Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 12 of 12 Posts

·
Registered
Joined
·
8 Posts
Discussion Starter · #1 ·
Hello, I need help with this virus, as it has infected my core system files, namely
C:\WINDOWS\system32\drivers\ntfs.sys with Trojan Horse Rootkit-Pakes.M
C:\WINDOWS\system32\braviax.exe with Trojan horse Injector.FH
C:\WINDOWS\system32\dllcache\fiagaro.sys with Trojan horse BackDoor.Generic11.AINT
and a non core system file
C:\Documents and Settings\Leon\msword98.exe with Trojan Horse Crypt.GHK

as reported by AVG. Windows failed to boot because of the ntfs.sys file missing and i had to replace it from disk, and i think it has been corrupted. I googled a bit, Is the Injector the source of the virus?
I also need help, as HijackThis cannot install, when i press install, the program seems to unpack HijackThis, but the program Hiackthis itself does not work. Will try to get a log of it.
thanks in advance.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #2 ·
Update and a Bump. Ive managed to get a Hijack this to work here is my log. Any help will be appreciated. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50, on 2009-08-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
E:\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Earth\googleearth.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: ikowin32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Update Service (gupdate1c9d9448b19ce8f) (gupdate1c9d9448b19ce8f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12896 bytes
 

·
Retired Moderator
Joined
·
72,109 Posts
Hi Welcome to TSG!!

Download ComboFix from one of these locations:

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System



Download the file & save it as it's originally named.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Please note once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall.



  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


  • At the next prompt, click 'Yes' to run the full ComboFix scan.
  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #5 ·
Thanks for the help Cybertech! Much appreciated! below is my ComboFix report

