
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8A940DA8 ] TID: 2580
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A940B30 ] TID: 2584
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9408B8 ] TID: 2588
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A940640 ] TID: 2592
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8CA7D0 ] TID: 2596
0x80562520 Faked ServiceTable-->TUProgSt.exe [ ETHREAD 0x89875740 ] TID: 2600
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9D1CA8 ] TID: 2604
0x80562520 Faked ServiceTable-->RTHDCPL.exe [ ETHREAD 0x8ABE1450 ] TID: 2608
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D56A50 ] TID: 2620
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8A9B16E0 ] TID: 2640
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA2C6E0 ] TID: 2644
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AAAA4B0 ] TID: 2648
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8AD60020 ] TID: 2696
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8AB77DA8 ] TID: 2700
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A8CADA8 ] TID: 2704, 948520 bytes
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89884C98 ] TID: 2716, 3014733 bytes
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A958998 ] TID: 2724
0x80562520 Faked ServiceTable-->Application Launcher.exe [ ETHREAD 0x89B75B80 ] TID: 2740
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ADC9640 ] TID: 2748
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ACD19A0 ] TID: 2760
0x80562520 Faked ServiceTable-->Application Launcher.exe [ ETHREAD 0x89C94490 ] TID: 2800, 4784215 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A91D520 ] TID: 2804
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A8BBDA8 ] TID: 2820
0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8AA4D520 ] TID: 2864, 3014753 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A9018D8 ] TID: 2872
0x80562520 Faked ServiceTable-->Dropbox.exe [ ETHREAD 0x89B11DA8 ] TID: 2888
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9095D0 ] TID: 2904
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A909DA8 ] TID: 2908
0x80562520 Faked ServiceTable-->epmworker.exe [ ETHREAD 0x89B092E0 ] TID: 2952
0x80562520 Faked ServiceTable-->ApntEx.exe [ ETHREAD 0x89BB7250 ] TID: 2968, 130 bytes
0x80562520 Faked ServiceTable-->sqlwriter.exe [ ETHREAD 0x8AA1D508 ] TID: 2988
0x80562520 Faked ServiceTable-->epmworker.exe [ ETHREAD 0x89B1BB30 ] TID: 3004, 64168560 bytes
0x80562520 Faked ServiceTable-->ClientInitiatedStarter.exe [ ETHREAD 0x89B946E0 ] TID: 3052
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A973020 ] TID: 3068
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C39020 ] TID: 3080
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ADB2020 ] TID: 3084
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8A7DA8 ] TID: 3112
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA1DB80 ] TID: 3116
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA1D908 ] TID: 3120
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8B0DA8 ] TID: 3124, 807888 bytes
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8B0B30 ] TID: 3128
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8B08B8 ] TID: 3132
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8B0640 ] TID: 3136, 393228 bytes
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8ABD2DA8 ] TID: 3140
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8ABD2B30 ] TID: 3144
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8ABD28B8 ] TID: 3148
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8ABD2640 ] TID: 3152
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA22BB0 ] TID: 3156
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA22938 ] TID: 3160
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA226C0 ] TID: 3164
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA22448 ] TID: 3168
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9FCBC8 ] TID: 3172
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9FC950 ] TID: 3176
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9FC6D8 ] TID: 3180
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8CBB00 ] TID: 3184
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA21DA8 ] TID: 3188
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA21B30 ] TID: 3192
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA218B8 ] TID: 3196
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA21640 ] TID: 3200
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA213C8 ] TID: 3204
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9BCDA8 ] TID: 3208
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9BCB30 ] TID: 3212
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9BC5A0 ] TID: 3216
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8BFDA8 ] TID: 3220
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8BF858 ] TID: 3224
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A966DA8 ] TID: 3228
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A966B10 ] TID: 3232
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A966758 ] TID: 3236
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A966360 ] TID: 3240
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA1AC48 ] TID: 3244
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA1A850 ] TID: 3248
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA1A458 ] TID: 3252
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A99D510 ] TID: 3296
0x80562520 Faked ServiceTable-->Dropbox.exe [ ETHREAD 0x89B4A700 ] TID: 3340
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8ABD6020 ] TID: 3368
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8F5DA8 ] TID: 3392
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89877B58 ] TID: 3396
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89913648 ] TID: 3404
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x899B6020 ] TID: 3408
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89913CC0 ] TID: 3412
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8CB888 ] TID: 3416
