Thanks for the response patndoris. Here are the results from the instructions you provided:
DDS:
DDS (Ver_09-06-26.01) - NTFSx86
Run by Nil at 15:33:04.89 on Thu 03/24/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1332 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Nil\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nil\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Control Popups in Internet Explorer: {41353f8b-78ce-48a5-be44-153ed293d192} - c:\progra~1\popupp~1\PopLib.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
uRun: [Google Update] "c:\documents and settings\nil\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [TFNF5] TFNF5.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\nil\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\nil\application data\dropbox\bin\Dropbox.exe
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 48 (0x30)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Save with Download Manager... - file://c:\program files\ctrax player\DMDownload.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: ucsd.edu\vpn
Trusted Zone: ucsd.edu\vpn-2
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - hxxp://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.pdbox.co.kr:8057/AFCStarter.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: psfus - psqlpwd.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
Notify: TSigNP - TSigNP.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - No File
LSA: Notification Packages = scecli psqlpwd
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\nil\applic~1\mozilla\firefox\profiles\92e63dqw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\nil\application data\mozilla\firefox\profiles\92e63dqw.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\winnt_x86-msvc\components\libchm.dll
FF - component: c:\program files\mozilla firefox 4.0 beta 10\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\nil\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32dsw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-5-12 6144]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2007-11-30 10872]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R2 Tomcat6;Apache Tomcat 6;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2010-3-9 61440]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-2-2 604416]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-6-10 35968]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2009-3-1 14095]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-5-12 14208]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-9-21 16896]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;\??\c:\program files\grisoft\avg anti-spyware 7.5\guard.sys --> c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [?]
S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe --> c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [?]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [2009-5-3 57536]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-3-17 30192]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-2-27 24576]
S3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2006-5-31 641152]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows;c:\windows\system32\drivers\vpnva.sys [2009-12-17 20152]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-5-12 14336]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\C-itNT.sys [2007-7-30 587588]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-9-19 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2006-5-12 8832]
============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2011-03-18 10:56 102,400 a------- c:\windows\RegBootClean.exe
2011-03-12 19:09 472,808 a------- c:\windows\system32\deployJava1.dll
2011-02-27 01:20 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2011-02-27 01:20 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2011-02-27 01:20 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2011-02-27 01:17 <DIR> --d----- c:\docume~1\nil\applic~1\Teleca
2011-02-27 01:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\HTC
2011-02-27 01:16 <DIR> --d----- c:\program files\common files\Teleca Shared
2011-02-27 01:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Teleca
2011-02-27 01:15 1,122,664 a------- c:\windows\system32\WdfCoInstaller01007.dll
2011-02-27 01:15 24,576 a------- c:\windows\system32\drivers\ANDROIDUSB.sys
2011-02-27 01:15 <DIR> --d----- c:\program files\Spirent Communications
2011-02-27 01:15 <DIR> --d----- c:\program files\HTC
2011-02-23 20:50 815,104 a------- c:\windows\system32\xvidcore.dll
2011-02-23 20:50 180,224 a------- c:\windows\system32\xvidvfw.dll
2011-02-23 20:50 77,824 a------- c:\windows\system32\xvid.ax
==================== Find3M ====================
2011-02-09 06:53 270,848 a------- c:\windows\system32\sbe.dll
2011-02-09 06:53 186,880 a------- c:\windows\system32\encdec.dll
2011-02-02 00:58 2,067,456 a------- c:\windows\system32\mstscax.dll
2011-01-27 04:57 677,888 a------- c:\windows\system32\mstsc.exe
2011-01-21 07:44 439,296 a------- c:\windows\system32\shimgvw.dll
2011-01-07 07:09 290,048 a------- c:\windows\system32\atmfd.dll
2010-12-31 06:10 1,854,976 a------- c:\windows\system32\win32k.sys
2007-08-31 17:14 47,360 -------- c:\docume~1\nil\applic~1\pcouffin.sys
2008-08-24 22:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082420080825\index.dat
============= FINISH: 15:34:25.60 ===============
RootkitUnhooker Report:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6B77000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4435968 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3969024 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 84.52 )
0xB9409000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3653632 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 84.52 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2265088 bytes
0x804D7000 RAW 2265088 bytes
0x804D7000 WMIxWDM 2265088 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB91F3000 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys 1708032 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xB6A64000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1126400 bytes (Agere Systems, SoftModem Device Driver)
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB6743000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB66B9000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 401408 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB9055000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB6876000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB4945000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF3DB000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB3E76000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9394000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 233472 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xB90B3000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9025000 C:\WINDOWS\system32\drivers\windrvr6.sys 196608 bytes (Jungo, WinDriver Device Driver 8.11)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF795A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB2529000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB67B3000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB93CD000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB684E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB91A7000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xF7494000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB6828000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9133000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB91CF000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9157000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB4242000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xB6806000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80700000 ACPI_HAL 134400 bytes
