This topic is locked
About to do the final scan. After OTL rebooted, I had an NDIS error (BSOD), which resolved itself upon a cold reboot. Here's the two logs:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #3
==============================================
>Drivers
==============================================
0xA86FC000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5197824 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xB5369000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 4399104 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xA8C3D000 C:\WINDOWS\system32\drivers\RtKHDMI.sys 3723264 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF1EC000 C:\WINDOWS\System32\ati3duag.dll 2990080 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF4C6000 C:\WINDOWS\System32\ativvaxx.dll 2125824 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB51D4000 C:\WINDOWS\system32\DRIVERS\vsc.sys 925696 bytes (Roland, Virtual Sound Canvas 3.2 Driver)
0xB9C32000 tdrpm258.sys 905216 bytes (Acronis, Acronis Try&Decide Volume Filter Driver)
0xBF068000 C:\WINDOWS\System32\ati2cqag.dll 651264 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB9DDD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB9D0F000 timntr.sys 577536 bytes (Acronis, Acronis Backup Archive Explorer)
0xBF107000 C:\WINDOWS\System32\atikvmag.dll 544768 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xA8321000 C:\WINDOWS\System32\Drivers\L6TPortB.sys 536576 bytes (Line 6, GuitarPort WDM Audio Device Driver)
0xA8417000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF18C000 C:\WINDOWS\System32\atiok3x2.dll 393216 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xB5112000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA854A000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA4AAF000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 352256 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA4CB5000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xA4B56000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA3CBE000 C:\WINDOWS\system32\DRIVERS\rt2500usb.sys 245760 bytes (Ralink Technology Inc., Sample Driver for Ralink 802.11g Wireless USB Adapters)
0xA85FE000 C:\WINDOWS\System32\DRIVERS\cmdguard.sys 221184 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0xB518D000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA4D20000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D9C000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA354F000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA8487000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB532D000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA84FC000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA47B7000 C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys 163840 bytes (Roland, Roland VSC Synthesizer Engine)
0xA478F000 C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys 163840 bytes (Roland, Roland VSC Synthesizer Engine)
0xA83F0000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (ALWIL Software, avast! self protection module)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA8524000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9C0D000 snapman.sys 151552 bytes (Acronis, Acronis Snapshot API)
0xA83A4000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA8C19000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB52ED000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB52CA000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA84DA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EBB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB5170000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xB5311000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 114688 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB9BF3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA81B5000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EDB000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9EF3000 SI3112r.sys 98304 bytes (Silicon Image, Inc., Serial ATA RAID miniport driver)
0xA4FF5000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (ALWIL Software, avast! File System Filter Driver for Windows XP)
0xB9E7D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB51BD000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB9E94000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xA4524000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9DC9000 inspect.sys 81920 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xB52B6000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB5355000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA85A3000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9E6A000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EA9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xBA268000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB581B000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB580B000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xA4E05000 C:\WINDOWS\System32\Drivers\DgiVecp.sys 61440 bytes (DeviceGuys, Inc., Windows NT 4.0 IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes)
0xBA198000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA4A6F000 C:\WINDOWS\system32\drivers\npf.sys 61440 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0xBA168000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA4F3D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB57FB000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB57EB000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB57CB000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA258000 C:\WINDOWS\System32\Drivers\STREAM.SYS 49152 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA238000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA308000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB57DB000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA138000 sbp2port.sys 45056 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0xBA1E8000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (ALWIL Software, avast! TDI Filter Driver)