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8CB610 ] TID: 3420
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9CE760 ] TID: 3424
0x80562520 Faked ServiceTable-->wisptis.exe [ ETHREAD 0x8A9B49F0 ] TID: 3440
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A96DB80 ] TID: 3464
0x80562520 Faked ServiceTable-->tabbtnu.exe [ ETHREAD 0x89D9C508 ] TID: 3468, 4784200 bytes
0x80562520 Faked ServiceTable-->HTCVBTServer.exe [ ETHREAD 0x89AFC020 ] TID: 3536
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB8C020 ] TID: 3544
0x80562520 Faked ServiceTable-->SkyTel.exe [ ETHREAD 0x89B897F8 ] TID: 3572
0x80562520 Faked ServiceTable-->Dropbox.exe [ ETHREAD 0x89B1C510 ] TID: 3584
0x80562520 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x89B586B8 ] TID: 3616
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8A8D38C0 ] TID: 3704
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x898A2020 ] TID: 3732
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AA23DA8 ] TID: 3740
0x80562520 Faked ServiceTable-->iFrmewrk.exe [ ETHREAD 0x89CB2B30 ] TID: 3792
0x80562520 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x8ADA1B00 ] TID: 3808
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A918600 ] TID: 3824
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AC6C960 ] TID: 3828
0x80562520 Faked ServiceTable-->DLACTRLW.EXE [ ETHREAD 0x8AAA8DA8 ] TID: 3896
0x80562520 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x89CB3B30 ] TID: 3940
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A920488 ] TID: 3944
0x80562520 Faked ServiceTable-->CapabilityManager.exe [ ETHREAD 0x89B27020 ] TID: 3948
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8ADB5B80 ] TID: 3952
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A972B90 ] TID: 3956
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A9194D0 ] TID: 3960
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8A978468 ] TID: 3964
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A912750 ] TID: 3972
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A920020 ] TID: 3976
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9518C8 ] TID: 3980
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A951650 ] TID: 3984
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8C0AF0 ] TID: 3988
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8C0878 ] TID: 3992
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A907AF0 ] TID: 4000
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9073D8 ] TID: 4008
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A96E4D8 ] TID: 4020
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A955DA8 ] TID: 4048
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9B0AF0 ] TID: 4056
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8E3260 ] TID: 4060
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89902020 ] TID: 4156
0x80562520 Faked ServiceTable-->logger.exe [ ETHREAD 0x89BE2020 ] TID: 4304
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x898D9C40 ] TID: 4336
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89BA3020 ] TID: 4344
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x898B1280 ] TID: 4500
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89B56370 ] TID: 4508
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89875020 ] TID: 4520
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89A90348 ] TID: 4536
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AA72428 ] TID: 4540
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x898AAC30 ] TID: 4552
0x80562520 Faked ServiceTable-->RKUnhookerLE.EXE [ ETHREAD 0x898B93E8 ] TID: 4572
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x899C9B10 ] TID: 4664
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BAD560 ] TID: 4688
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B28020 ] TID: 4728
0x80562520 Faked ServiceTable-->tcserver.exe [ ETHREAD 0x89BA6020 ] TID: 4736
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x899AD020 ] TID: 4740
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89BAD020 ] TID: 4756
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x898BE338 ] TID: 4884
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x899D6B50 ] TID: 4924
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89876020 ] TID: 4936
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89936828 ] TID: 4940
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CC5AF8 ] TID: 5020
0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x89BD8020 ] TID: 5088
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x899AC020 ] TID: 5092
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898BC158 ] TID: 5104
0x80562520 Faked ServiceTable-->iFrmewrk.exe [ ETHREAD 0x89CA8968 ] TID: 5160
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89997020 ] TID: 5184
0x80562520 Faked ServiceTable-->RKUnhookerLE.EXE [ ETHREAD 0x89B7E020 ] TID: 5372
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898BBB38 ] TID: 5492
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898DB020 ] TID: 5536
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89886D78 ] TID: 5552
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898CF020 ] TID: 5640
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x899CF388 ] TID: 5696
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89A66A50 ] TID: 5748
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8AA90AD0 ] TID: 5804
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89888170 ] TID: 6008
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89AC1990 ] TID: 6024
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8998EA80 ] TID: 6032
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89AEB020 ] TID: 6128
0x03250000 Hidden Image-->sklibrary.dll [ EPROCESS 0x8ABEC6E8 ] PID: 1600, 118784 bytes
0x03200000 Hidden Image-->interop.softkeyboardinterface.dll [ EPROCESS 0x8ABEC6E8 ] PID: 1600, 28672 bytes
0x031F0000 Hidden Image-->softkeyboardlogic.dll [ EPROCESS 0x8ABEC6E8 ] PID: 1600, 36864 bytes
0x03510000 Hidden Image-->kbcresources.dll [ EPROCESS 0x8ABEC6E8 ] PID: 1600, 53248 bytes