0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF745C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74BA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF74D9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7831000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB917A000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 102400 bytes (Alps Electric Co., Ltd., Alps Pointing-device Driver)
0xB6943000 C:\WINDOWS\System32\Drivers\meiudf.sys 102400 bytes (Matsushita Electric Industrial Co.,Ltd., DVD-RAM UDF File System Driver)
0xF747C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB582E000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xF785E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB911C000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB5846000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB5818000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7434000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xB4205000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9193000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB93F5000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB68CF000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB4A65000 C:\WINDOWS\System32\Drivers\SENTINEL.SYS 77824 bytes (Rainbow Technologies, Inc., Sentinel System Driver (NT Parallel driver))
0xF784B000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF744A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7875000 TPkd.sys 73728 bytes (PACE Anti-Piracy, Inc., InterLok system file)
0xF74F7000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB910B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB6932000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xB97E5000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7568000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys 65536 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
0xB9845000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7607000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB9815000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7528000 C:\WINDOWS\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF7518000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB97D5000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB4585000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA704000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7617000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7657000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB9835000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7508000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7887000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF7414000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA744000 C:\WINDOWS\system32\DRIVERS\tosporte.sys 49152 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0xF76C7000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB97F5000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7424000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB666D000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA734000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB48B5000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xBA764000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB6A24000 C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys 36864 bytes (UPEK Inc., Virtual disk encryption driver)
0xB9805000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB9825000 C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 36864 bytes (Infineon Technologies AG, Infineon Trusted Platform Module)
0xF7538000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7588000 C:\WINDOWS\System32\Drivers\LHidUsb.Sys 36864 bytes (Logitech, Inc., Logitech USB Mouse Function Driver.)
0xF7404000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA6D4000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB3ACE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7667000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7677000 thpdrv.sys 36864 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7817000 C:\WINDOWS\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft® ASPI Shell)
0xB97CD000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7767000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF776F000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 32768 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF7777000 C:\WINDOWS\System32\Drivers\tcusb.sys 32768 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0xF777F000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77EF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB691A000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF7807000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7787000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF774F000 C:\WINDOWS\system32\DRIVERS\vncmirror.sys 28672 bytes (RealVNC Ltd., VNC Mirror Miniport)
0xB978D000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF7747000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF781F000 C:\WINDOWS\system32\drivers\iviaspi.sys 24576 bytes (InterVideo, Inc., InterVideo ASPI Shell)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF778F000 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys 24576 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF77FF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77BF000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB9785000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB97AD000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xB6902000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF780F000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 20480 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0xF775F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB97BD000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB97B5000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xB97C5000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7717000 TVALZ.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0xF7757000 C:\WINDOWS\system32\drivers\VirtualAudio.sys 20480 bytes (Wondershare, Wondershare Virtual Audio Device)
0xF779F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA792000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB672B000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB58E8000 C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys 16384 bytes (UPEK Inc., File Disk Redirector)
0xB6FB2000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB6FC6000 C:\WINDOWS\System32\Drivers\LCcFltr.Sys 16384 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xB9E5E000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB56E8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB5860000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xBA7A2000 C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver.)