0xB582B000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xA5124000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xB579B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB57BB000 C:\WINDOWS\System32\Drivers\Pcouffin.sys 40960 bytes (VSO Software, Patin-Couffin low level access layer for CD devices)
0xA4857000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xBA128000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xB57AB000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA3973000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA208000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA5134000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA420000 C:\WINDOWS\System32\Drivers\l6dp.sys 32768 bytes (Line 6, Line 6 Device Proxy)
0xBA468000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA478000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 32768 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA408000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA400000 C:\WINDOWS\System32\Drivers\incdrm.SYS 28672 bytes (Ahead Software AG, Ahead MRW Filter Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA498000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (ALWIL Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xBA418000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA410000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA458000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA3F8000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 20480 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0xBA490000 C:\WINDOWS\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xA82D1000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (ALWIL Software, avast! TDI RDR Driver)
0xBA470000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 20480 bytes (COMODO, COMODO Internet Security Helper Driver)
0xBA440000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA390000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xBA460000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA340000 nv_agp.sys 20480 bytes (NVIDIA Corporation, NVIDIA nForce AGP Filter)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA428000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA430000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA338000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA388000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA8BF5000 C:\WINDOWS\system32\ckldrv.sys 16384 bytes
0xA3D9E000 C:\WINDOWS\system32\GTNDIS5.SYS 16384 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 Protocol Driver)
0xA52E8000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xB5A27000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA5180000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB5A43000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA86D4000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xA52E4000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (ALWIL Software, avast! File System Access Blocking Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA4E15000 C:\WINDOWS\system32\drivers\CDAC15BA.SYS 12288 bytes
0xA824D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA4D61000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 12288 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xA4514000 C:\WINDOWS\gdrv.sys 12288 bytes (Windows ® 2000 DDK provider, GIGABYTE Tools)
0xB5A3F000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB510A000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA4BC000 SiWinAcc.sys 12288 bytes (Silicon Image, Inc., Windows Accelerator Driver)
0xA466F000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 12288 bytes
0xB5A57000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA5D2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5DC000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5D0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5E6000 C:\WINDOWS\System32\Drivers\MCSTRM.SYS 8192 bytes (RealNetworks, Inc., RealNetworks Virtual Path Manager®)
0xBA5D4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA658000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5C0000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0xBA5D6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5C8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5CC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6AD000 C:\WINDOWS\system32\drivers\aslm75.sys 4096 bytes
0xBA73B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA73E000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA739000 C:\WINDOWS\system32\DRIVERS\LMImirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0xBA7F4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BA5878 ] TID: 532
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B7F310 ] TID: 536
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89833DA8 ] TID: 624
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897E1560 ] TID: 628, 4194368 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8B6EC030 ] TID: 644
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89BA5DA8 ] TID: 728
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89B89868 ] TID: 744