Attached Files


#4 tritons

tritons

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 24 March 2011 - 04:48 PM

I think I forgot to attach Attach.txt in my last post.Attached File  Attach.txt   25.17KB   529 downloads

#5 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 24 March 2011 - 05:28 PM

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now


Note: If you are prompted to uninstall AVG before running Combofix, please do so. If you encounter any issues uninstalling please let me know.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#6 tritons

tritons

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 24 March 2011 - 06:19 PM

When I try to run combofix, it says that I have AVG and it must be disabled. However, I do not see a tray icon for avg nor do I see it in the Add/Remove list from control panel. How can I disable it if I can't even find it on my computer?

#7 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 24 March 2011 - 07:24 PM

Let's try to uninstall it with AppRemover by Opswat. This utility scans your system and should find AVG and offer it up for removal. If you have any trouble uninstalling it this way please let me know.

As soon as you have finished running Combofix, please reinstall your anti-virus so your system is not unprotected for any longer than necessary.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#8 tritons

tritons

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 24 March 2011 - 08:13 PM

Still having problems... AppRemover didn't find AVG on my system.

#9 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 24 March 2011 - 08:50 PM

From what I can see in the logs, it appears you have an outdated version of AVG on your machine. I'm guessing some of the files are corrupted or are leftovers from an incomplete uninstall, and while it isn't really "running" the tools are still detecting it since there are still AVG files on the machine. Can you please try just going ahead with the scan (go through the notification that AVG is still running) and see if Combofix will run? If not, we'll use another tool to try and remove what files I can see of AVG and then we'll try again. I think you'll be able to go through the prompt and it will still run since the version of AVG on your machine is an older one.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#10 tritons

tritons

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 24 March 2011 - 10:05 PM

Here is the combofix log:


