Jump to content

Blocking ip's Every 30 seconds


Recommended Posts

I recently installed MB on a pc that has been having major issues i done a scan and it came up with over 170 infected files

now that not the problem(i formatted that pc) i then isntalled it on this pc got one infected file

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5468

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

06.01.2011 20:03:42

mbam-log-2011-01-06 (20-03-42).txt

Scan type: Flash scan

Objects scanned: 108635

Time elapsed: 1 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedSt

art_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

That was it now im getting pop ups every 30 or so seconds saying it has blocked outgoing and incoming connections

Here is just some of them

03:53:17 Owner MESSAGE Scheduled update executed successfully

03:53:18 Owner MESSAGE IP Protection stopped

03:53:27 Owner MESSAGE Database updated successfully

03:53:33 Owner MESSAGE IP Protection started successfully

03:57:31 Owner IP-BLOCK 89.28.80.78 (Type: incoming)

03:57:41 Owner IP-BLOCK 219.153.220.68 (Type: incoming)

03:58:22 Owner IP-BLOCK 87.248.186.16 (Type: incoming)

04:04:28 Owner IP-BLOCK 206.53.50.231 (Type: outgoing)

04:13:51 Owner IP-BLOCK 222.70.234.92 (Type: incoming)

04:18:14 Owner IP-BLOCK 89.28.80.78 (Type: incoming)

04:28:48 Owner IP-BLOCK 87.248.186.16 (Type: incoming)

04:29:52 Owner IP-BLOCK 62.45.215.198 (Type: incoming)

04:35:04 Owner IP-BLOCK 121.8.15.24 (Type: outgoing)

04:35:40 Owner IP-BLOCK 121.10.120.182 (Type: incoming)

04:35:53 Owner IP-BLOCK 121.10.120.182 (Type: incoming)

04:40:14 Owner IP-BLOCK 89.28.80.78 (Type: incoming)

04:48:04 Owner IP-BLOCK 94.96.13.110 (Type: outgoing)

04:48:51 Owner IP-BLOCK 89.28.35.164 (Type: outgoing)

04:48:55 Owner IP-BLOCK 121.11.255.161 (Type: outgoing)

04:51:26 Owner IP-BLOCK 89.28.83.22 (Type: incoming)

04:59:48 Owner IP-BLOCK 87.248.186.16 (Type: incoming)

05:00:41 Owner IP-BLOCK 222.65.249.246 (Type: incoming)

05:00:42 Owner IP-BLOCK 222.65.249.246 (Type: incoming)

05:00:56 Owner IP-BLOCK 89.28.80.78 (Type: incoming)

05:03:39 Owner IP-BLOCK 89.28.19.243 (Type: outgoing)

05:08:17 Owner IP-BLOCK 62.45.122.71 (Type: incoming)

05:10:06 Owner IP-BLOCK 89.28.6.31 (Type: incoming)

05:13:02 Owner IP-BLOCK 89.28.103.74 (Type: incoming)

05:18:24 Owner IP-BLOCK 114.79.151.176 (Type: incoming)

05:19:04 Owner IP-BLOCK 212.117.176.21 (Type: outgoing)

05:20:04 Owner IP-BLOCK 89.28.103.74 (Type: outgoing)

05:24:48 Owner IP-BLOCK 89.28.80.78 (Type: incoming)

05:32:22 Owner IP-BLOCK 89.28.6.31 (Type: incoming)

05:39:30 Owner IP-BLOCK 222.65.75.30 (Type: incoming)

05:39:31 Owner IP-BLOCK 222.65.75.30 (Type: incoming)

05:41:37 Owner IP-BLOCK 94.96.123.127 (Type: incoming)

05:44:54 Owner IP-BLOCK 89.28.80.78 (Type: incoming)

05:46:11 Owner IP-BLOCK 219.153.103.201 (Type: incoming)

05:55:02 Owner IP-BLOCK 89.28.6.31 (Type: incoming)

06:05:07 Owner IP-BLOCK 89.28.80.78 (Type: incoming)

06:05:36 Owner IP-BLOCK 121.8.45.197 (Type: outgoing)

06:11:43 Owner IP-BLOCK 195.161.25.26 (Type: incoming)

06:13:45 Owner IP-BLOCK 89.28.94.216 (Type: incoming)

06:16:22 Owner IP-BLOCK 89.28.6.31 (Type: incoming)

06:18:28 Owner IP-BLOCK 89.28.61.47 (Type: incoming)

06:27:31 Owner IP-BLOCK 94.96.114.99 (Type: incoming)

06:28:12 Owner IP-BLOCK 89.28.80.78 (Type: incoming)

06:50:27 Owner IP-BLOCK 89.28.80.78 (Type: incoming)

07:06:27 Owner IP-BLOCK 212.117.179.53 (Type: outgoing)

07:13:54 Owner IP-BLOCK 89.28.80.78 (Type: incoming)

07:21:48 Owner IP-BLOCK 188.65.50.2 (Type: incoming)

Any help would be great as for my other pc it was infected so bad that i could not download a av on it or even go to a av site.... why i didn't have a av on it in the first place u ask well i only use it for 1 game that i play never thought a need for it.

2011/01/07 07:29:32.0078 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2011/01/07 07:29:32.0078 ================================================================================

2011/01/07 07:29:32.0078 SystemInfo:

2011/01/07 07:29:32.0078

2011/01/07 07:29:32.0078 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/07 07:29:32.0078 Product type: Workstation

2011/01/07 07:29:32.0078 ComputerName: ANONYMOUS

2011/01/07 07:29:32.0078 UserName: Owner

2011/01/07 07:29:32.0078 Windows directory: C:WINDOWS

2011/01/07 07:29:32.0078 System windows directory: C:WINDOWS

2011/01/07 07:29:32.0078 Processor architecture: Intel x86

2011/01/07 07:29:32.0078 Number of processors: 2

2011/01/07 07:29:32.0078 Page size: 0x1000

2011/01/07 07:29:32.0078 Boot type: Normal boot

2011/01/07 07:29:32.0078 ================================================================================

2011/01/07 07:29:32.0265 Initialize success

2011/01/07 07:29:39.0109 ================================================================================

2011/01/07 07:29:39.0109 Scan started

2011/01/07 07:29:39.0109 Mode: Manual;

2011/01/07 07:29:39.0109 ================================================================================

2011/01/07 07:29:40.0234 2WIREPCP (6551c1cf190df3e12c435a085987fba0) C:WINDOWSsystem32DRIVERS2WirePCP.sys

2011/01/07 07:29:40.0312 Aavmker4 (9617c34ec80274044dcd72f4c0d777e6) C:WINDOWSsystem32driversAavmker4.sys

2011/01/07 07:29:40.0390 ACPI (8fd99680a539792a30e97944fdaecf17) C:WINDOWSsystem32DRIVERSACPI.sys