0xB6FD2000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xBA7B0000 C:\WINDOWS\system32\DRIVERS\wacompen.sys 16384 bytes (Microsoft Corporation, Wacom Serial Pen Tablet HID Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF789B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB6733000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA7B8000 C:\WINDOWS\system32\DRIVERS\itchfltr.sys 12288 bytes (Logitech, Inc., Logitech PS2 Keyboard Filter Driver.)
0xBA7F0000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA78E000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA79E000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xBA7E8000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9E5A000 C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 12288 bytes
0xBA796000 C:\WINDOWS\system32\DRIVERS\tosrfec.sys 12288 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth EC Driver)
0xBA7D4000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF79FD000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF79DD000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79BB000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF79F7000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF798B000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7A01000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 8192 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xF79B9000 C:\WINDOWS\System32\Drivers\ElbyDelay.sys 8192 bytes (Elaborate Bytes AG, Elby Delay Lower Filter Driver)
0xF79DB000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79DF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79E1000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79BD000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF79C1000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF798D000 Thpevm.SYS 8192 bytes (TOSHIBA Corporation, TOSHIBA HDD Protection - Shock Sensor Driver)
0xF79C5000 C:\WINDOWS\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA010000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AC0000 C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys 4096 bytes (GRISOFT, s.r.o., AVG7 Clean Driver)
0xF7A88000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA7AE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7ABF000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A94000 C:\Program Files\Protector Suite QL\smihlp.sys 4096 bytes (UPEK Inc., SMI helper driver)
==============================================
>Stealth
==============================================
0x80562520 Faked ServiceTable-->iFrmewrk.exe [ ETHREAD 0x89CAD908 ] TID: 136
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB86DA8 ] TID: 168
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA26660 ] TID: 208
0x80562520 Faked ServiceTable-->AOLacsd.exe [ ETHREAD 0x8A9ABDA8 ] TID: 212
0x80562520 Faked ServiceTable-->HTCVBTServer.exe [ ETHREAD 0x89AFD2E0 ] TID: 224
0x80562520 Faked ServiceTable-->tcserver.exe [ ETHREAD 0x89BF7DA8 ] TID: 232
0x80562520 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x8ACB6560 ] TID: 236
0x80562520 Faked ServiceTable-->RKUnhookerLE.EXE [ ETHREAD 0x8AA6C4A8 ] TID: 248
0x80562520 Faked ServiceTable-->tcserver.exe [ ETHREAD 0x8A9795E0 ] TID: 296
0x80562520 Faked ServiceTable-->vpnagent.exe [ ETHREAD 0x8A94DAA8 ] TID: 300
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AB92780 ] TID: 304
0x80562520 Faked ServiceTable-->tcserver.exe [ ETHREAD 0x89BFB020 ] TID: 316, 8781826 bytes
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AD40DA8 ] TID: 320
0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x8AC0E8D8 ] TID: 356, 8781826 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AC1C3D8 ] TID: 364
0x80562520 Faked ServiceTable-->mDNSResponder.exe [ ETHREAD 0x8AD41B50 ] TID: 372, 8781826 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA8D8B8 ] TID: 376
0x80562520 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x89B33520 ] TID: 408, 8781826 bytes
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A930690 ] TID: 484
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ABDDDA8 ] TID: 492, 8781826 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89A90670 ] TID: 540
0x80562520 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x89BBC6A0 ] TID: 544, 8781826 bytes
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8988DD40 ] TID: 552
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8AC73958 ] TID: 564, 8781829 bytes
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8AD3A690 ] TID: 568
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8ABFE988 ] TID: 572
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB967A8 ] TID: 592
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8B3330 ] TID: 596, 8781845 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA40020 ] TID: 600
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AB929F8 ] TID: 620, 8781853 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA7DDA8 ] TID: 628
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA7DB30 ] TID: 632
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA87DA8 ] TID: 636
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ABD9820 ] TID: 644
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB42B30 ] TID: 660