ComboFix 09-08-10.06 - Leon 2009-08-18 16:56.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.949 [GMT 8:00]
Running from: C:\Documents and Settings\Leon\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Leon\Application Data\wiaserva.log
c:\documents and settings\Leon\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\Installer\1e2549.msi
c:\windows\Installer\1e254a.msp
c:\windows\Installer\1e254b.msp
c:\windows\Installer\1e254c.msp
c:\windows\Installer\1e254d.msp
c:\windows\Installer\1e254e.msp
c:\windows\Installer\1e254f.msp
c:\windows\Installer\1e2550.msp
c:\windows\Installer\1e2551.msp
c:\windows\Installer\1e2552.msp
c:\windows\Installer\33d190.msi
c:\windows\Installer\5c4929.msi
c:\windows\Installer\cfe99.msi
c:\windows\Installer\d2b122.msi
c:\windows\system32\nY.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-13 18:47 . 2009-08-13 18:47 -------- d-----w- c:\windows\ServicePackFiles
2009-08-13 13:56 . 2009-08-13 13:54 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-13 13:54 . 2009-08-13 15:18 -------- d-----w- c:\documents and settings\Leon\.housecall6.6
2009-08-13 13:02 . 2008-12-11 00:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-13 13:01 . 2009-04-03 02:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-13 13:01 . 2008-12-18 03:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-13 13:01 . 2009-08-13 13:04 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-13 13:01 . 2008-12-10 03:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-13 13:00 . 2009-08-13 13:29 -------- d-----w- c:\program files\Spyware Doctor
2009-08-13 13:00 . 2009-08-13 13:00 -------- d-----w- c:\documents and settings\Leon\Application Data\PC Tools
2009-08-13 13:00 . 2009-08-13 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-13 12:28 . 2009-08-13 12:28 -------- d-----w- c:\program files\Trend Micro
2009-08-13 12:04 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-13 11:54 . 2004-08-04 07:00 574592 ----a-w- c:\windows\system32\dllcache\ntfs.sys
2009-08-13 11:51 . 2004-08-04 07:00 574592 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-12 14:35 . 2004-08-04 07:00 4224 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-08-12 10:53 . 1999-07-06 06:13 40960 ----a-w- c:\windows\system32\eax.dll
2009-08-12 10:52 . 2009-08-12 10:52 -------- d-----w- c:\program files\Creative Labs
2009-08-10 11:58 . 2009-08-10 17:41 -------- d-----w- c:\program files\Garena
2009-08-05 15:29 . 2009-08-05 15:29 -------- d-----w- c:\program files\NVIDIA Corporation
2009-08-05 15:29 . 2009-08-05 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-05 15:28 . 2009-07-14 18:54 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-05 15:27 . 2009-07-14 18:54 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-05 15:27 . 2009-07-14 18:54 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-05 15:27 . 2009-07-14 18:54 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-08-05 15:27 . 2009-07-14 18:54 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-08-05 15:27 . 2009-07-14 18:54 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-05 15:27 . 2009-07-14 18:54 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-08-05 15:27 . 2009-07-14 18:54 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-08-05 15:27 . 2009-07-14 18:54 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-08-05 15:15 . 2009-07-09 23:01 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-05 09:11 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-01 12:23 . 2009-08-01 12:23 -------- d-----w- c:\windows\Sins of a Solar Empire
2009-08-01 03:30 . 2009-08-01 03:30 -------- d-----w- c:\windows\system32\AGEIA
2009-08-01 03:29 . 2009-03-09 07:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-08-01 03:29 . 2009-03-09 07:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-08-01 03:29 . 2009-03-09 07:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-08-01 03:29 . 2009-03-16 06:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-01 03:29 . 2009-03-16 06:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-08-01 03:29 . 2009-03-16 06:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-08-01 03:29 . 2009-03-16 06:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-08-01 03:13 . 2009-08-01 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-08-01 03:12 . 2009-08-01 03:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-01 02:58 . 2009-08-01 02:58 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-01 02:58 . 2009-08-01 03:15 -------- d-----w- c:\documents and settings\Leon\Application Data\DAEMON Tools Lite
2009-07-29 14:51 . 2009-08-05 12:11 -------- d-----w- c:\program files\NCH Swift Sound
2009-07-29 13:59 . 2009-07-29 13:59 -------- d-----w- c:\documents and settings\Leon\Application Data\Recordpad
2009-07-29 13:59 . 2009-07-29 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-07-29 13:59 . 2009-07-29 13:59 -------- d-----w- c:\program files\NCH Software
2009-07-29 13:59 . 2009-07-29 14:54 -------- d-----w- c:\documents and settings\Leon\Application Data\NCH Swift Sound
2009-07-28 14:50 . 2009-08-18 08:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-28 14:48 . 2009-07-29 14:00 -------- d-----w- c:\program files\AudioCommander
2009-07-25 10:08 . 2008-10-14 22:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-25 10:08 . 2008-10-14 22:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-25 10:08 . 2008-10-14 22:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-25 10:07 . 2008-10-27 02:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-07-25 10:07 . 2008-10-27 02:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-07-25 10:07 . 2008-10-27 02:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-07-25 10:07 . 2008-10-27 02:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-07-25 09:50 . 2009-07-25 09:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{67C33A62-5B1D-43D1-9600-16006F36EB2B}
2009-07-25 09:50 . 2009-04-19 19:27 2965840 -c--a-w- c:\documents and settings\All Users\Application Data\{67C33A62-5B1D-43D1-9600-16006F36EB2B}\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-18 07:52 . 2006-06-13 15:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-17 18:24 . 2009-01-18 02:47 -------- d-----w- c:\program files\Steam
2009-08-17 18:17 . 2008-02-06 14:53 -------- d-----w- c:\documents and settings\Leon\Application Data\Bioshock
2009-08-17 17:16 . 2008-04-19 11:14 -------- d-----w- c:\documents and settings\Leon\Application Data\uTorrent
2009-08-16 07:20 . 2006-07-18 15:02 64744 ----a-w- c:\documents and settings\Leon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 16:03 . 2009-03-20 17:57 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-14 16:03 . 2009-03-20 17:56 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-13 13:46 . 2009-04-02 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-05 15:31 . 2007-01-26 20:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 15:30 . 2008-01-11 02:49 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-05 15:12 . 2008-08-09 04:45 -------- d-----w- c:\program files\ATI Technologies
2009-08-05 09:11 . 2004-08-04 02:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 03:16 . 2006-06-13 15:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 14:45 . 2006-10-10 08:55 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-21 12:10 . 2009-05-27 12:27 -------- d-----w- c:\program files\Common Files\logishrd
2009-07-17 18:55 . 2004-08-04 02:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 16:34 . 2009-07-15 16:25 -------- d-----w- c:\documents and settings\Leon\Application Data\LG Electronics
2009-07-15 16:27 . 2009-07-15 16:27 -------- d-----w- c:\program files\LG Electronics
2009-07-14 18:54 . 2009-01-14 09:59 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2009-01-14 09:59 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 10:06 . 2009-07-14 10:06 -------- d-----w- c:\program files\Common Files\Logitech
2009-07-14 09:24 . 2009-07-14 09:23 -------- d-----w- c:\program files\Saitek
2009-07-14 05:35 . 2009-07-14 05:35 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 05:35 . 2009-07-14 05:35 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-07-14 05:35 . 2009-07-14 05:35 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 05:35 . 2009-07-14 05:35 3170304 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 05:34 . 2009-07-14 05:34 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 05:34 . 2009-07-14 05:34 4923392 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 05:34 . 2009-07-14 05:34 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 05:34 . 2009-07-14 05:34 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 05:34 . 2009-07-14 05:34 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-07-14 05:34 . 2009-07-14 05:34 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-07-14 05:34 . 2009-07-14 05:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-14 05:34 . 2009-07-14 05:34 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 05:34 . 2009-07-14 05:34 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-07-13 15:00 . 2009-07-13 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios
2009-07-13 02:08 . 2004-08-04 02:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 06:50 . 2009-07-11 06:50 -------- d-----w- c:\program files\Convert AVI to MP4
2009-07-09 11:33 . 2009-06-22 11:01 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 11:33 . 2009-06-22 11:00 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 11:33 . 2009-06-22 11:00 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-06 01:19 . 2009-04-02 07:06 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-05 14:45 . 2008-02-02 17:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-05 10:10 . 2009-07-05 10:10 -------- d-----w- c:\program files\Microsoft
2009-07-05 10:10 . 2008-02-04 11:33 -------- d-----w- c:\program files\Windows Live
2009-07-05 10:10 . 2009-07-05 10:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-05 10:00 . 2009-07-05 10:00 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-26 15:59 . 2004-08-04 02:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 15:59 . 2004-08-04 02:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 02:24 . 2009-04-02 07:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-26 02:24 . 2009-04-02 07:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 07:07 . 2007-03-12 11:58 -------- d-----w- c:\program files\Warcraft III
2009-06-22 18:29 . 2008-11-25 13:23 -------- d-----w- c:\program files\Wesnoth 1.4.6
2009-06-21 03:20 . 2007-03-17 16:27 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-16 14:55 . 2004-08-04 02:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 02:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-08-04 02:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-04 02:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-04 02:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-06 16:56 . 2009-06-06 16:56 22328 ----a-w- c:\documents and settings\Leon\Application Data\PnkBstrK.sys
2009-06-06 16:56 . 2009-06-06 16:56 22328 ----a-w- c:\documents and settings\Leon\Application Data\PnkBstrK.sys
2009-06-06 16:56 . 2009-06-06 16:56 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-05 12:20 . 2006-09-05 02:58 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-05 07:42 . 2004-08-04 02:00 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-04 02:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 10:57 . 2009-05-28 13:04 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-28 10:57 . 2009-05-28 10:57 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-28 10:55 . 2009-05-28 10:57 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-28 10:55 . 2009-05-28 10:55 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-04-13 59040]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-09-06 100056]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-06-12 151552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="e:\logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"Profiler"="c:\program files\Saitek\Software\ProfilerU.exe" [2006-05-18 184320]
"SaiMfd"="c:\program files\Saitek\Software\SaiMfd.exe" [2006-06-05 126976]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]