2011/01/07 07:29:40.0437 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:WINDOWSsystem32driversACPIEC.sys

2011/01/07 07:29:40.0515 aec (8bed39e3c35d6a489438b8141717a557) C:WINDOWSsystem32driversaec.sys

2011/01/07 07:29:40.0546 AFD (38d7b715504da4741df35e3594fe2099) C:WINDOWSSystem32driversafd.sys

2011/01/07 07:29:40.0812 ALCXWDM (6d3077c3346de5b13835fb859c69a2ea) C:WINDOWSsystem32driversALCXWDM.SYS

2011/01/07 07:29:41.0031 aswFsBlk (540e2a0daa90b5bd29c1c088a7dd5ea6) C:WINDOWSsystem32driversaswFsBlk.sys

2011/01/07 07:29:41.0062 aswMon2 (761e9074ffa6d1f7562fd04e7be7e5d6) C:WINDOWSsystem32driversaswMon2.sys

2011/01/07 07:29:41.0078 aswRdr (1ddf53aa0fff9914e85c9f6a959dea25) C:WINDOWSsystem32driversaswRdr.sys

2011/01/07 07:29:41.0125 aswSP (c267569543a37cbfc9938856a5d038eb) C:WINDOWSsystem32driversaswSP.sys

2011/01/07 07:29:41.0171 aswTdi (81f5627c7c2a79833e4f768f2ed2bd8d) C:WINDOWSsystem32driversaswTdi.sys

2011/01/07 07:29:41.0203 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:WINDOWSsystem32DRIVERSasyncmac.sys

2011/01/07 07:29:41.0250 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:WINDOWSsystem32DRIVERSatapi.sys

2011/01/07 07:29:41.0281 Atmarpc (9916c1225104ba14794209cfa8012159) C:WINDOWSsystem32DRIVERSatmarpc.sys

2011/01/07 07:29:41.0359 audstub (d9f724aa26c010a217c97606b160ed68) C:WINDOWSsystem32DRIVERSaudstub.sys

2011/01/07 07:29:41.0406 Beep (da1f27d85e0d1525f6621372e7b685e9) C:WINDOWSsystem32driversBeep.sys

2011/01/07 07:29:41.0453 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:WINDOWSsystem32driverscbidf2k.sys

2011/01/07 07:29:41.0500 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:WINDOWSsystem32DRIVERSCCDECODE.sys

2011/01/07 07:29:41.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:WINDOWSsystem32driversCdaudio.sys

2011/01/07 07:29:41.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:WINDOWSsystem32driversCdfs.sys

2011/01/07 07:29:41.0640 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:WINDOWSsystem32DRIVERScdrom.sys

2011/01/07 07:29:41.0843 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:WINDOWSsystem32DRIVERSdisk.sys

2011/01/07 07:29:41.0921 dmboot (d992fe1274bde0f84ad826acae022a41) C:WINDOWSsystem32driversdmboot.sys

2011/01/07 07:29:41.0968 dmio (7c824cf7bbde77d95c08005717a95f6f) C:WINDOWSsystem32driversdmio.sys

2011/01/07 07:29:42.0031 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:WINDOWSsystem32driversdmload.sys

2011/01/07 07:29:42.0093 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:WINDOWSsystem32driversDMusic.sys

2011/01/07 07:29:42.0187 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:WINDOWSsystem32driversdrmkaud.sys

2011/01/07 07:29:42.0250 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:WINDOWSsystem32DRIVERSEAPPkt.sys

2011/01/07 07:29:42.0328 Edspport (643b3b3d9addffc1aa7606cb80a104ac) C:WINDOWSsystem32DRIVERSes56cvmp.sys

2011/01/07 07:29:42.0390 exFat (4d893323dae445e34a4c9038b0551bc9) C:WINDOWSsystem32driversexFat.sys

2011/01/07 07:29:42.0453 Fastfat (38d332a6d56af32635675f132548343e) C:WINDOWSsystem32driversFastfat.sys

2011/01/07 07:29:42.0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:WINDOWSsystem32DRIVERSfdc.sys

2011/01/07 07:29:42.0531 Fips (d45926117eb9fa946a6af572fbe1caa3) C:WINDOWSsystem32driversFips.sys

2011/01/07 07:29:42.0546 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:WINDOWSsystem32DRIVERSflpydisk.sys

2011/01/07 07:29:42.0609 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:WINDOWSsystem32DRIVERSfltMgr.sys

2011/01/07 07:29:42.0656 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:WINDOWSsystem32driversFs_Rec.sys

2011/01/07 07:29:42.0687 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:WINDOWSsystem32DRIVERSftdisk.sys

2011/01/07 07:29:42.0718 giveio (77ebf3e9386daa51551af429052d88d0) C:WINDOWSsystem32giveio.sys

2011/01/07 07:29:42.0796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:WINDOWSsystem32DRIVERSmsgpc.sys

2011/01/07 07:29:42.0843 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:WINDOWSsystem32DRIVERShidusb.sys

2011/01/07 07:29:42.0937 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:WINDOWSsystem32DriversHTTP.sys

2011/01/07 07:29:43.0000 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:WINDOWSsystem32DRIVERSi8042prt.sys

2011/01/07 07:29:43.0046 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:WINDOWSsystem32DRIVERSimapi.sys

2011/01/07 07:29:43.0156 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:WINDOWSsystem32DRIVERSintelide.sys

2011/01/07 07:29:43.0187 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:WINDOWSsystem32DRIVERSintelppm.sys

2011/01/07 07:29:43.0218 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:WINDOWSsystem32DRIVERSIp6Fw.sys

2011/01/07 07:29:43.0281 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:WINDOWSsystem32DRIVERSipfltdrv.sys

2011/01/07 07:29:43.0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:WINDOWSsystem32DRIVERSipinip.sys

2011/01/07 07:29:43.0359 IpNat (cc748ea12c6effde940ee98098bf96bb) C:WINDOWSsystem32DRIVERSipnat.sys

2011/01/07 07:29:43.0390 IPSec (23c74d75e36e7158768dd63d92789a91) C:WINDOWSsystem32DRIVERSipsec.sys

2011/01/07 07:29:43.0437 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:WINDOWSsystem32DRIVERSirenum.sys

2011/01/07 07:29:43.0468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:WINDOWSsystem32DRIVERSisapnp.sys

2011/01/07 07:29:43.0546 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:Program FilesUltraISOdriversISODrive.sys

2011/01/07 07:29:43.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:WINDOWSsystem32DRIVERSkbdclass.sys

2011/01/07 07:29:43.0625 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:WINDOWSsystem32DRIVERSkbdhid.sys

2011/01/07 07:29:43.0687 kmixer (692bcf44383d056aed41b045a323d378) C:WINDOWSsystem32driverskmixer.sys

2011/01/07 07:29:43.0750 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:WINDOWSsystem32driversKSecDD.sys