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CDB710 ] TID: 756
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8B6E9B20 ] TID: 760
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89835DA8 ] TID: 764
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89779DA8 ] TID: 768
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x8982F5B8 ] TID: 772, 8781826 bytes
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89795AD0 ] TID: 776
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89CF8C18 ] TID: 784, 8781826 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B85030 ] TID: 788
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x877901D8 ] TID: 796, 8781829 bytes
0x8055C700 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x89CF7AC8 ] TID: 836
0x8055C700 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x89D0C460 ] TID: 852
0x8055C700 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x89BAEDA8 ] TID: 856
0x8055C700 Faked ServiceTable-->rapimgr.exe [ ETHREAD 0x89422AD0 ] TID: 860, 8781836 bytes
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89EF9A78 ] TID: 868
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89D09468 ] TID: 872, 8781849 bytes
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89D14C18 ] TID: 876
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89D03C18 ] TID: 936
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89CDF6F8 ] TID: 940
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89D066F8 ] TID: 944
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x8B38DB18 ] TID: 948
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89B37DA8 ] TID: 952
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89CF6B20 ] TID: 956
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8AB38630 ] TID: 968
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8AB34030 ] TID: 972
0x8055C700 Faked ServiceTable-->smss.exe [ ETHREAD 0x8AB344B0 ] TID: 976
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89B8B870 ] TID: 980
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89B79C10 ] TID: 984
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89B76880 ] TID: 1156
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89D22DA8 ] TID: 1160
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89DD7A80 ] TID: 1164
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89B57AD0 ] TID: 1168
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89D02960 ] TID: 1172
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89766030 ] TID: 1180
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x8B6C08A0 ] TID: 1184
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89840818 ] TID: 1192
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x892E25E8 ] TID: 1196
0x8055C700 Faked ServiceTable-->MailWasher.exe [ ETHREAD 0x89738548 ] TID: 1240
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x890C2990 ] TID: 1252
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x8B319460 ] TID: 1284
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x89CECDA8 ] TID: 1304
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89C8FAF0 ] TID: 1332, 8781878 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89D77998 ] TID: 1340
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89D6BDA8 ] TID: 1348
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89C5BB48 ] TID: 1376
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89C4B398 ] TID: 1380
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89C28AF0 ] TID: 1384, 3539020 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C1B5E0 ] TID: 1392
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C1B358 ] TID: 1396, 5111881 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C4E8A8 ] TID: 1400, 816576 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C2BB10 ] TID: 1404, 1051000 bytes
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C4EB40 ] TID: 1408
0x8055C700 Faked ServiceTable-->MailWasher.exe [ ETHREAD 0x896655C0 ] TID: 1412
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x897E68A0 ] TID: 1416
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C2BDA8 ] TID: 1420
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C5C360 ] TID: 1440
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C33DA8 ] TID: 1448
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C15838 ] TID: 1460
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89688030 ] TID: 1464
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89CDB460 ] TID: 1480
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89CFE2F0 ] TID: 1488
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89D7BDA8 ] TID: 1504
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89BFD348 ] TID: 1508
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89D84858 ] TID: 1512
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89D80770 ] TID: 1516
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8745CB58 ] TID: 1520
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89BF22F0 ] TID: 1528
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89BDC2F0 ] TID: 1532
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8B6CADA8 ] TID: 1536
0x8055C700 Faked ServiceTable-->rapimgr.exe [ ETHREAD 0x8936FDA8 ] TID: 1540
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89C4B890 ] TID: 1544
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B32DA8 ] TID: 1556
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x87D86230 ] TID: 1560
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x8985BDA8 ] TID: 1568
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8B31C830 ] TID: 1584
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89CDE468 ] TID: 1588