ComboFix 11-03-24.02 - Nil 03/24/2011 20:12:47.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1409 [GMT -7:00]
Running from: c:\documents and settings\Nil\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\2wire_dsl_setup_tool\2Wire_DSL_Setup_Tool.exe
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\paypal.url
c:\windows\system32\winx.url
.
.
((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
.
.
2011-03-18 17:56 . 2011-03-18 17:56 102400 ----a-w- c:\windows\RegBootClean.exe
2011-03-13 02:09 . 2011-02-03 05:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-13 02:09 . 2011-02-03 05:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-13 02:08 . 2011-03-13 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-02-27 08:20 . 2007-11-27 11:24 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-02-27 08:17 . 2011-03-20 09:18 -------- d-----w- c:\documents and settings\Nil\Application Data\Teleca
2011-02-27 08:17 . 2011-02-27 08:17 -------- d-----w- c:\documents and settings\Nil\Local Settings\Application Data\HTC
2011-02-27 08:17 . 2011-02-27 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC
2011-02-27 08:16 . 2011-02-27 08:17 -------- d-----w- c:\program files\Common Files\Teleca Shared
2011-02-27 08:16 . 2011-02-27 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
2011-02-27 08:15 . 2009-06-11 00:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys
2011-02-27 08:15 . 2009-06-09 22:41 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-02-27 08:15 . 2011-02-27 08:15 -------- d-----w- c:\program files\Spirent Communications
2011-02-27 08:15 . 2011-02-27 08:16 -------- d-----w- c:\program files\HTC
2011-02-24 03:50 . 2008-12-14 04:01 77824 ----a-w- c:\windows\system32\xvid.ax
2011-02-24 03:50 . 2008-12-05 05:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2011-02-24 03:50 . 2008-12-05 05:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2006-05-12 18:21 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-05-12 18:20 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 03:19 . 2009-05-07 09:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2006-05-12 18:52 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2006-05-12 18:52 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-05-12 18:21 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-05-12 18:20 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-05-12 18:22 1854976 ----a-w- c:\windows\system32\win32k.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-08-25 17:47 . 2010-03-17 21:05 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Nil\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Nil\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Nil\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Nil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-28 135664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-29 126976]
"TFNF5"="TFNF5.exe" [2006-04-11 622592]
"TFncKy"="TFncKy.exe" [BU]
"TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2009-11-17 344064]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"SkyTel"="SkyTel.EXE" [2006-04-24 1448960]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-09 16207360]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2009-11-17 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-14 7561216]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 93696]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2009-11-17 778240]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-25 30192]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"CrossMenu"="c:\program files\Toshiba\CrossMenu\CrossMenu.exe" [2006-04-13 798720]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-11-17 270336]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-04-26 258048]
"000StTHK"="000StTHK.exe" [2001-06-24 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-20 598016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\Nil\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Nil\Application Data\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TSigNP]
2006-03-02 21:51 53248 ----a-w- c:\windows\system32\TSigNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\documents and settings\Nil\Application Data\iolo
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bootvis.lnk]
backup=c:\windows\pss\Bootvis.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nil^Start Menu^Programs^Startup^DING!.lnk]
backup=c:\windows\pss\DING!.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nil^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=c:\windows\pss\Last.fm Helper.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nil^Start Menu^Programs^Startup^MEMonitor.lnk]
backup=c:\windows\pss\MEMonitor.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nil^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nil^Start Menu^Programs^Startup^Sticky Notes.lnk]
backup=c:\windows\pss\Sticky Notes.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nil^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2009-11-17 07:05 65536 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApacheTomcatMonitor]
2010-03-09 17:06 98304 ----a-w- c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6w.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 -c--a-w- c:\program files\Common Files\AOL\1147476082\EE\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2009-11-17 06:16 962560 ----a-w- c:\program files\Logitech\iTouch\iTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGIDSAgent"=2 (0x2)
"avgfws9"=2 (0x2)
"avg9wd"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\1147476082\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147476082\\EE\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\ONENOTE.EXE"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Xming\\Xming.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TOSHIBA\\TOSHIBA Controls\\TFncKy.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=
"c:\\WINDOWS\\SYSTEM32\\WISPTIS.EXE"=
"c:\\Program Files\\Ahead\\NeroMediaPlayer\\NeroMediaPlayer.exe"=
"c:\\WINDOWS\\SkyTel.EXE"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Ink\\TCServer.exe"=
"c:\\Program Files\\TOSHIBA\\TAudEffect\\TAudEff.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqsnotify.exe"=
"c:\\WINDOWS\\system32\\ThpSrv.exe"=
"c:\\Program Files\\Apoint2K\\Apoint.exe"=
"c:\\Documents and Settings\\Nil\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Nil\\Desktop\\Eclipse\\eclipse\\eclipse.exe"=
"c:\\Documents and Settings\\Nil\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Documents and Settings\\Nil\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5100:TCP"= 5100:TCP:Yahoo! Webcam
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/27/2004 11:31 PM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [5/12/2006 2:16 PM 6144]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456]
R2 Tomcat6;Apache Tomcat 6;c:\program files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe [3/9/2010 10:06 AM 61440]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 3:32 PM 497856]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 1:26 PM 35968]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [5/12/2006 4:50 AM 14208]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [9/21/2009 3:54 PM 16896]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [5/3/2009 9:37 PM 57536]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/17/2010 2:05 PM 30192]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2/27/2011 1:15 AM 24576]
S3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [5/31/2006 11:10 AM 641152]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [5/12/2006 11:21 AM 14336]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\C-itNT.sys [7/30/2007 11:31 PM 587588]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [9/19/2010 4:58 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 4:09 AM 239336]
S4 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [5/12/2006 1:56 PM 8832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]
.
2011-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:02]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4191077757-343375518-4045940769-1005Core.job
- c:\documents and settings\Nil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 07:46]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4191077757-343375518-4045940769-1005UA.job
- c:\documents and settings\Nil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 07:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save with Download Manager... - file://c:\program files\Ctrax Player\DMDownload.htm
Trusted Zone: ucsd.edu\vpn
Trusted Zone: ucsd.edu\vpn-2
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab
FF - ProfilePath - c:\documents and settings\Nil\Application Data\Mozilla\Firefox\Profiles\92e63dqw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 10\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Ask Chrome Search Engine: askopensearch-VTS@ask.com - %profile%\extensions\askopensearch-VTS@ask.com
FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BlackX 2: {239c61a8-e55f-11db-8314-0800200c9a66} - %profile%\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
FF - Ext: Aero Fox XL: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
FF - Ext: CHM Reader: {6e098d65-7d2d-46d4-ada0-2f882a29f795} - %profile%\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
MSConfigStartUp-AppVodBurner - c:\program files\VodBurner\vodburner.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-ClickPotatoLiteSA - c:\program files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSA.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-MailBlocker - c:\docume~1\Nil\LOCALS~1\Temp\b.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-Yahoo! Extras - c:\progra~1\Yahoo!\Common\UNIN_Y~1.EXE
AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-Yahoo! Widget Engine - c:\progra~1\Yahoo!\YAHOO!~2\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 20:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\TSigNP.dll
c:\program files\Protector Suite QL\crypto.dll
.
- - - - - - - > 'explorer.exe'(1076)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\documents and settings\Nil\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\windows\System32\TUProgSt.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\program files\PostgreSQL\8.4\bin\postgres.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\tabbtnu.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
c:\windows\system32\TFNF5.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\SkyTel.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\windows\AGRSMMSG.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
.
**************************************************************************
.
Completion time: 2011-03-24 20:54:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-25 03:53
ComboFix2.txt 2009-12-02 07:27
ComboFix3.txt 2009-11-29 22:01
ComboFix4.txt 2009-11-24 03:59
ComboFix5.txt 2011-03-25 03:09
.
Pre-Run: 6,791,426,048 bytes free
Post-Run: 7,659,417,600 bytes free
.
- - End Of File - - AD72C2D44E527C25F9AB18BA15A0CCCE