2011/01/07 07:29:43.0859 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:WINDOWSsystem32DRIVERSltmdmnt.sys

2011/01/07 07:29:43.0921 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:WINDOWSsystem32driversmbam.sys

2011/01/07 07:29:43.0984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:WINDOWSsystem32driversModem.sys

2011/01/07 07:29:44.0031 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:WINDOWSsystem32driversMODEMCSA.sys

2011/01/07 07:29:44.0062 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:WINDOWSsystem32DRIVERSmouclass.sys

2011/01/07 07:29:44.0109 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:WINDOWSsystem32DRIVERSmouhid.sys

2011/01/07 07:29:44.0156 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:WINDOWSsystem32driversMountMgr.sys

2011/01/07 07:29:44.0203 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:WINDOWSsystem32DRIVERSmrxdav.sys

2011/01/07 07:29:44.0265 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:WINDOWSsystem32DRIVERSmrxsmb.sys

2011/01/07 07:29:44.0312 Msfs (c941ea2454ba8350021d774daf0f1027) C:WINDOWSsystem32driversMsfs.sys

2011/01/07 07:29:44.0359 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:WINDOWSsystem32driversMSKSSRV.sys

2011/01/07 07:29:44.0375 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:WINDOWSsystem32driversMSPCLOCK.sys

2011/01/07 07:29:44.0390 MSPQM (bad59648ba099da4a17680b39730cb3d) C:WINDOWSsystem32driversMSPQM.sys

2011/01/07 07:29:44.0453 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:WINDOWSsystem32DRIVERSmssmbios.sys

2011/01/07 07:29:44.0500 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:WINDOWSsystem32driversMSTEE.sys

2011/01/07 07:29:44.0546 Mup (6546fe6639499fa4bef180bdf08266a1) C:WINDOWSsystem32driversMup.sys

2011/01/07 07:29:44.0593 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:WINDOWSsystem32DRIVERSNABTSFEC.sys

2011/01/07 07:29:44.0640 NDIS (b5b1080d35974c0e718d64280761bcd5) C:WINDOWSsystem32driversNDIS.sys

2011/01/07 07:29:44.0703 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:WINDOWSsystem32DRIVERSNdisIP.sys

2011/01/07 07:29:44.0734 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:WINDOWSsystem32DRIVERSndistapi.sys

2011/01/07 07:29:44.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:WINDOWSsystem32DRIVERSndisuio.sys

2011/01/07 07:29:44.0796 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:WINDOWSsystem32DRIVERSndiswan.sys

2011/01/07 07:29:44.0812 NDProxy (6215023940cfd3702b46abc304e1d45a) C:WINDOWSsystem32driversNDProxy.sys

2011/01/07 07:29:44.0875 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:WINDOWSsystem32DRIVERSnetbios.sys

2011/01/07 07:29:44.0906 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:WINDOWSsystem32DRIVERSnetbt.sys

2011/01/07 07:29:44.0984 NPF (b15e0180c43d8b5219196d76878cc2dd) C:WINDOWSsystem32DRIVERSaztech_npf32.sys

2011/01/07 07:29:45.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:WINDOWSsystem32driversNpfs.sys

2011/01/07 07:29:45.0062 Ntfs (ae8cad8f28db13b515a68510a539b0b8) C:WINDOWSsystem32driversNtfs.sys

2011/01/07 07:29:45.0125 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:WINDOWSsystem32driversNull.sys

2011/01/07 07:29:45.0578 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:WINDOWSsystem32DRIVERSnv4_mini.sys

2011/01/07 07:29:45.0687 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:WINDOWSsystem32DRIVERSnwlnkflt.sys

2011/01/07 07:29:45.0703 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:WINDOWSsystem32DRIVERSnwlnkfwd.sys

2011/01/07 07:29:45.0765 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:WINDOWSsystem32DRIVERSparport.sys

2011/01/07 07:29:45.0781 PartMgr (beb3ba25197665d82ec7065b724171c6) C:WINDOWSsystem32driversPartMgr.sys

2011/01/07 07:29:45.0859 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:WINDOWSsystem32driversParVdm.sys

2011/01/07 07:29:46.0015 PCI (a219903ccf74233761d92bef471a07b1) C:WINDOWSsystem32DRIVERSpci.sys

2011/01/07 07:29:46.0093 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:WINDOWSsystem32driversPCIIde.sys

2011/01/07 07:29:46.0140 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:WINDOWSsystem32driversPcmcia.sys

2011/01/07 07:29:46.0328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:WINDOWSsystem32DRIVERSraspptp.sys

2011/01/07 07:29:46.0375 PSched (09298ec810b07e5d582cb3a3f9255424) C:WINDOWSsystem32DRIVERSpsched.sys

2011/01/07 07:29:46.0437 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:WINDOWSsystem32DRIVERSptilink.sys

2011/01/07 07:29:46.0484 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:WINDOWSsystem32DriversPxHelp20.sys

2011/01/07 07:29:46.0625 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:WINDOWSsystem32DRIVERSrasacd.sys

2011/01/07 07:29:46.0687 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:WINDOWSsystem32DRIVERSrasl2tp.sys

2011/01/07 07:29:46.0718 RasPppoe (2c9d4620a0fd35de1828370b392f6e2d) C:WINDOWSsystem32DRIVERSraspppoe.sys

2011/01/07 07:29:46.0734 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:WINDOWSsystem32DRIVERSraspti.sys

2011/01/07 07:29:46.0765 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:WINDOWSsystem32DRIVERSrdbss.sys

2011/01/07 07:29:46.0796 RDPCDD (4912d5b403614ce99c28420f75353332) C:WINDOWSsystem32DRIVERSRDPCDD.sys

2011/01/07 07:29:46.0859 rdpdr (c694a927eb7c354f7ae97955043a9641) C:WINDOWSsystem32DRIVERSrdpdr.sys

2011/01/07 07:29:46.0921 RDPWD (e8e3107243b16a549b88d145ec051b06) C:WINDOWSsystem32driversRDPWD.sys

2011/01/07 07:29:46.0968 redbook (f828dd7e1419b6653894a8f97a0094c5) C:WINDOWSsystem32DRIVERSredbook.sys

2011/01/07 07:29:47.0031 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:WINDOWSsystem32DriversRootMdm.sys

2011/01/07 07:29:47.0078 rspndr (743d7d59767073a617b1dcc6c546f234) C:WINDOWSsystem32DRIVERSrspndr.sys

2011/01/07 07:29:47.0140 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:WINDOWSsystem32DRIVERSRtnicxp.sys

2011/01/07 07:29:47.0218 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:WINDOWSsystem32driversSCDEmu.sys

2011/01/07 07:29:47.0281 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:WINDOWSsystem32DRIVERSsecdrv.sys

2011/01/07 07:29:47.0343 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:WINDOWSsystem32DRIVERSserenum.sys

2011/01/07 07:29:47.0375 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:WINDOWSsystem32DRIVERSserial.sys