c:\documents and settings\Leon\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-9-1 189952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 02:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Games\\Stronghold 2\\Stronghold2.exe"=
"e:\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
"e:\\Games\\Codemasters\\Overlord II\\Overlord2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-05-28 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-08-13 130936]
R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2006-01-12 102528]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-04-02 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-04-02 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-02 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-02 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-10 1029456]
S2 gupdate1c9d9448b19ce8f;Google Update Service (gupdate1c9d9448b19ce8f);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 133104]
S3 atidgllk;atidgllk;\??\c:\documents and settings\Leon\Desktop\misc\install progs\ati flash\winflash\atidgllk.sys --> c:\documents and settings\Leon\Desktop\misc\install progs\ati flash\winflash\atidgllk.sys [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-08-01 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-08-01 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-08-01 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-08-01 10368]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Leon\LOCALS~1\Temp\EYQ1D.tmp --> c:\docume~1\Leon\LOCALS~1\Temp\EYQ1D.tmp [?]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [2009-07-16 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [2009-07-16 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [2009-07-16 110464]
S3 lgmcmgmt;LGE Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmcmgmt.sys [2009-07-16 104448]
S3 lgmcnd5;LGE Mobile USB WMC Ethernet ELDA (NDIS);c:\windows\system32\drivers\lgmcnd5.sys [2009-07-16 25344]
S3 lgmcobex;LGE Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmcobex.sys [2009-07-16 100480]
S3 lgmcunic;LGE Mobile USB WMC Ethernet ELDA (WDM);c:\windows\system32\drivers\lgmcunic.sys [2009-07-16 109952]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-08-13 348752]
S3 XDva042;XDva042;\??\c:\windows\system32\XDva042.sys --> c:\windows\system32\XDva042.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\XDva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva132;XDva132;\??\c:\windows\system32\XDva132.sys --> c:\windows\system32\XDva132.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-08-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:03]

2009-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 12:14]

2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-20 12:14]

2009-08-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Leon.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-01-10 04:54]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-msword98 - c:\windows\system32\msword98.exe
Notify-AtiExtEvent - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Gigaget - c:\program files\Giganology\Gigaget\geturl.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
FF - ProfilePath - c:\documents and settings\Leon\Application Data\Mozilla\Firefox\Profiles\lfiwwt06.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.sg/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll