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8AC01B80 ] TID: 672
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89DF37E8 ] TID: 688
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8E2DA8 ] TID: 716
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8E2B30 ] TID: 720
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A952730 ] TID: 724
0x80562520 Faked ServiceTable-->TUProgSt.exe [ ETHREAD 0x89A61A18 ] TID: 732
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x8A9524B8 ] TID: 736, 8781862 bytes
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9DADA8 ] TID: 740
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A930908 ] TID: 744
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AB3F508 ] TID: 748
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A992DA8 ] TID: 752
0x80562520 Faked ServiceTable-->Dropbox.exe [ ETHREAD 0x89B5FB80 ] TID: 756
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89A22020 ] TID: 760
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A923B80 ] TID: 764
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9236E0 ] TID: 768
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A923468 ] TID: 772
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A930B80 ] TID: 776
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A930418 ] TID: 828
0x80562520 Faked ServiceTable-->iFrmewrk.exe [ ETHREAD 0x89CADB80 ] TID: 832
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8B5508 ] TID: 848
0x80562520 Faked ServiceTable-->EvtEng.exe [ ETHREAD 0x8AC16DA8 ] TID: 852
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A90DDA8 ] TID: 860
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8E4DA8 ] TID: 872
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8ACA64E0 ] TID: 884
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8E4B30 ] TID: 888
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A8B3DA8 ] TID: 896
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8AA1B980 ] TID: 900
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AC23578 ] TID: 924
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9E6260 ] TID: 932
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8A978B80 ] TID: 940
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A8D6020 ] TID: 948
0x80562520 Faked ServiceTable-->RKUnhookerLE.EXE [ ETHREAD 0x89A0F588 ] TID: 956
0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8A9DEDA8 ] TID: 972
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8D9428 ] TID: 996
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8AD309B8 ] TID: 1008
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A9E7220 ] TID: 1016
0x80562520 Faked ServiceTable-->epmworker.exe [ ETHREAD 0x89B1BDA8 ] TID: 1024
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9CFBC8 ] TID: 1036
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA5CDA8 ] TID: 1044
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AB5ADA8 ] TID: 1048
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA389E0 ] TID: 1052
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AD37548 ] TID: 1056
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AA0E278 ] TID: 1060
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AD1CA10 ] TID: 1064
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AD39480 ] TID: 1068
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AA352E8 ] TID: 1072
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8A8B8B30 ] TID: 1080
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AD13450 ] TID: 1084
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AD514F8 ] TID: 1120
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A9FD2C8 ] TID: 1124
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A9E8A30 ] TID: 1136
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8AA7E918 ] TID: 1148
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A8B7DA8 ] TID: 1152
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A933DA8 ] TID: 1156
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8AA32C18 ] TID: 1160
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA3B6E0 ] TID: 1164
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x8A9E3BA8 ] TID: 1168
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AA75DA8 ] TID: 1172
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AC58B80 ] TID: 1184
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8D4508 ] TID: 1192
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9D2B88 ] TID: 1196
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA33600 ] TID: 1204, 7077998 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA29580 ] TID: 1212
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9CF950 ] TID: 1244, 5439534 bytes
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA90020 ] TID: 1248
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9A6A10 ] TID: 1252, 34209801 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA90388 ] TID: 1260
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8D4DA8 ] TID: 1268
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA713A0 ] TID: 1272
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB6A730 ] TID: 1292, 196621 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ABB85F0 ] TID: 1296