2011/01/07 07:29:47.0406 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:WINDOWSsystem32driversSfloppy.sys

2011/01/07 07:29:47.0484 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:WINDOWSsystem32DRIVERSSLIP.sys

2011/01/07 07:29:47.0562 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:WINDOWSsystem32speedfan.sys

2011/01/07 07:29:47.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:WINDOWSsystem32driverssplitter.sys

2011/01/07 07:29:47.0687 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:WINDOWSsystem32DRIVERSsr.sys

2011/01/07 07:29:47.0734 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:WINDOWSsystem32DRIVERSsrv.sys

2011/01/07 07:29:47.0781 streamip (77813007ba6265c4b6098187e6ed79d2) C:WINDOWSsystem32DRIVERSStreamIP.sys

2011/01/07 07:29:47.0828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:WINDOWSsystem32DRIVERSswenum.sys

2011/01/07 07:29:47.0906 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:WINDOWSsystem32driversswmidi.sys

2011/01/07 07:29:48.0078 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:WINDOWSsystem32driverssysaudio.sys

2011/01/07 07:29:48.0156 Tcpip (5c7a2ebe8a7ae01c9fb6117d8a4c5be9) C:WINDOWSsystem32DRIVERStcpip.sys

2011/01/07 07:29:48.0203 TDPIPE (6471a66807f5e104e4885f5b67349397) C:WINDOWSsystem32driversTDPIPE.sys

2011/01/07 07:29:48.0234 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:WINDOWSsystem32driversTDTCP.sys

2011/01/07 07:29:48.0281 TermDD (88155247177638048422893737429d9e) C:WINDOWSsystem32DRIVERStermdd.sys

2011/01/07 07:29:48.0375 TPkd (409a577fd5781c717e55a28717514c58) C:WINDOWSsystem32driversTPkd.sys

2011/01/07 07:29:48.0437 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:WINDOWSsystem32driversUdfs.sys

2011/01/07 07:29:48.0500 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:Program FilesUnlockerUnlockerDriver5.sys

2011/01/07 07:29:48.0562 Update (402ddc88356b1bac0ee3dd1580c76a31) C:WINDOWSsystem32DRIVERSupdate.sys

2011/01/07 07:29:48.0625 usbaudio (e919708db44ed8543a7c017953148330) C:WINDOWSsystem32driversusbaudio.sys

2011/01/07 07:29:48.0656 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:WINDOWSsystem32DRIVERSusbccgp.sys

2011/01/07 07:29:48.0687 usbehci (52674b5dbee499342a599c7771abecaa) C:WINDOWSsystem32DRIVERSusbehci.sys

2011/01/07 07:29:48.0718 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:WINDOWSsystem32DRIVERSusbhub.sys

2011/01/07 07:29:48.0781 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:WINDOWSsystem32DRIVERSUSBSTOR.SYS

2011/01/07 07:29:48.0796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:WINDOWSsystem32DRIVERSusbuhci.sys

2011/01/07 07:29:48.0843 usbvideo (ee1c82338f2b831b2a863935c831db21) C:WINDOWSsystem32Driversusbvideo.sys

2011/01/07 07:29:48.0890 VBoxDrv (9b7d30e837c80ec406676c0fe784107f) C:WINDOWSsystem32DRIVERSVBoxDrv.sys

2011/01/07 07:29:48.0953 VBoxNetAdp (e34cb1e4756b465cc832354162dfcef0) C:WINDOWSsystem32DRIVERSVBoxNetAdp.sys

2011/01/07 07:29:48.0968 VBoxNetFlt (c7519f03685f5d0291b233310bcf34b1) C:WINDOWSsystem32DRIVERSVBoxNetFlt.sys

2011/01/07 07:29:49.0015 VBoxUSB (d11e6ba88bccb871ade6e06136bdd8aa) C:WINDOWSsystem32DriversVBoxUSB.sys

2011/01/07 07:29:49.0062 VBoxUSBMon (a2229877303764021c088e6400b3e063) C:WINDOWSsystem32DRIVERSVBoxUSBMon.sys

2011/01/07 07:29:49.0109 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:WINDOWSSystem32driversvga.sys

2011/01/07 07:29:49.0156 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:WINDOWSsystem32driversVolSnap.sys

2011/01/07 07:29:49.0234 W8335XP (738244934c71118a21f8d678067d057d) C:WINDOWSsystem32DRIVERSWG511v2XP.sys

2011/01/07 07:29:49.0296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:WINDOWSsystem32DRIVERSwanarp.sys

2011/01/07 07:29:49.0375 wdmaud (6768acf64b18196494413695f0c3a00f) C:WINDOWSsystem32driverswdmaud.sys

2011/01/07 07:29:49.0500 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:WINDOWSSystem32driversws2ifsl.sys

2011/01/07 07:29:49.0531 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:WINDOWSsystem32DRIVERSWSTCODEC.SYS

2011/01/07 07:29:49.0578 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:WINDOWSsystem32DRIVERSWudfPf.sys

2011/01/07 07:29:49.0859 ================================================================================

2011/01/07 07:29:49.0859 Scan finished

2011/01/07 07:29:49.0859 ================================================================================

Link to post
Share on other sites

Hi,

Please download DDS and save it to your desktop.

  • Disable any script blocking protection.
  • Double click dds.com to run the tool..
  • When done, DDS will open two logs (DDS.txt and Attach.txt).
  • Save both reports to your desktop.

Please include the contents of DDS.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

DDS (Ver_10-12-12.02) - NTFSx86

Run by Owner at 14:01:45,24 on 09.01.2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.352.1033.18.1023.328 [GMT 11:00]

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\taskswitch.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\StealthBot 2.7\StealthBot v2.7.exe

C:\Documents and Settings\Owner\My Documents\Spiritual121\Spiritual.exe

C:\PROGRA~1\Oracle\VIRTUA~1\VBoxSVC.exe

C:\PROGRA~1\Oracle\VIRTUA~1\VirtualBox.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/

uInternet Settings,ProxyServer = 67.234.212.182:80

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

uURLSearchHooks: OddsMaker Toolbar: {b552069b-7b85-492f-8b98-ccf409c93a39} - c:\program files\oddsmaker\tbOdds.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: OddsMaker Toolbar: {b552069b-7b85-492f-8b98-ccf409c93a39} - c:\program files\oddsmaker\tbOdds.dll

BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: OddsMaker Toolbar: {b552069b-7b85-492f-8b98-ccf409c93a39} - c:\program files\oddsmaker\tbOdds.dll

TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe

mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: MaxRecentDocs = 18 (0x12)

mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://72.4.147.62:8443/vz/ssh/wodTelnetDLX.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-16 293968]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-4-3 143184]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-4-3 41936]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-16 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-16 40384]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-10-10 66048]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-6 20952]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-10-8 111568]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-6 363344]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]