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BE7838 ] TID: 1592, 7077998 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BE75B0 ] TID: 1596
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BD9DA8 ] TID: 1600
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88C75888 ] TID: 1604
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89BD52D0 ] TID: 1612, 34209800 bytes
0x8055C700 Faked ServiceTable-->ati2evxx.exe [ ETHREAD 0x89BF6618 ] TID: 1620
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D1E878 ] TID: 1636
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C0A648 ] TID: 1640, 589827 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C0ADA8 ] TID: 1644, 6553700 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C08A20 ] TID: 1648
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89C14740 ] TID: 1652, 196627 bytes
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x89E3B030 ] TID: 1656
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BCDDA8 ] TID: 1660, 3145776 bytes
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x879A58E8 ] TID: 1700
0x8055C700 Faked ServiceTable-->mbamservice.exe [ ETHREAD 0x88A196A8 ] TID: 1716
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89B3CDA8 ] TID: 1724
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89D0E460 ] TID: 1728
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89D03460 ] TID: 1736
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89BB9DA8 ] TID: 1760, 3801155 bytes
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x89BB1580 ] TID: 1768
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BB8700 ] TID: 1780
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BE0030 ] TID: 1784
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BB1838 ] TID: 1792
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B79988 ] TID: 1796
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89D2DDA8 ] TID: 1800
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89C8B2F0 ] TID: 1808
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89BBF030 ] TID: 1836
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89BF1030 ] TID: 1840
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B2EDA8 ] TID: 1844
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89D04C28 ] TID: 1856
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89BACDA8 ] TID: 1864
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B2D558 ] TID: 1868, 7536686 bytes
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89BB48A0 ] TID: 1872
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89CF6DA8 ] TID: 1876
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89D20888 ] TID: 1880
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89D25B10 ] TID: 1888
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89D22888 ] TID: 1892
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B70AC8 ] TID: 1904
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B9C8A0 ] TID: 1908
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CE3988 ] TID: 1912, 32 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D10468 ] TID: 1916
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BD13A8 ] TID: 1920
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BE8850 ] TID: 1924
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B2F8A0 ] TID: 1928
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89D049A0 ] TID: 1932
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BCE030 ] TID: 1944
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89D04718 ] TID: 1948
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B70DA8 ] TID: 1952
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B05DA8 ] TID: 1956
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B8BDA8 ] TID: 1960
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89D2A558 ] TID: 1964
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89AFE8A0 ] TID: 1972
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B325C8 ] TID: 1976
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B89328 ] TID: 1992, 7012468 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BCADA8 ] TID: 1996
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BEB030 ] TID: 2004
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BDE030 ] TID: 2008
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8780C2F8 ] TID: 2012
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x87CAA030 ] TID: 2032
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BAD878 ] TID: 2036
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B76350 ] TID: 2044
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89B543A0 ] TID: 2076, 3407986 bytes
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x898E4DA8 ] TID: 2104
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x898E8DA8 ] TID: 2108
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B73030 ] TID: 2116
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x898DE8A0 ] TID: 2120
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x89737540 ] TID: 2124
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x8985E628 ] TID: 2132
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x8B6E48A0 ] TID: 2144
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x896F5DA8 ] TID: 2148
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x8B6E4DA8 ] TID: 2156
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89DD2DA8 ] TID: 2180
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898CCDA8 ] TID: 2196
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89D27DA8 ] TID: 2204
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x893A6DA8 ] TID: 2212
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x89749030 ] TID: 2220