---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://www.cybotsgame.com
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 17:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Leon\LOCALS~1\Temp\EYQ1D.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2744428588-3563616566-794352208-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2744428588-3563616566-794352208-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:55,52,da,6a,54,61,9e,14,5f,f4,17,8d,5d,bd,a9,91,b0,27,8b,1e,1c,30,8f,
6b,f0,d8,a9,83,e2,c5,9e,02,a1,2a,c8,61,91,ae,b8,d2,8a,c7,81,1e,33,2d,9d,61,\
"??"=hex:33,50,dd,b4,29,8f,fb,0c,49,f6,b2,66,fb,dd,47,05
 

·
Retired Moderator
Joined
·
72,109 Posts
Download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #7 ·
Hey thanks for the help. I've looked up on rootkits.
Is it possible for this rootkit to infect and prevent its removal my malbytes? ive run the scan twice and received no alarms.

Malwarebytes' Anti-Malware 1.40
Database version: 2670
Windows 5.1.2600 Service Pack 2

2009-08-22 11:03:14
mbam-log-2009-08-22 (11-03-14).txt

Scan type: Quick Scan
Objects scanned: 136231
Time elapsed: 12 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 

·
Retired Moderator
Joined
·
72,109 Posts
Download SysProt Antirootkit
You will find it at the bottom of the page under attachments, or you can get it from one of the mirrors.

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click onthe Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to.
  • Open the text file and copy/paste the log here.
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #9 ·
Um, its a very long will post five times. Thanks so far
looks like there doesnt seem to be anything, but im not sure. Sorry if im wasting your time :X

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 684
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 760
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 784
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 828
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 840
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 992
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1028
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1096
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1448
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1548
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1760
Hidden: No
Window Visible: No

Name: E:\Alwil Software\Avast4\aswUpdSv.exe
PID: 1908
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 1992
Hidden: No
Window Visible: No

Name: E:\Alwil Software\Avast4\ashServ.exe
PID: 204
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 908
Hidden: No
Window Visible: No

Name: C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
PID: 1656
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1684
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PID: 1920
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 1988
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe
PID: 212
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
PID: 256
Hidden: No
Window Visible: No

Name: E:\Logitech\QuickCam\Quickcam.exe
PID: 496
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 528
Hidden: No
Window Visible: No

Name: C:\Program Files\Saitek\Software\ProfilerU.exe
PID: 1784
Hidden: No
Window Visible: No

Name: C:\Program Files\Saitek\Software\SaiMfd.exe
PID: 548
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\rundll32.exe
PID: 624
Hidden: No
Window Visible: No

Name: E:\ALWILS~1\Avast4\ashDisp.exe
PID: 644
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 540
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 740
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PID: 952
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 1372
Hidden: No
Window Visible: No

Name: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PID: 1436
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 2196
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 2224
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 2732
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PID: 3096
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 3284
Hidden: No
Window Visible: No

Name: C:\Program Files\CDBurnerXP\NMSAccessU.exe
PID: 3324
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 3332
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PnkBstrA.exe
PID: 3808
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 3844
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wdfmgr.exe
PID: 3872
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgemc.exe
PID: 296
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PID: 572
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 1928
Hidden: No
Window Visible: No

Name: E:\Alwil Software\Avast4\ashMaiSv.exe
PID: 2124
Hidden: No
Window Visible: No

Name: E:\Alwil Software\Avast4\ashWebSv.exe
PID: 2500
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\unsecapp.exe
PID: 2516
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 2708
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PID: 2764
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 3188
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 1304
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PID: 2276
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Contacts\wlcomm.exe
PID: 1692
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wuauclt.exe
PID: 3932
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgscanx.exe
PID: 736
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 4752
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 5240
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Leon\Desktop\SysProt\SysProt.exe
PID: 1612
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Leon\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A9377000
Module End: A9382000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806CD600
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806CE000
Module End: 806EE380
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: B85A8000
Module End: B85AA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: B84B8000
Module End: B84BB000
Hidden: No

Module Name: spli.sys
Service Name: ---
Module Base: B7EA6000
Module End: B7FA7000
Hidden: Yes