S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\aztech_npf32.sys [2010-6-9 42000]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-3-25 100560]

S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-11-11 31888]

=============== Created Last 30 ================

2011-01-07 01:51:36 54016 ----a-w- c:\windows\system32\drivers\jvpa.sys

2011-01-06 09:00:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-06 09:00:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-06 09:00:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-03 15:49:50 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\WinZip

==================== Find3M ====================

2010-12-31 20:06:36 38848 ----a-w- c:\windows\avastSS.scr

2010-11-16 12:41:00 323624 ----a-w- c:\windows\system32\wiaaut.dll

============= FINISH: 14:03:03,04 ===============

Link to post
Share on other sites

Here is the rootkit one now and thank you for replying :D

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2

==============================================

>Drivers

==============================================

0xF6699000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10240000 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 195.62 )

0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6283264 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 195.62 )

0xF6204000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 3846144 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2260992 bytes

0x804D7000 RAW 2260992 bytes

0x804D7000 WMIxWDM 2260992 bytes

0xBF800000 Win32k 1863680 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF65AF000 C:\WINDOWS\system32\DRIVERS\es56cvmp.sys 598016 bytes (ESS Technology, Inc., ESS Telephony Driver)

0xF767D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF3C38000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xB6E1B000 C:\PROGRA~1\Oracle\VIRTUA~1\VMMR0.r0 421888 bytes

0xF60D9000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xF3DDD000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB822C000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xF3BDA000 C:\WINDOWS\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xB7D28000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF6151000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xF77DF000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xF7650000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB82AC000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB6D6A000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xF3CD0000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF3D8F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF7789000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xF3DB7000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF61E0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF6661000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF61BD000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF3D6D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xF3D4B000 C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys 139264 bytes (Oracle Corporation, VirtualBox Support Driver)

0x806FF000 ACPI_HAL 134528 bytes

0x806FF000 C:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF7751000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF6641000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 131072 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )

0xF77AF000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF7721000 TPkd.sys 122880 bytes (PACE Anti-Piracy, Inc., InterLok system file)

0xF7636000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF6137000 C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys 106496 bytes (Oracle Corporation, VirtualBox Bridged Networking Driver)

0xF7771000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB6E03000 C:\PROGRA~1\Oracle\VIRTUA~1\VBoxDDR0.r0 98304 bytes

0xB84B8000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)

0xF3C21000 C:\Program Files\UltraISO\drivers\ISODrive.sys 94208 bytes (EZB Systems, Inc., ISO DVD/CD-ROM Device Driver)

0xF770A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF6192000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xB7F1F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF61A9000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xF6685000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xF3E36000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF773F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xB85BF000 C:\WINDOWS\system32\DRIVERS\EAPPkt.sys 69632 bytes (Windows ® 2000 DDK provider, NDIS User mode I/O Driver)

0xF77CE000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF6181000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF795E000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF7A3E000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xB8778000 C:\WINDOWS\system32\DRIVERS\rspndr.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0xF79FE000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF79EE000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF7A4E000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xB8358000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF78BE000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF790E000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)

0xF786E000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF7A0E000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF7A5E000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF784E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF7A7E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF791E000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF7A1E000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF783E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF7A6E000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF78DE000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)

0xF782E000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF78AE000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF787E000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF7A9E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF785E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF79DE000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)

0xB7E61000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)

0xF7A8E000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF78EE000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB7DC9000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF78FE000 C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys 36864 bytes (Oracle Corporation, VirtualBox USB Monitor Driver)

0xF794E000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF7B9E000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xF7B2E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7B86000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF7BB6000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF7B06000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7BAE000 C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys 28672 bytes

0xF7AAE000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF7B6E000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)

0xF7BCE000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF7BC6000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF7B76000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF7B0E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7B66000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)

0xF7AE6000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xF7B1E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7AB6000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7C06000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7C16000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7BF6000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7BBE000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF3D07000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0xF706D000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xB86F8000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF760E000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xB87F8000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)

0xF7C3E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF3D0F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF7D06000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 12288 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF75FE000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF7D16000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xB8224000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 12288 bytes

0xB79BC000 C:\PROGRA~1\Oracle\VIRTUA~1\VBoxDD2R0.r0 12288 bytes

0xF7D72000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7D34000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xF7D32000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0xF7D2E000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7D86000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xF7D76000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7D36000 speedfan.sys 8192 bytes

0xF7D60000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7D6E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7D30000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7E06000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7E25000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7DF7000 giveio.sys 4096 bytes

0xF7E9F000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7DF6000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0xF98802A0 ] TID: 128, 20168232 bytes

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0xF97E57D8 ] TID: 136

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85846B30 ] TID: 144

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8594D5C0 ] TID: 172

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C63020 ] TID: 200, 3801155 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858F7B48 ] TID: 216

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85940640 ] TID: 220

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x858ADB30 ] TID: 228

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x859415C0 ] TID: 252

0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x859143D0 ] TID: 288

0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x85913B80 ] TID: 300

0x80562520 Faked ServiceTable-->jqs.exe [ ETHREAD 0x85911958 ] TID: 348

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858DBDA8 ] TID: 356

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x858F7630 ] TID: 392, 8781826 bytes

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF9305BE0 ] TID: 408

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x85912B30 ] TID: 432

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8590FA18 ] TID: 448

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C4A500 ] TID: 456, 8781836 bytes

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x84243020 ] TID: 464

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x858E7DA8 ] TID: 468

0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x85E74DA8 ] TID: 624

0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x85E779A8 ] TID: 628

0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x85E77550 ] TID: 632

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857B5318 ] TID: 636

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0xF972B980 ] TID: 656

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF8B8E9B0 ] TID: 676

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857D1DA8 ] TID: 684

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85859270 ] TID: 688

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x857D22D8 ] TID: 692

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x858FFDA8 ] TID: 696

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x857CC518 ] TID: 700

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857B65C0 ] TID: 720

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858E8498 ] TID: 724

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85E59020 ] TID: 728

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857D35D8 ] TID: 744

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858BBDA8 ] TID: 792

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85854B88 ] TID: 796

0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x85853DA8 ] TID: 820

0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x858BCB28 ] TID: 828

0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x858C0B48 ] TID: 832, 8781871 bytes

0x80562520 Faked ServiceTable-->alg.exe [ ETHREAD 0x858BAB80 ] TID: 836

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858A89E8 ] TID: 848, 8781874 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CAC878 ] TID: 860

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x857AFDA8 ] TID: 864, 8781883 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8585A348 ] TID: 868

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857C85B8 ] TID: 872

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858AA5B8 ] TID: 876

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x858FB020 ] TID: 880

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858A79F0 ] TID: 884, 2097184 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8584DDA8 ] TID: 888