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89AF9DA8 ] TID: 2224
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x89E81030 ] TID: 2232
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x898355C0 ] TID: 2244
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x89737AD0 ] TID: 2252
0x8055C700 Faked ServiceTable-->wcescomm.exe [ ETHREAD 0x89372AD0 ] TID: 2264
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x898095F0 ] TID: 2268
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x895EB460 ] TID: 2276
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x898CD8A0 ] TID: 2280
0x8055C700 Faked ServiceTable-->cmdagent.exe [ ETHREAD 0x898BF8A0 ] TID: 2284
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x897915C8 ] TID: 2300
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B7B830 ] TID: 2316
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D1FDA8 ] TID: 2356
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B7CDA8 ] TID: 2360
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898B98A0 ] TID: 2364
0x8055C700 Faked ServiceTable-->schedul2.exe [ ETHREAD 0x898A32D0 ] TID: 2376
0x8055C700 Faked ServiceTable-->schedul2.exe [ ETHREAD 0x8981BDA8 ] TID: 2380
0x8055C700 Faked ServiceTable-->schedul2.exe [ ETHREAD 0x898A45C8 ] TID: 2384
0x8055C700 Faked ServiceTable-->schedul2.exe [ ETHREAD 0x898AC630 ] TID: 2388, 7602273 bytes
0x8055C700 Faked ServiceTable-->schedul2.exe [ ETHREAD 0x89B29AD0 ] TID: 2392
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896BD878 ] TID: 2416
0x8055C700 Faked ServiceTable-->Crypserv.exe [ ETHREAD 0x89B05AE0 ] TID: 2432
0x8055C700 Faked ServiceTable-->sqlwriter.exe [ ETHREAD 0x8B6D78A8 ] TID: 2440
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898B7548 ] TID: 2448
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B675B8 ] TID: 2452
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x89E6B030 ] TID: 2456
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B15618 ] TID: 2460, 663104 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B3E3A0 ] TID: 2476
0x8055C700 Faked ServiceTable-->Crypserv.exe [ ETHREAD 0x89B85DA8 ] TID: 2480
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89802AD0 ] TID: 2488
0x8055C700 Faked ServiceTable-->essvr.exe [ ETHREAD 0x89B05030 ] TID: 2500
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897DD540 ] TID: 2504
0x8055C700 Faked ServiceTable-->FolderSizeSvc.exe [ ETHREAD 0x89802DA8 ] TID: 2516
0x8055C700 Faked ServiceTable-->FolderSizeSvc.exe [ ETHREAD 0x89AFE030 ] TID: 2524
0x8055C700 Faked ServiceTable-->FolderSizeSvc.exe [ ETHREAD 0x898AC030 ] TID: 2528, 6619256 bytes
0x8055C700 Faked ServiceTable-->FolderSizeSvc.exe [ ETHREAD 0x898CD030 ] TID: 2532
0x8055C700 Faked ServiceTable-->FolderSizeSvc.exe [ ETHREAD 0x89B00030 ] TID: 2536
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x88D7D8A8 ] TID: 2540
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8970DAD0 ] TID: 2548
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x89E0CB48 ] TID: 2564
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898413C0 ] TID: 2572
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x895AF030 ] TID: 2640
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x895F6A20 ] TID: 2644, 3014761 bytes
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89814630 ] TID: 2648
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x898155B8 ] TID: 2652
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x8975C3A8 ] TID: 2660
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x897F2DA8 ] TID: 2664
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89616DA8 ] TID: 2700
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x897278A0 ] TID: 2704
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D51DA8 ] TID: 2708
0x8055C700 Faked ServiceTable-->LSSrvc.exe [ ETHREAD 0x89C1A5C0 ] TID: 2712, 5963776 bytes
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x897DCDA8 ] TID: 2728
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8965A5D8 ] TID: 2732
0x8055C700 Faked ServiceTable-->essvr.exe [ ETHREAD 0x89B29DA8 ] TID: 2744
0x8055C700 Faked ServiceTable-->MailWasher.exe [ ETHREAD 0x89081C98 ] TID: 2748
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x89E13B48 ] TID: 2764
0x8055C700 Faked ServiceTable-->essvr.exe [ ETHREAD 0x8B6CE8A0 ] TID: 2780
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8894D958 ] TID: 2800, 7536686 bytes
0x8055C700 Faked ServiceTable-->GoogleCrashHandler.exe [ ETHREAD 0x898B5538 ] TID: 2816, 2949120 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8988F3B8 ] TID: 2820
0x8055C700 Faked ServiceTable-->GoogleCrashHandler.exe [ ETHREAD 0x898B5DA8 ] TID: 2824
0x8055C700 Faked ServiceTable-->GoogleCrashHandler.exe [ ETHREAD 0x89BC1DA8 ] TID: 2828
0x8055C700 Faked ServiceTable-->GoogleCrashHandler.exe [ ETHREAD 0x89C19DA8 ] TID: 2832
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x89803DA8 ] TID: 2840
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x89858DA8 ] TID: 2844
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x89869630 ] TID: 2848
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x896BADA8 ] TID: 2856, 6619256 bytes
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x897DCAD0 ] TID: 2860
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88D5BD20 ] TID: 2864
0x8055C700 Faked ServiceTable-->ramaint.exe [ ETHREAD 0x89DD4DA8 ] TID: 2880
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8972FDA8 ] TID: 2904
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8B6D0430 ] TID: 2908, 7471172 bytes
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89855DA8 ] TID: 2912