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: B85AA000
Module End: B85AC000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ---
Module Base: B7E8E000
Module End: B7EA6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: B7E60000
Module End: B7E8E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: B7E4F000
Module End: B7E60000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: B80A8000
Module End: B80B1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: B8670000
Module End: B8671000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: B8328000
Module End: B832F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: B80B8000
Module End: B80C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: B7E30000
Module End: B7E4F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: B8330000
Module End: B8335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: B80C8000
Module End: B80D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: B7E18000
Module End: B7E30000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\SI3112r.sys
Service Name: SI3112r
Module Base: B7DFE000
Module End: B7E18000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: B80D8000
Module End: B80E1000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: B80E8000
Module End: B80F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: B7DDE000
Module End: B7DFE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: B7DCC000
Module End: B7DDE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PCTCore.sys
Service Name: PCTCore
Module Base: B7DA9000
Module End: B7DCC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Lbd.sys
Service Name: Lbd
Module Base: B80F8000
Module End: B8107000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\SiWinAcc.sys
Service Name: SiFilter
Module Base: B84BC000
Module End: B84BF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: B8108000
Module End: B8111000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: B7D92000
Module End: B7DA9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: B7D05000
Module End: B7D92000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: B7CD8000
Module End: B7D05000
Hidden: No

Module Name: srescan.sys
Service Name: srescan
Module Base: B7CC4000
Module End: B7CD8000
Hidden: Yes

Module Name: C:\WINDOWS\system32\speedfan.sys
Service Name: speedfan
Module Base: B85AC000
Module End: B85AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: B7CA9000
Module End: B7CC4000
Hidden: No

Module Name: C:\WINDOWS\system32\giveio.sys
Service Name: giveio
Module Base: B8671000
Module End: B8672000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Service Name: AmdK8
Module Base: B8258000
Module End: B8266000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: B605D000
Module End: B67C0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B6049000
Module End: B605D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Service Name: b57w2k
Module Base: B6028000
Module End: B6049000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: B83F0000
Module End: B83F5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B6005000
Module End: B6028000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: B83F8000
Module End: B83FF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: B8268000
Module End: B8273000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: B8278000
Module End: B8285000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: B8288000
Module End: B8297000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: B5FE2000
Module End: B6005000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: B7C81000
Module End: B7C84000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Service Name: ALCXWDM
Module Base: B5DB5000
Module End: B5FE2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B59E9000
Module End: B5A0D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: B82C8000
Module End: B82D7000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\aebpp0tw.SYS
Service Name: ---
Module Base: AE156000
Module End: AE18E000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: AF420000
Module End: AF430000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: B12E4000
Module End: B12E8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: AE142000
Module End: AE156000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: AF410000
Module End: AF41D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: B83C0000
Module End: B83C6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: B83E0000
Module End: B83E6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: B8783000
Module End: B8784000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RootMdm.sys
Service Name: ROOTMODEM
Module Base: B85DC000
Module End: B85DE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: B83B0000
Module End: B83B8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: AED3F000
Module End: AED4C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: B856C000
Module End: B856F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: AE12B000
Module End: AE142000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: AED2F000
Module End: AED3A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: AED1F000
Module End: AED2B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: B83E8000
Module End: B83ED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: AE11A000
Module End: AE12B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: AED0F000
Module End: AED18000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: B83B8000
Module End: B83BD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: B83D8000
Module End: B83DD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Service Name: hamachi
Module Base: B8380000
Module End: B8385000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: AECFF000
Module End: AED09000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\SaiBus.sys
Service Name: SaiNtBus
Module Base: AECEF000
Module End: AECF8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: B85DE000
Module End: B85E0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: B8580000
Module End: B8584000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: AECDF000
Module End: AECE9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\SaiMini.sys
Service Name: SaiMini
Module Base: B05E2000
Module End: B05E6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: AECCF000
Module End: AECD8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: B8400000
Module End: B8407000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: B8594000
Module End: B8598000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: B05FA000
Module End: B05FD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: AE246000
Module End: AE255000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: B85EE000
Module End: B85F0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: B85F6000
Module End: B85F8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: B8781000
Module End: B8782000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: B85F8000
Module End: B85FA000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: B8420000
Module End: B8426000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: B85FA000
Module End: B85FC000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: B85FC000
Module End: B85FE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DVDVRRdr_xp.SYS
Service Name: DVDVRRdr_xp
Module Base: ABFD7000
Module End: ABFFA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: B8430000
Module End: B8435000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: B8418000
Module End: B8420000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\UDFReadr.SYS
Service Name: UDFReadr
Module Base: ABF93000
Module End: ABFC5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: B85A4000
Module End: B85A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: ABF6E000
Module End: ABF81000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: ABF16000
Module End: ABF6E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Service Name: aswTdi
Module Base: AE226000
Module End: AE231000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: ABEFD000
Module End: ABF16000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: ABED5000
Module End: ABEFD000
Hidden: No

Module Name: C:\WINDOWS\System32\vsdatant.sys
Service Name: vsdatant
Module Base: ABE76000
Module End: ABED5000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: ABE54000
Module End: ABE76000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: AE216000
Module End: AE21F000
Hidden: No