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857D6828 ] TID: 892

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857ADDA8 ] TID: 896

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858C5410 ] TID: 900

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858BDDA8 ] TID: 904

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85857DA8 ] TID: 912

0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x85D86DA8 ] TID: 928

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x83B8F020 ] TID: 952

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858063B8 ] TID: 960

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85E09720 ] TID: 964

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF8F6B9D0 ] TID: 968

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85D8AA00 ] TID: 972

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85D58DA8 ] TID: 1000

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85D3CDA8 ] TID: 1004

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85D56470 ] TID: 1008

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85D7FDA8 ] TID: 1012

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85D8A460 ] TID: 1016

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85D83B30 ] TID: 1024

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85D7F648 ] TID: 1028

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85846DA8 ] TID: 1036

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85D50650 ] TID: 1040

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF923BAB0 ] TID: 1056

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x865655F0 ] TID: 1064

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85D3BDA8 ] TID: 1076

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85DC7718 ] TID: 1088

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85DC52B0 ] TID: 1100

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85DC5A00 ] TID: 1108, 3014764 bytes

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85DC6850 ] TID: 1116

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85E5DDA8 ] TID: 1124, 196611 bytes

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x857D05C0 ] TID: 1128

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85D3AB30 ] TID: 1140

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85D336B0 ] TID: 1184

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DC3558 ] TID: 1208, 3801155 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E59DA8 ] TID: 1212

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E59B30 ] TID: 1216

0x80562520 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x86555B80 ] TID: 1220

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85D68BA0 ] TID: 1228

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8585F020 ] TID: 1236

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D73B70 ] TID: 1264

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DBB998 ] TID: 1272

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DBB720 ] TID: 1276

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DBB4A8 ] TID: 1280

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D23B48 ] TID: 1308

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D1D6E0 ] TID: 1324

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D1D468 ] TID: 1328

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x85E58388 ] TID: 1336

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85D238D0 ] TID: 1348

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8579B958 ] TID: 1376

0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x857B4DA8 ] TID: 1396

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x8428D020 ] TID: 1400

0x80562520 Faked ServiceTable-->explorer.exe [ ETHREAD 0x8578EC10 ] TID: 1420

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF97FF7D8 ] TID: 1424

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x857AD020 ] TID: 1440

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857AD5B8 ] TID: 1444

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858AC020 ] TID: 1452

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x858AC5B8 ] TID: 1456

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x858AC340 ] TID: 1460

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CCC7B0 ] TID: 1468

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85807660 ] TID: 1512

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x8420A020 ] TID: 1544

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x856CEDA8 ] TID: 1560

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85CB5588 ] TID: 1564

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CBF7B0 ] TID: 1568

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85CB3DA8 ] TID: 1576

0x80562520 Faked ServiceTable-->csrss.exe [ ETHREAD 0x85930398 ] TID: 1580

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x85DC4300 ] TID: 1584

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C65B88 ] TID: 1588

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CCB7B0 ] TID: 1600, 6094963 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CB0B30 ] TID: 1604

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x840D95C8 ] TID: 1608

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CB4968 ] TID: 1632

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0xF972A970 ] TID: 1636

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CC17B0 ] TID: 1640

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CB9C78 ] TID: 1652

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CB97A0 ] TID: 1656

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CA9940 ] TID: 1660

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85CD97B0 ] TID: 1664

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C94DA8 ] TID: 1720

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C67DA8 ] TID: 1732

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C7CDA8 ] TID: 1744

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C7CB30 ] TID: 1748

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C9EA68 ] TID: 1752, 7077998 bytes

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C9E7F0 ] TID: 1756

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C9E578 ] TID: 1760

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C5FCE8 ] TID: 1764

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C69DA8 ] TID: 1768

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C8FD10 ] TID: 1772

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C88C38 ] TID: 1776

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C70DA8 ] TID: 1780

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C71DA8 ] TID: 1784

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C40B98 ] TID: 1788

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C96730 ] TID: 1792

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C964B8 ] TID: 1796

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C8B540 ] TID: 1800

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C79540 ] TID: 1804

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85CB6B80 ] TID: 1808

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85CB66E0 ] TID: 1812

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C34958 ] TID: 1816, 7077990 bytes

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C69628 ] TID: 1824

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C87410 ] TID: 1828

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C703B8 ] TID: 1836

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C206E0 ] TID: 1864

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C79DA8 ] TID: 1880

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85C7FDA8 ] TID: 1888

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x859F5B80 ] TID: 1900

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8594CDA8 ] TID: 1904, 7536761 bytes

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x859999A0 ] TID: 1908

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8593BB80 ] TID: 1912

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8593A778 ] TID: 1944

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8593E020 ] TID: 1956

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x859A3958 ] TID: 1960

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x842555D8 ] TID: 1964

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0xF97E9A20 ] TID: 1972

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x859ABA48 ] TID: 1980, 3014765 bytes

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8593A500 ] TID: 1984

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x859C4DA8 ] TID: 1988

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8592A620 ] TID: 1992

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85936DA8 ] TID: 1996

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x859A3DA8 ] TID: 2000

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8594DDA8 ] TID: 2004

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8593DDA8 ] TID: 2008

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8590CDA8 ] TID: 2012, 5242963 bytes

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x859324C0 ] TID: 2016

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x85941DA8 ] TID: 2020

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x859685C0 ] TID: 2024

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8593F020 ] TID: 2032

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x81B5C020 ] TID: 2036

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x81CAE020 ] TID: 2116

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0xF97686A8 ] TID: 2164

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x84292020 ] TID: 2184, 5963776 bytes

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0xF9441A98 ] TID: 2220

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x81688A08 ] TID: 2228

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x822BE9C8 ] TID: 2252

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x841B0C90 ] TID: 2284

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x8406FB00 ] TID: 2320

0x80562520 Faked ServiceTable-->Spiritual.exe [ ETHREAD 0xF8C365F8 ] TID: 2328

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x83B1AB48 ] TID: 2332

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0xF94FA350 ] TID: 2340, 580328 bytes

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0xF8214600 ] TID: 2352

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x856C4DA8 ] TID: 2388

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x82E32020 ] TID: 2392

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0xF94F97C0 ] TID: 2404

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0x85E34B88 ] TID: 2412

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8566F638 ] TID: 2432

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF95F2270 ] TID: 2464

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0xF9231C78 ] TID: 2504, 2949120 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0xF9879AB0 ] TID: 2508

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0xF9805DA8 ] TID: 2512

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x81FE25C8 ] TID: 2528

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0x834725C8 ] TID: 2664

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x82E53020 ] TID: 2708

0x80562520 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0xF9854AA8 ] TID: 2724

0x80562520 Faked ServiceTable-->Spiritual.exe [ ETHREAD 0x85C86C90 ] TID: 2728

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x83342D10 ] TID: 2736, 32 bytes

0x80562520 Faked ServiceTable-->Spiritual.exe [ ETHREAD 0x856CA020 ] TID: 2740

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0xF83F1020 ] TID: 2760

0x80562520 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x859162B0 ] TID: 2776