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x8B5EE5B8 ] TID: 2916
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x89BCC5D8 ] TID: 2920, 6357104 bytes
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89B588A0 ] TID: 2936
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x8B707540 ] TID: 2940
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x880D0550 ] TID: 2952
0x8055C700 Faked ServiceTable-->LMIGuardian.exe [ ETHREAD 0x89BC45E0 ] TID: 2956
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89620DA8 ] TID: 2964, 19293688 bytes
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x89BC0B18 ] TID: 2976
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x8943E8A0 ] TID: 2980
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x8B6CA5D8 ] TID: 2984
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8B6E08A0 ] TID: 2988
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89624878 ] TID: 2992
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89BA4DA8 ] TID: 3004
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x89C7B8A0 ] TID: 3008
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89757030 ] TID: 3012
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x897DBDA8 ] TID: 3016
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x898DB8A0 ] TID: 3020, 7864368 bytes
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x89BCFDA8 ] TID: 3024
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89731AD0 ] TID: 3028
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x897B85A8 ] TID: 3036, 458761 bytes
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88D5B5C8 ] TID: 3040, 6553646 bytes
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89769618 ] TID: 3048
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x897B3030 ] TID: 3064
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x896ED030 ] TID: 3068
0x8055C700 Faked ServiceTable-->mbamservice.exe [ ETHREAD 0x898DBDA8 ] TID: 3072, 4259909 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BAF5B8 ] TID: 3076
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89B04DA8 ] TID: 3092
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89E29DA8 ] TID: 3100
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8B6DFDA8 ] TID: 3112, 130 bytes
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x89D908A0 ] TID: 3124, 1047136 bytes
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x89D88320 ] TID: 3128
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89C7D5B8 ] TID: 3136
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89D885B8 ] TID: 3140
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89B4EAB8 ] TID: 3144
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89D91DA8 ] TID: 3148
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89B4DDA8 ] TID: 3152
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89D7D5B8 ] TID: 3156
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x898105B8 ] TID: 3160
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89D93DA8 ] TID: 3164, 2097184 bytes
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x897DD030 ] TID: 3172
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x897AD8A0 ] TID: 3176
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89CD38A0 ] TID: 3204
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x897E98A0 ] TID: 3208
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89B4BDA8 ] TID: 3212
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8986BDA8 ] TID: 3220
0x8055C700 Faked ServiceTable-->alg.exe [ ETHREAD 0x897A9DA8 ] TID: 3232
0x8055C700 Faked ServiceTable-->Process Blocker.exe [ ETHREAD 0x89D4A878 ] TID: 3236
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89685DA8 ] TID: 3256
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89656DA8 ] TID: 3260, 3342385 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88B527C8 ] TID: 3264
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8966F5E0 ] TID: 3268
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89780DA8 ] TID: 3276
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89C13DA8 ] TID: 3280
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x898DB5B8 ] TID: 3284
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89B4CDA8 ] TID: 3288
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8986DDA8 ] TID: 3292
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x89D43DA8 ] TID: 3296
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89D4A030 ] TID: 3300
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89BC1030 ] TID: 3304
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8B3FC8A0 ] TID: 3316
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89D4A548 ] TID: 3328
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89D90030 ] TID: 3332, 5439580 bytes
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89D4ADA8 ] TID: 3336
0x8055C700 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x898B05B8 ] TID: 3352
0x8055C700 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x89B33DA8 ] TID: 3356
0x8055C700 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x89B14DA8 ] TID: 3364
0x8055C700 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x8986E5C8 ] TID: 3372
0x8055C700 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x89CD2840 ] TID: 3376
0x8055C700 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x89B13AD0 ] TID: 3380
0x8055C700 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x89B59030 ] TID: 3384
0x8055C700 Faked ServiceTable-->sqlbrowser.exe [ ETHREAD 0x89B4B030 ] TID: 3388
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B61030 ] TID: 3400
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CD1DA8 ] TID: 3420