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ABB8378 ] TID: 1300, 3145783 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA7BDA8 ] TID: 1304, 558092716 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8A9DA8 ] TID: 1316, 1653025001 bytes
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8D4B30 ] TID: 1320
0x80562520 Faked ServiceTable-->S24EvMon.exe [ ETHREAD 0x8AA84DA8 ] TID: 1336
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A96ADA8 ] TID: 1368
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A96A690 ] TID: 1372, 7274610 bytes
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A96A418 ] TID: 1376
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB913B8 ] TID: 1384, 7471204 bytes
0x80562520 Faked ServiceTable-->pg_ctl.exe [ ETHREAD 0x8A8CFB88 ] TID: 1408
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB80DA8 ] TID: 1436
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB80B30 ] TID: 1440
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BA3AF8 ] TID: 1444
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA26DA8 ] TID: 1448
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AD123B0 ] TID: 1452
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA3E290 ] TID: 1496
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9ACAC8 ] TID: 1500
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AC06A38 ] TID: 1504
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB623F0 ] TID: 1508
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A94E830 ] TID: 1536
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8A92BB80 ] TID: 1552
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8AA70520 ] TID: 1560, 7536751 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A8B3930 ] TID: 1564
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8AA74B80 ] TID: 1572
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A919970 ] TID: 1584
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AB59DA8 ] TID: 1676
0x80562520 Faked ServiceTable-->keyboardsurrogate.exe [ ETHREAD 0x8AB6D558 ] TID: 1688
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AB89DA8 ] TID: 1700
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8AB72738 ] TID: 1716
0x80562520 Faked ServiceTable-->keyboardsurrogate.exe [ ETHREAD 0x8A997DA8 ] TID: 1740, 6619182 bytes
0x80562520 Faked ServiceTable-->keyboardsurrogate.exe [ ETHREAD 0x8AB53BC0 ] TID: 1744
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA587A0 ] TID: 1748
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8ABD86D8 ] TID: 1752
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A96BB80 ] TID: 1756
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AD0CDA8 ] TID: 1760
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8AD3F730 ] TID: 1764
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A970730 ] TID: 1768
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B8F200 ] TID: 1772, 7536751 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ADC84C8 ] TID: 1780
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA6B6C8 ] TID: 1800
0x80562520 Faked ServiceTable-->EvtEng.exe [ ETHREAD 0x8A997590 ] TID: 1804
0x80562520 Faked ServiceTable-->EvtEng.exe [ ETHREAD 0x8AA24DA8 ] TID: 1808
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ADB3490 ] TID: 1836
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA8F580 ] TID: 1840
0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x8AA54980 ] TID: 1864
0x80562520 Faked ServiceTable-->AOLacsd.exe [ ETHREAD 0x8A96C4B8 ] TID: 1876
0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x8A9B5BA0 ] TID: 1888
0x80562520 Faked ServiceTable-->AppleMobileDeviceService.exe [ ETHREAD 0x8A9B5928 ] TID: 1892
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8A96B908 ] TID: 1896
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA75648 ] TID: 1900
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8AA4ADA8 ] TID: 1904
0x80562520 Faked ServiceTable-->AOLacsd.exe [ ETHREAD 0x8AA14468 ] TID: 1908
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AC614E8 ] TID: 1912
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8A970DA8 ] TID: 1920, 7929956 bytes
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A970B30 ] TID: 1928
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA65B80 ] TID: 1944
0x80562520 Faked ServiceTable-->DVDRAMSV.exe [ ETHREAD 0x8AA65908 ] TID: 1948
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9B56B0 ] TID: 1952
0x80562520 Faked ServiceTable-->DVDRAMSV.exe [ ETHREAD 0x8A9E3758 ] TID: 1956
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A94C400 ] TID: 1968
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9CDB30 ] TID: 1972
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8A91F6E0 ] TID: 1976, 7143523 bytes
0x80562520 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8AB59960 ] TID: 1980
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB6E9E8 ] TID: 2008
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ABC6548 ] TID: 2012
0x80562520 Faked ServiceTable-->AOLacsd.exe [ ETHREAD 0x8A9C84E0 ] TID: 2044
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AB4EDA8 ] TID: 2052
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A99EB80 ] TID: 2064
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8AB48DA8 ] TID: 2076
0x80562520 Faked ServiceTable-->RKUnhookerLE.EXE [ ETHREAD 0x8A8FB748 ] TID: 2080, 6094931 bytes