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8584A9E8 ] TID: 2792

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0xF9441D10 ] TID: 2804

0x80562520 Faked ServiceTable-->VBoxSVC.exe [ ETHREAD 0x8424B910 ] TID: 2816

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858AE488 ] TID: 2880

0x80562520 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x858AF020 ] TID: 2896

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C57DA8 ] TID: 2900

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C4DA20 ] TID: 2904

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85EB6A58 ] TID: 2908

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF8DE6A18 ] TID: 2920

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x859B6020 ] TID: 2932

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84C33C00 ] TID: 2936

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0xF9355BE0 ] TID: 2940

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84788C98 ] TID: 2948

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E54020 ] TID: 3008

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85E54348 ] TID: 3012

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85DEDDA8 ] TID: 3028

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x866A8020 ] TID: 3032

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x866A8340 ] TID: 3036

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F42B30 ] TID: 3040

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C6CDA8 ] TID: 3056

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8590B3B8 ] TID: 3060

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x858485D8 ] TID: 3064

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x856C0DA8 ] TID: 3068

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85C3E020 ] TID: 3080

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x842923F8 ] TID: 3092

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85803DA8 ] TID: 3096

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85807358 ] TID: 3100, 7471203 bytes

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85803B30 ] TID: 3104

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x856F5618 ] TID: 3108

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x856BFB48 ] TID: 3112

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0xF824A350 ] TID: 3120

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0xF97BA968 ] TID: 3128

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x856DEDA8 ] TID: 3136

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85F41B80 ] TID: 3144

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x857A5B88 ] TID: 3148

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0x81F68310 ] TID: 3180

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF979D020 ] TID: 3200

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x85688DA8 ] TID: 3216

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x842FB208 ] TID: 3280

0x80562520 Faked ServiceTable-->VBoxSVC.exe [ ETHREAD 0x8440D518 ] TID: 3284

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x846872F8 ] TID: 3296, 7471211 bytes

0x80562520 Faked ServiceTable-->winlogon.exe [ ETHREAD 0xF805C528 ] TID: 3352

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF976A8E8 ] TID: 3376

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x842685D8 ] TID: 3400, 446912 bytes

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0xF942ABE0 ] TID: 3440, 16908418 bytes

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF8B73BD8 ] TID: 3464

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x843F1020 ] TID: 3476

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0xF83C8860 ] TID: 3512

0x80562520 Faked ServiceTable-->lsass.exe [ ETHREAD 0xF85EA980 ] TID: 3520, 2097268 bytes

0x80562520 Faked ServiceTable-->VBoxSVC.exe [ ETHREAD 0x818C9968 ] TID: 3528

0x80562520 Faked ServiceTable-->VBoxSVC.exe [ ETHREAD 0x84688B60 ] TID: 3592

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0xF8A980E8 ] TID: 3672

0x80562520 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x85592480 ] TID: 3712, 130 bytes

0x80562520 Faked ServiceTable-->services.exe [ ETHREAD 0xF96E0020 ] TID: 3732, 20347912 bytes

0x80562520 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0xF947AB40 ] TID: 3788, 5439534 bytes

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF96FD768 ] TID: 3800

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x81853C78 ] TID: 3804

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0xF97C1A00 ] TID: 3844

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0xF9446DA8 ] TID: 3872

0x80562520 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0xF9446B30 ] TID: 3880

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8340C020 ] TID: 3888

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x84436020 ] TID: 3924

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x84B98340 ] TID: 3932

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0xF8B2E260 ] TID: 3980

0x80562520 Faked ServiceTable-->StealthBot v2.7.exe [ ETHREAD 0x85611488 ] TID: 3996

0x80562520 Faked ServiceTable-->StealthBot v2.7.exe [ ETHREAD 0x855A1DA8 ] TID: 4000

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8437C250 ] TID: 4020

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0xF8CDA308 ] TID: 4024

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0xF97F8D10 ] TID: 4028

0x80562520 Faked ServiceTable-->VirtualBox.exe [ ETHREAD 0x840D3968 ] TID: 4036

0x80562520 Faked ServiceTable-->VBoxSVC.exe [ ETHREAD 0x840D7020 ] TID: 4040

0x80562520 Faked ServiceTable-->svchost.exe [ ETHREAD 0xF80BA9B0 ] TID: 4068

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF8B7ABD8 ] TID: 4076

0x80562520 Faked ServiceTable-->chrome.exe [ ETHREAD 0xF9188AB0 ] TID: 4088

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Done as you asked mate thanks for the fast reply seen anything suspicious so far?

ComboFix 11-01-08.05 - Owner 10.01.2011 2:34.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.352.1033.18.1023.712 [GMT 11:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Custom Settings\ToggleQL.exe

c:\windows\system32\14_43260.dll

c:\windows\system32\28_83260.dll

c:\windows\system32\Temp

c:\windows\system32\Temp\aawfhriejlcmbvbhxjui.list

c:\windows\system32\Temp\mnvfrS6BtwKKJ2y\4JNkwENfu3ANP.dl_

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))

.

2011-01-09 15:40 . 2011-01-09 15:40 -------- d-----w- c:\windows\system32\xircom

2011-01-09 15:40 . 2011-01-09 15:40 -------- d-----w- c:\windows\system32\wbem\snmp

2011-01-09 15:40 . 2011-01-09 15:40 -------- d-----w- c:\windows\system32\oobe

2011-01-09 15:40 . 2011-01-09 15:40 -------- d-----w- c:\program files\microsoft frontpage

2011-01-06 09:00 . 2010-12-20 07:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-06 09:00 . 2010-12-20 07:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-06 09:00 . 2011-01-06 09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-03 15:49 . 2011-01-03 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2011-01-03 15:49 . 2011-01-03 15:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinZip

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-31 20:06 . 2010-11-16 08:56 38848 ----a-w- c:\windows\avastSS.scr

2010-12-31 20:06 . 2010-11-16 08:56 188216 ----a-w- c:\windows\system32\aswBoot.exe

2010-12-31 20:00 . 2010-11-16 08:56 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-12-31 19:59 . 2010-11-16 08:56 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-12-31 19:59 . 2010-11-16 08:56 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-12-31 19:59 . 2010-11-16 08:56 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-12-31 19:56 . 2010-11-16 08:56 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-12-31 19:56 . 2010-11-16 08:56 29264 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-12-31 19:56 . 2010-11-16 08:56 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-11-16 12:41 . 2010-11-16 12:41 323624 ----a-w- c:\windows\system32\wiaaut.dll

.