Module Name: \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
Service Name: StyleXPHelper
Module Base: AE985000
Module End: AE98A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SCDEmu.SYS
Service Name: SCDEmu
Module Base: AE97D000
Module End: AE984000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: ABE29000
Module End: ABE54000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: ABDBA000
Module End: ABE29000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: AE1E6000
Module End: AE1EF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: ABD99000
Module End: ABDBA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: AE96D000
Module End: AE973000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: ABD48000
Module End: ABD99000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: B6830000
Module End: B6839000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: AE68D000
Module End: AE694000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: B8438000
Module End: B8440000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: AE1AE000
Module End: AE1B1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\LVUSBSta.sys
Service Name: LVUSBSta
Module Base: B81F8000
Module End: B8201000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
Service Name: PID_PEPI
Module Base: ABAB9000
Module End: ABD48000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\usbaudio.sys
Service Name: usbaudio
Module Base: B82A8000
Module End: B82B7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Service Name: aswSP
Module Base: ABA98000
Module End: ABAB9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Service Name: Aavmker4
Module Base: B8440000
Module End: B8445000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: B73ED000
Module End: B73FD000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: B7C71000
Module End: B7C75000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_SI3112r.sys
Service Name: ---
Module Base: ABA7E000
Module End: ABA98000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: B12E8000
Module End: B12EB000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: B8350000
Module End: B8355000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: B8687000
Module End: B8688000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
Service Name: aswFsBlk
Module Base: B8360000
Module End: B8368000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
Service Name: NwlnkIpx
Module Base: AB7A0000
Module End: AB7B6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
Service Name: NwlnkNb
Module Base: B81E8000
Module End: B81F8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: AB822000
Module End: AB826000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Service Name: aswMon2
Module Base: AB6EA000
Module End: AB700000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
Service Name: NwlnkSpx
Module Base: B73FD000
Module End: B740B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: AB3B5000
Module End: AB3CA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B742D000
Module End: B743C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: AB17B000
Module End: AB1A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: AA0FD000
Module End: AA14F000
Hidden: No

Module Name: \??\C:\Program Files\WIZET\MapleStory\npkcrypt.sys
Service Name: npkcrypt
Module Base: AE67D000
Module End: AE683000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Service Name: Secdrv
Module Base: AAC66000
Module End: AAC70000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\tmcomm.sys
Service Name: tmcomm
Module Base: A9BBB000
Module End: A9BD3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Service Name: aswRdr
Module Base: A93D3000
Module End: A93D7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A91F6000
Module End: A9237000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A8E08000
Module End: A8E33000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fdc.sys
Service Name: Fdc
Module Base: B8398000
Module End: B839F000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: ABAA06B8
Driver Base: ABA98000
Driver End: ABAB9000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwCreateFile
Address: ABEA5820
Driver Base: ABE76000
Driver End: ABED5000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwCreateKey
Address: B7DC1514
Driver Base: B7DA9000
Driver End: B7DCC000
Driver Name: PCTCore.sys

Function Name: ZwCreateProcess
Address: B7DB0282
Driver Base: B7DA9000
Driver End: B7DCC000
Driver Name: PCTCore.sys

Function Name: ZwCreateProcessEx
Address: B7DB0474
Driver Base: B7DA9000
Driver End: B7DCC000
Driver Name: PCTCore.sys

Function Name: ZwDeleteFile
Address: ABEA5EA0
Driver Base: ABE76000
Driver End: ABED5000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwDeleteKey
Address: B7DC1D00
Driver Base: B7DA9000
Driver End: B7DCC000
Driver Name: PCTCore.sys

Function Name: ZwDeleteValueKey
Address: B7DC1FB8
Driver Base: B7DA9000
Driver End: B7DCC000
Driver Name: PCTCore.sys

Function Name: ZwDuplicateObject
Address: ABAA014C
Driver Base: ABA98000
Driver End: ABAB9000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwEnumerateKey
Address: B7EC5CA4
Driver Base: B7EA6000
Driver End: B7FA7000
Driver Name: spli.sys

Function Name: ZwEnumerateValueKey
Address: B7EC6032
Driver Base: B7EA6000
Driver End: B7FA7000
Driver Name: spli.sys

Function Name: ZwLoadKey
Address: ABEB19E0
Driver Base: ABE76000
Driver End: ABED5000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwOpenFile
Address: ABEA5CF0
Driver Base: ABE76000
Driver End: ABED5000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwOpenKey
Address: B7DC03FA
Driver Base: B7DA9000
Driver End: B7DCC000
Driver Name: PCTCore.sys