0x80562520 Faked ServiceTable-->swupdtmr.exe [ ETHREAD 0x8AB48B30 ] TID: 2108
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9DF528 ] TID: 2116, 119 bytes
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x89CBDAF0 ] TID: 2128
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9D0DA8 ] TID: 2132
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA46DA8 ] TID: 2136
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A99E908 ] TID: 2140
0x80562520 Faked ServiceTable-->ThpSrv.exe [ ETHREAD 0x8A995B30 ] TID: 2156
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8D5730 ] TID: 2176
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x898B2CC0 ] TID: 2228
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A8BEDA8 ] TID: 2232
0x80562520 Faked ServiceTable-->TODDSrv.exe [ ETHREAD 0x8A8BCC10 ] TID: 2256
0x80562520 Faked ServiceTable-->TODDSrv.exe [ ETHREAD 0x8A8BC998 ] TID: 2260
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D57AA8 ] TID: 2300
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9AE958 ] TID: 2308
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A968B30 ] TID: 2316
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A8F6DA8 ] TID: 2340, 3276855 bytes
0x80562520 Faked ServiceTable-->TUProgSt.exe [ ETHREAD 0x8A9C46F8 ] TID: 2344
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C39DA8 ] TID: 2360
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A960B80 ] TID: 2368
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9604B8 ] TID: 2372
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9636E0 ] TID: 2380
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB756F8 ] TID: 2384
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AA04370 ] TID: 2388
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8ADDA8 ] TID: 2404, 7471195 bytes
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A8F4DA8 ] TID: 2424
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AD763A8 ] TID: 2432
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A8F9DA8 ] TID: 2452
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A954B88 ] TID: 2464
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A917B80 ] TID: 2468
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A982B80 ] TID: 2472
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9ADDA8 ] TID: 2476, 64228784 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89907020 ] TID: 2480, 3276800 bytes
0x80562520 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x89B70020 ] TID: 2484
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AD76620 ] TID: 2488
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A959730 ] TID: 2492
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8CCB90 ] TID: 2496
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8DD6E0 ] TID: 2500
0x80562520 Faked ServiceTable-->iFrmewrk.exe [ ETHREAD 0x89ABE970 ] TID: 2504
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A921958 ] TID: 2508
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x899A2318 ] TID: 2516
0x80562520 Faked ServiceTable-->HTCVBTServer.exe [ ETHREAD 0x89B53960 ] TID: 2520
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A954910 ] TID: 2536
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A954698 ] TID: 2540
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A962B30 ] TID: 2544
0x80562520 Faked ServiceTable-->igfxsrvc.exe [ ETHREAD 0x898FE3E0 ] TID: 2564
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A91DDA8 ] TID: 2568
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A91DB30 ] TID: 2572
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A93E730 ] TID: 2576
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8A940DA8 ] TID: 2580
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A940B30 ] TID: 2584
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9408B8 ] TID: 2588
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A940640 ] TID: 2592
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8CA7D0 ] TID: 2596
0x80562520 Faked ServiceTable-->TUProgSt.exe [ ETHREAD 0x89875740 ] TID: 2600
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9D1CA8 ] TID: 2604
0x80562520 Faked ServiceTable-->RTHDCPL.exe [ ETHREAD 0x8ABE1450 ] TID: 2608
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D56A50 ] TID: 2620
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8A9B16E0 ] TID: 2640
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x8AA2C6E0 ] TID: 2644
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AAAA4B0 ] TID: 2648
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8AD60020 ] TID: 2696
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8AB77DA8 ] TID: 2700
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A8CADA8 ] TID: 2704, 948520 bytes
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89884C98 ] TID: 2716, 3014733 bytes
0x80562520 Faked ServiceTable-->postgres.exe [ ETHREAD 0x8A958998 ] TID: 2724
0x80562520 Faked ServiceTable-->Application Launcher.exe [ ETHREAD 0x89B75B80 ] TID: 2740
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ADC9640 ] TID: 2748
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ACD19A0 ] TID: 2760
0x80562520 Faked ServiceTable-->Application Launcher.exe [ ETHREAD 0x89C94490 ] TID: 2800, 4784215 bytes
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A91D520 ] TID: 2804