------- Sigcheck -------

[-] 2010-01-07 . 5C7A2EBE8A7AE01C9FB6117D8A4C5BE9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\TCPIP.SYS

[-] 2010-01-07 . 5C7A2EBE8A7AE01C9FB6117D8A4C5BE9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\dllcache\TCPIP.SYS

c:\windows\System32\wscntfy.exe ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{b552069b-7b85-492f-8b98-ccf409c93a39}"= "c:\program files\OddsMaker\tbOdds.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{b552069b-7b85-492f-8b98-ccf409c93a39}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b552069b-7b85-492f-8b98-ccf409c93a39}]

2009-10-27 00:45 2325528 ----a-w- c:\program files\OddsMaker\tbOdds.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{b552069b-7b85-492f-8b98-ccf409c93a39}"= "c:\program files\OddsMaker\tbOdds.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{b552069b-7b85-492f-8b98-ccf409c93a39}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-19 395640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]

"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2009-07-19 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-10-10 745472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"MaxRecentDocs"= 18 (0x12)

"NoSMConfigurePrograms"= 1 (0x1)

"NoRecentDocsNetHood"= 1 (0x1)

"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-03-30 02:37 136176 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 06:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2010-12-19 13:50 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Documents and Settings\\Owner\\Desktop\\Clanwl\\kukbot_1.12_update\\kukbot_1.12 update\\Bot\\RedVex.exe"=

"c:\\Program Files\\World of Warcraft\\Repair.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.3.5.12340-x86-Win-enUS-BKGND-downloader.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Oracle\\VirtualBox\\VirtualBox.exe"=

"c:\\Program Files\\World of Warcraft\\Blizzard Updater.exe"=

"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=

"c:\\Documents and Settings\\Owner\\Desktop\\Kukies\\Kukies\\RedVex2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8767:UDP"= 8767:UDP:*:Disabled:teamspeak

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.11.2010 19:56 293968]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [03.04.2010 21:13 143184]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [03.04.2010 21:13 41936]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.11.2010 19:56 17744]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10.10.2009 17:07 66048]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.01.2011 20:00 20952]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [08.10.2010 15:57 111568]

S0 hmsbrfwy;hmsbrfwy;c:\windows\system32\drivers\jvpa.sys --> c:\windows\system32\drivers\jvpa.sys [?]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06.01.2011 20:00 363344]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [25.03.2010 20:06 100560]

S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [11.11.2010 16:35 31888]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

.

Contents of the 'Scheduled Tasks' folder

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1958367476-2147050159-1003Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 02:37]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1958367476-2147050159-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 02:37]

2011-01-09 c:\windows\Tasks\User_Feed_Synchronization-{0155EC0E-2E18-41EA-8667-6C95D4F670EF}.job

- c:\windows\system32\msfeedssync.exe [2009-07-19 16:06]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.facebook.com/

uInternet Settings,ProxyServer = 67.234.212.182:80

DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} - hxxps://72.4.147.62:8443/vz/ssh/wodTelnetDLX.cab

.

- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)

HKLM-Run-nwiz - nwiz.exe

MSConfigStartUp-DeskSpace - c:\program files\DeskSpace\deskspace.exe

MSConfigStartUp-ManyCam - c:\program files\ManyCam\Bin\ManyCam.exe

MSConfigStartUp-SandboxieControl - c:\program files\Sandboxie\SbieCtrl.exe

AddRemove-MAGIX Screenshare US - c:\program files\MAGIX\Screenshare\unwise.exe

AddRemove-TeamSpeak 2 Server_is1 - c:\program files\Teamspeak2_RC2\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-10 02:41

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1804)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\UPHClean\uphclean.exe

c:\windows\system32\RUNDLL32.EXE

.

**************************************************************************

.

Completion time: 2011-01-10 02:44:34 - machine was rebooted

ComboFix-quarantined-files.txt 2011-01-09 15:44

Pre-Run: 4

Link to post
Share on other sites

Hi,

Please download OTM

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Processes

    :Services
    hmsbrfwy

    :Reg

    :Files
    ipconfig /flushdns /c
    c:\windows\system32\drivers\jvpa.sys

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Hi,

Please download OTM

  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :Processes

    :Services
    hmsbrfwy

    :Reg

    :Files
    ipconfig /flushdns /c
    c:\windows\system32\drivers\jvpa.sys

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Malwarebytes' Anti-Malware

  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    11. Push the esetBack.png button.
    12. Push esetFinish.png


      All processes killed
      ========== PROCESSES ==========
      ========== SERVICES/DRIVERS ==========
      Service hmsbrfwy stopped successfully!
      Service hmsbrfwy deleted successfully!
      ========== REGISTRY ==========
      ========== FILES ==========
      < ipconfig /flushdns /c >
      Windows IP Configuration
      Successfully flushed the DNS Resolver Cache.
      C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
      C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
      File/Folder c:\windows\system32\drivers\jvpa.sys not found.
      ========== COMMANDS ==========
      C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
      HOSTS file reset successfully
      [EMPTYTEMP]
      User: Admin
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 67 bytes
      User: All Users
      User: Custom Settings
      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes
      User: LocalService
      ->Temp folder emptied: 65536 bytes
      ->Temporary Internet Files folder emptied: 32902 bytes
      User: NetworkService
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 32835 bytes
      User: Owner
      ->Temp folder emptied: 954724 bytes
      ->Temporary Internet Files folder emptied: 5309032 bytes
      ->Java cache emptied: 71083 bytes
      ->FireFox cache emptied: 6135160 bytes
      ->Google Chrome cache emptied: 275759446 bytes
      ->Flash cache emptied: 46720 bytes
      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 0 bytes
      %systemroot%\System32 .tmp files removed: 2577 bytes
      %systemroot%\System32\dllcache .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 0 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
      RecycleBin emptied: 0 bytes
      Total Files Cleaned = 275,00 mb
      Restore point Set: OTM Restore Point (0)
      OTM by OldTimer - Version 3.1.17.2 log created on 01122011_154055
      Files moved on Reboot...
      File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
      Registry entries deleted on Reboot...
      Malwarebytes' Anti-Malware 1.50.1.1100
      www.malwarebytes.org
      Database version: 5506
      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702
      12.01.2011 15:50:35
      mbam-log-2011-01-12 (15-50-35).txt
      Scan type: Quick scan
      Objects scanned: 142012
      Time elapsed: 3 minute(s), 46 second(s)
      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0
      Memory Processes Infected:
      (No malicious items detected)
      Memory Modules Infected:
      (No malicious items detected)
      Registry Keys Infected:
      (No malicious items detected)
      Registry Values Infected:
      (No malicious items detected)
      Registry Data Items Infected:
      (No malicious items detected)
      Folders Infected:
      (No malicious items detected)
      Files Infected:
      (No malicious items detected)
      Posting other in a moment
Link to post
Share on other sites

Hi,

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :)

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :)

Link to post
Share on other sites

Hi,

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :)

Remove Combofix now that we're done with it.

  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    CF_Uninstall-1.jpg
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files

Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall

You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated

It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.

  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?

If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,

Gammo :P

Thanks so much for helping me. wish there was a way i could give back. thanks again :D

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.