Function Name: ZwOpenProcess
Address: ABAA008C
Driver Base: ABA98000
Driver End: ABAB9000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwOpenThread
Address: ABAA00F0
Driver Base: ABA98000
Driver End: ABAB9000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey
Address: B7EC610A
Driver Base: B7EA6000
Driver End: B7FA7000
Driver Name: spli.sys

Function Name: ZwQueryValueKey
Address: ABAA076E
Driver Base: ABA98000
Driver End: ABAB9000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRenameKey
Address: B7DC2422
Driver Base: B7DA9000
Driver End: B7DCC000
Driver Name: PCTCore.sys

Function Name: ZwReplaceKey
Address: ABEB1CD0
Driver Base: ABE76000
Driver End: ABED5000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwRestoreKey
Address: ABAA072E
Driver Base: ABA98000
Driver End: ABAB9000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwSetInformationFile
Address: ABEA6010
Driver Base: ABE76000
Driver End: ABED5000
Driver Name: \SystemRoot\System32\vsdatant.sys

Function Name: ZwSetValueKey
Address: B7DC17D8
Driver Base: B7DA9000
Driver End: B7DCC000
Driver Name: PCTCore.sys

Function Name: ZwTerminateProcess
Address: B7DAFF32
Driver Base: B7DA9000
Driver End: B7DCC000
Driver Name: PCTCore.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #10 ·
******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A9E71F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A9E71F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A9E71F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A9E71F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A9E71F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A9E71F8
Hooking Module: _unknown_

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: B7EA7000
Hooking Module: spli.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A42B500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A42B500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_READ
Jump To: 8A42B500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A42B500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A42B500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A42B500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 8A42B500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A42B500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4801F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4801F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4801F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4801F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4801F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4801F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AA551F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8AA551F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8AA551F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8AA551F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AA551F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AA551F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8AA551F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8AA551F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AA551F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AA551F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A3B2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A3B2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A3B2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A3B2500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A3B2500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aebpp0tw.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A3CC500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aebpp0tw.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A3CC500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aebpp0tw.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A3CC500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aebpp0tw.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A3CC500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aebpp0tw.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 8A3CC500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\aebpp0tw.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A3CC500
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A45B1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A45B1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8A45B1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A45B1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8A45B1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A45B1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A45B1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8A45B1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A45B1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A45B1F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: ABEBA8A0
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: ABEBA8A0
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: ABEBA8A0
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: ABEBA8A0
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: ABEBA8A0
Hooking Module: C:\WINDOWS\System32\vsdatant.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4691F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4691F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4691F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4691F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4691F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4691F8
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_CREATE
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_CLOSE
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_READ
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_WRITE
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_SET_EA
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_CLEANUP
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_POWER
Jump To: B7EAEE30
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: B7EC3514
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: \Driver\PCI_PNP7712
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: B7EEAAEA
Hooking Module: spli.sys

Hooked Module: C:\WINDOWS\system32\drivers\SI3112r.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8AA541F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\SI3112r.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8AA541F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\SI3112r.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8AA541F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\SI3112r.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8AA541F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\SI3112r.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8AA541F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\SI3112r.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8AA541F8
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #11 ·
Ports:
Local Address: LEONS:2546
Remote Address: LDT-GFX.BAY5.HOTMAIL.COM:1863
Type: TCP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: ESTABLISHED

Local Address: LEONS:2545
Remote Address: SIN01S01-IN-F83.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2540
Remote Address: 65.55.15.123:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:2538
Remote Address: E1.CLEARSPRING.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:2535
Remote Address: 118.215.100.20:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2533
Remote Address: 118.215.100.20:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2532
Remote Address: 118.215.100.20:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2527
Remote Address: 118.215.100.20:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2524
Remote Address: 118.215.100.20:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2520
Remote Address: 118.215.100.20:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2515
Remote Address: 72.26.193.130:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2503
Remote Address: TX-IN-F113.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2500
Remote Address: 64.225.158.190:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2497
Remote Address: SIN01S01-IN-F154.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2496
Remote Address: 64.225.158.190:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2491
Remote Address: SIN01S01-IN-F154.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2489
Remote Address: 64.225.158.190:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2486
Remote Address: SIN01S01-IN-F154.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2483
Remote Address: SIN01S01-IN-F154.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2473
Remote Address: SIN01S01-IN-F83.GOOGLE.COM:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2419
Remote Address: 64.225.158.190:HTTP
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:2410
Remote Address: 64.225.158.190:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:2299
Remote Address: VIP1.ANYCAST.CACHEFLY.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:2296
Remote Address: VIP1.ANYCAST.CACHEFLY.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:2293
Remote Address: VIP1.ANYCAST.CACHEFLY.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:2292
Remote Address: VIP1.ANYCAST.CACHEFLY.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:1406
Remote Address: 208.43.159.66-STATIC.REVERSE.SOFTLAYER.COM:HTTPS
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:1177
Remote Address: BB116-15-171-116.SINGNET.COM.SG:56156
Type: TCP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: ESTABLISHED