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A8BBDA8 ] TID: 2820
0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8AA4D520 ] TID: 2864, 3014753 bytes
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A9018D8 ] TID: 2872
0x80562520 Faked ServiceTable-->Dropbox.exe [ ETHREAD 0x89B11DA8 ] TID: 2888
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9095D0 ] TID: 2904
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A909DA8 ] TID: 2908
0x80562520 Faked ServiceTable-->epmworker.exe [ ETHREAD 0x89B092E0 ] TID: 2952
0x80562520 Faked ServiceTable-->ApntEx.exe [ ETHREAD 0x89BB7250 ] TID: 2968, 130 bytes
0x80562520 Faked ServiceTable-->sqlwriter.exe [ ETHREAD 0x8AA1D508 ] TID: 2988
0x80562520 Faked ServiceTable-->epmworker.exe [ ETHREAD 0x89B1BB30 ] TID: 3004, 64168560 bytes
0x80562520 Faked ServiceTable-->ClientInitiatedStarter.exe [ ETHREAD 0x89B946E0 ] TID: 3052
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A973020 ] TID: 3068
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C39020 ] TID: 3080
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8ADB2020 ] TID: 3084
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8A7DA8 ] TID: 3112
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA1DB80 ] TID: 3116
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA1D908 ] TID: 3120
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8B0DA8 ] TID: 3124, 807888 bytes
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8B0B30 ] TID: 3128
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8B08B8 ] TID: 3132
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8B0640 ] TID: 3136, 393228 bytes
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8ABD2DA8 ] TID: 3140
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8ABD2B30 ] TID: 3144
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8ABD28B8 ] TID: 3148
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8ABD2640 ] TID: 3152
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA22BB0 ] TID: 3156
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA22938 ] TID: 3160
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA226C0 ] TID: 3164
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA22448 ] TID: 3168
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9FCBC8 ] TID: 3172
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9FC950 ] TID: 3176
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9FC6D8 ] TID: 3180
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8CBB00 ] TID: 3184
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA21DA8 ] TID: 3188
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA21B30 ] TID: 3192
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA218B8 ] TID: 3196
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA21640 ] TID: 3200
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA213C8 ] TID: 3204
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9BCDA8 ] TID: 3208
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9BCB30 ] TID: 3212
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A9BC5A0 ] TID: 3216
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8BFDA8 ] TID: 3220
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A8BF858 ] TID: 3224
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A966DA8 ] TID: 3228
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A966B10 ] TID: 3232
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A966758 ] TID: 3236
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8A966360 ] TID: 3240
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA1AC48 ] TID: 3244
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA1A850 ] TID: 3248
0x80562520 Faked ServiceTable-->tomcat6.exe [ ETHREAD 0x8AA1A458 ] TID: 3252
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A99D510 ] TID: 3296
0x80562520 Faked ServiceTable-->Dropbox.exe [ ETHREAD 0x89B4A700 ] TID: 3340
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8ABD6020 ] TID: 3368
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8F5DA8 ] TID: 3392
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89877B58 ] TID: 3396
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89913648 ] TID: 3404
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x899B6020 ] TID: 3408
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89913CC0 ] TID: 3412
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8CB888 ] TID: 3416
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8CB610 ] TID: 3420
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A9CE760 ] TID: 3424
0x80562520 Faked ServiceTable-->wisptis.exe [ ETHREAD 0x8A9B49F0 ] TID: 3440
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A96DB80 ] TID: 3464
0x80562520 Faked ServiceTable-->tabbtnu.exe [ ETHREAD 0x89D9C508 ] TID: 3468, 4784200 bytes
0x80562520 Faked ServiceTable-->HTCVBTServer.exe [ ETHREAD 0x89AFC020 ] TID: 3536
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AB8C020 ] TID: 3544
0x80562520 Faked ServiceTable-->SkyTel.exe [ ETHREAD 0x89B897F8 ] TID: 3572
0x80562520 Faked ServiceTable-->Dropbox.exe [ ETHREAD 0x89B1C510 ] TID: 3584
0x80562520 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x89B586B8 ] TID: 3616
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8A8D38C0 ] TID: 3704