    Advertisements

Register to Remove

#11 tritons

tritons

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 24 March 2011 - 10:05 PM

sorry, for some reason it posted 3 times.

Edited by tritons, 24 March 2011 - 10:08 PM.

#12 tritons

tritons

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 24 March 2011 - 10:06 PM

sorry it posted twice.

Edited by tritons, 24 March 2011 - 10:07 PM.

#13 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 25 March 2011 - 07:15 AM

If you saw a previous set of instructions I posted, I apologize, I had some USB instructions in there that weren't meant for this post.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.



http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
Click on the Start button next to it.
You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
A new window will appear asking "Do you want to install this software?"".
Answer Yes to download and install the ActiveX controls that allows the scan to run.
Click Start.
Check Remove found threats and Scan potentially unwanted applications.
Click Scan to begin.
If offered the option to get information or buy software. Just close the window.
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.


I would also suggest downloading the most recent version of AVG Anti-Virus (Free version available). Combofix did remove an "orphaned" file related to AVG but from what I see it was an older version that is no longer updated. To be safe I'd install the new version.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#14 tritons

tritons

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 26 March 2011 - 01:20 PM

Thanks for the reply, just wanted to give you a heads up that I won't have internet access for a few days so please don't close my thread. I will get back to you asap.

#15 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 26 March 2011 - 01:50 PM

Thank you for letting me know. I will keep it open.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·