Local Address: LEONS:1052
Remote Address: BY2MSG2020509.MIXER.EDGE.MESSENGER.LIVE.COM:1863
Type: TCP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: ESTABLISHED

Local Address: LEONS:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LEONS:27015
Remote Address: LOCALHOST:1026
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: LEONS:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: LEONS:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: LEONS:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: LEONS:12143
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: LEONS:12119
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: LEONS:12110
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: LEONS:12080
Remote Address: LOCALHOST:2543
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2536
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:12080
Remote Address: LOCALHOST:2530
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2528
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2525
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2522
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2521
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2518
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2513
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2501
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2498
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2493
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2492
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2488
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2485
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2482
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2480
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2471
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2462
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2460
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2458
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2456
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2454
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2453
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2429
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: LOCALHOST:2414
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:12080
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: LISTENING

Local Address: LEONS:12025
Remote Address: 0.0.0.0:0
Type: TCP
Process: E:\Alwil Software\Avast4\ashMaiSv.exe
State: LISTENING

Local Address: LEONS:10110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: LISTENING

Local Address: LEONS:10080
Remote Address: LOCALHOST:2544
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2541
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:10080
Remote Address: LOCALHOST:2534
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2531
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2529
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2526
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2523
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2519
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2514
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2502
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2499
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2495
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2494
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2490
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2487
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2484
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2481
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2472
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2416
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: ESTABLISHED

Local Address: LEONS:10080
Remote Address: LOCALHOST:2213
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:10080
Remote Address: LOCALHOST:2211
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:10080
Remote Address: LOCALHOST:2205
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:10080
Remote Address: LOCALHOST:2203
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:10080
Remote Address: LOCALHOST:2183
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: LEONS:10025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgemc.exe
State: LISTENING

Local Address: LEONS:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: LEONS:2544
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2543
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2537
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:2534
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2531
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2530
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2529
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2528
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2526
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2525
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2523
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2522
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2521
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2519
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2518
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2514
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2513
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2502
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2501
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2499
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2498
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2495
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2494
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2493
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2492
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2490
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2488
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2487
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2485
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2484
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2482
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2481
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2480
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2472
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2471
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2464
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: CLOSE_WAIT

Local Address: LEONS:2463
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: CLOSE_WAIT

Local Address: LEONS:2462
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2461
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: CLOSE_WAIT

Local Address: LEONS:2460
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2459
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: CLOSE_WAIT

Local Address: LEONS:2458
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2457
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: CLOSE_WAIT

Local Address: LEONS:2456
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2455
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: CLOSE_WAIT

Local Address: LEONS:2454
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2453
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2430
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: CLOSE_WAIT

Local Address: LEONS:2429
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2416
Remote Address: LOCALHOST:10080
Type: TCP
Process: E:\Alwil Software\Avast4\ashWebSv.exe
State: ESTABLISHED

Local Address: LEONS:2414
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:2407
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:2295
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:2291
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:2288
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:2284
Remote Address: LOCALHOST:10080
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: LEONS:1192
Remote Address: LOCALHOST:1191
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:1191
Remote Address: LOCALHOST:1192
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:1189
Remote Address: LOCALHOST:1188
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:1188
Remote Address: LOCALHOST:1189
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: LEONS:1058
Remote Address: LOCALHOST:1055
Type: TCP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: ESTABLISHED

Local Address: LEONS:1055
Remote Address: LOCALHOST:1058
Type: TCP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: ESTABLISHED

Local Address: LEONS:1055
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: LISTENING

Local Address: LEONS:1037
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: LEONS:1026
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: LEONS:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LEONS:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: LEONS:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: LEONS:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: LEONS:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LEONS:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LEONS:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LEONS:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LEONS:DISCARD
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: NA

Local Address: LEONS:44301
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\PnkBstrA.exe
State: NA

Local Address: LEONS:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LEONS:1073
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Live\Contacts\wlcomm.exe
State: NA

Local Address: LEONS:1049
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: NA

Local Address: LEONS:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LEONS:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: LEONS:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LEONS:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LEONS:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: LEONS:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: LEONS:52478
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: LEONS:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: LEONS:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: LEONS:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: LEONS:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
 

·
Retired Moderator
Joined
·
72,109 Posts
Please run ESET Online Scanner

Note: You can use IE or FireFox for this scan. You need to disable your current installed Anti-Virus. If you need help with that look here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go ESET Online Scanner and click on the ESET Online Scanner button
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 
1 - 12 of 12 Posts
Status
Not open for further replies.
Top