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x898A2020 ] TID: 3732
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8AA23DA8 ] TID: 3740
0x80562520 Faked ServiceTable-->iFrmewrk.exe [ ETHREAD 0x89CB2B30 ] TID: 3792
0x80562520 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x8ADA1B00 ] TID: 3808
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A918600 ] TID: 3824
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8AC6C960 ] TID: 3828
0x80562520 Faked ServiceTable-->DLACTRLW.EXE [ ETHREAD 0x8AAA8DA8 ] TID: 3896
0x80562520 Faked ServiceTable-->GoogleDesktop.exe [ ETHREAD 0x89CB3B30 ] TID: 3940
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8A920488 ] TID: 3944
0x80562520 Faked ServiceTable-->CapabilityManager.exe [ ETHREAD 0x89B27020 ] TID: 3948
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8ADB5B80 ] TID: 3952
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A972B90 ] TID: 3956
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8A9194D0 ] TID: 3960
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8A978468 ] TID: 3964
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A912750 ] TID: 3972
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A920020 ] TID: 3976
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9518C8 ] TID: 3980
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A951650 ] TID: 3984
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8C0AF0 ] TID: 3988
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A8C0878 ] TID: 3992
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A907AF0 ] TID: 4000
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9073D8 ] TID: 4008
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A96E4D8 ] TID: 4020
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A955DA8 ] TID: 4048
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8A9B0AF0 ] TID: 4056
0x80562520 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8A8E3260 ] TID: 4060
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89902020 ] TID: 4156
0x80562520 Faked ServiceTable-->logger.exe [ ETHREAD 0x89BE2020 ] TID: 4304
0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x898D9C40 ] TID: 4336
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89BA3020 ] TID: 4344
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x898B1280 ] TID: 4500
0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x89B56370 ] TID: 4508
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89875020 ] TID: 4520
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89A90348 ] TID: 4536
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8AA72428 ] TID: 4540
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x898AAC30 ] TID: 4552
0x80562520 Faked ServiceTable-->RKUnhookerLE.EXE [ ETHREAD 0x898B93E8 ] TID: 4572
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x899C9B10 ] TID: 4664
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BAD560 ] TID: 4688
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B28020 ] TID: 4728
0x80562520 Faked ServiceTable-->tcserver.exe [ ETHREAD 0x89BA6020 ] TID: 4736
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x899AD020 ] TID: 4740
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89BAD020 ] TID: 4756
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x898BE338 ] TID: 4884
0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x899D6B50 ] TID: 4924
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89876020 ] TID: 4936
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89936828 ] TID: 4940
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CC5AF8 ] TID: 5020
0x80562520 Faked ServiceTable-->wuauclt.exe [ ETHREAD 0x89BD8020 ] TID: 5088
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x899AC020 ] TID: 5092
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898BC158 ] TID: 5104
0x80562520 Faked ServiceTable-->iFrmewrk.exe [ ETHREAD 0x89CA8968 ] TID: 5160
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89997020 ] TID: 5184
0x80562520 Faked ServiceTable-->RKUnhookerLE.EXE [ ETHREAD 0x89B7E020 ] TID: 5372
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898BBB38 ] TID: 5492
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898DB020 ] TID: 5536
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89886D78 ] TID: 5552
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898CF020 ] TID: 5640
0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x899CF388 ] TID: 5696
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89A66A50 ] TID: 5748
0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8AA90AD0 ] TID: 5804
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x89888170 ] TID: 6008
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89AC1990 ] TID: 6024
0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x8998EA80 ] TID: 6032
0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89AEB020 ] TID: 6128
0x03250000 Hidden Image-->sklibrary.dll [ EPROCESS 0x8ABEC6E8 ] PID: 1600, 118784 bytes
0x03200000 Hidden Image-->interop.softkeyboardinterface.dll [ EPROCESS 0x8ABEC6E8 ] PID: 1600, 28672 bytes
0x031F0000 Hidden Image-->softkeyboardlogic.dll [ EPROCESS 0x8ABEC6E8 ] PID: 1600, 36864 bytes
0x03510000 Hidden Image-->kbcresources.dll [ EPROCESS 0x8ABEC6E8 ] PID: 1600, 53248 bytes