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898CB878 ] TID: 3424
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B0DDA8 ] TID: 3428
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B1E538 ] TID: 3468
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B49DA8 ] TID: 3476
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898DA5B8 ] TID: 3480
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x897438A0 ] TID: 3484
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x89BE5DA8 ] TID: 3488
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x88CA2030 ] TID: 3496
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x8AAF3030 ] TID: 3500
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x8AAF3568 ] TID: 3504
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x89CCFAC8 ] TID: 3524
0x8055C700 Faked ServiceTable-->smlogsvc.exe [ ETHREAD 0x89D49030 ] TID: 3528
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x892EBDA8 ] TID: 3540
0x8055C700 Faked ServiceTable-->smlogsvc.exe [ ETHREAD 0x89B1A8A0 ] TID: 3544
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8982DDA8 ] TID: 3556
0x8055C700 Faked ServiceTable-->smlogsvc.exe [ ETHREAD 0x897EADA8 ] TID: 3560
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87B672B0 ] TID: 3564
0x8055C700 Faked ServiceTable-->rapimgr.exe [ ETHREAD 0x8941DDA8 ] TID: 3588
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89131958 ] TID: 3596
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89684628 ] TID: 3604
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896779A0 ] TID: 3608
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8918A990 ] TID: 3628
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B61DA8 ] TID: 3632
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8B6ED548 ] TID: 3640
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8970EDA8 ] TID: 3648
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BCD030 ] TID: 3652
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CCF5B8 ] TID: 3656
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898315B8 ] TID: 3660
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8974E470 ] TID: 3664
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BE2DA8 ] TID: 3668
0x8055C700 Faked ServiceTable-->rapimgr.exe [ ETHREAD 0x89419DA8 ] TID: 3672
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89CCEDA8 ] TID: 3676
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89825DA8 ] TID: 3680
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8962BDA8 ] TID: 3692
0x8055C700 Faked ServiceTable-->uphclean.exe [ ETHREAD 0x898305B8 ] TID: 3696
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x8907A200 ] TID: 3716
0x8055C700 Faked ServiceTable-->LogMeIn.exe [ ETHREAD 0x89BFBAF8 ] TID: 3728
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8974B8A0 ] TID: 3732
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B3AB18 ] TID: 3740
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897BE5D0 ] TID: 3776
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x8B318DA8 ] TID: 3784
0x8055C700 Faked ServiceTable-->MailWasher.exe [ ETHREAD 0x897F62B8 ] TID: 3792
0x8055C700 Faked ServiceTable-->TeaTimer.exe [ ETHREAD 0x894415C0 ] TID: 3800
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x88469180 ] TID: 3820
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B0B030 ] TID: 3856
0x8055C700 Faked ServiceTable-->mbamservice.exe [ ETHREAD 0x89E277F0 ] TID: 3888
0x8055C700 Faked ServiceTable-->WLService.exe [ ETHREAD 0x896F75B8 ] TID: 3948
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89865DA8 ] TID: 3952
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896AF2D0 ] TID: 3960
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898D88A8 ] TID: 3964
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89B46938 ] TID: 3976
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89B365C0 ] TID: 3980
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x897F65C0 ] TID: 3988
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897E2DA8 ] TID: 4000
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89619DA8 ] TID: 4056
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x8B6EA030 ] TID: 4060
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x8B6D6030 ] TID: 4064
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x897618A0 ] TID: 4068
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x898735B8 ] TID: 4072
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x897D8DA8 ] TID: 4080
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89651AD0 ] TID: 4084
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x89BE2030 ] TID: 4104
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x89735DA8 ] TID: 4108
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x8975BAD0 ] TID: 4112
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x895CFDA8 ] TID: 4116
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x89608DA8 ] TID: 4120
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x895D1DA8 ] TID: 4124
0x8055C700 Faked ServiceTable-->FolderSizeSvc.exe [ ETHREAD 0x88D003A0 ] TID: 4132
0x8055C700 Faked ServiceTable-->FolderSizeSvc.exe [ ETHREAD 0x88BCD030 ] TID: 4140
0x8055C700 Faked ServiceTable-->FolderSizeSvc.exe [ ETHREAD 0x888F0030 ] TID: 4144
0x8055C700 Faked ServiceTable-->FolderSizeSvc.exe [ ETHREAD 0x88BCB3A0 ] TID: 4164
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88CFA3A0 ] TID: 4172
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x88BBCAF0 ] TID: 4176
0x8055C700 Faked ServiceTable-->WUSB54Gv42.exe [ ETHREAD 0x89636AD8 ] TID: 4204
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x87DD40A0 ] TID: 4288
0x8055C700 Faked ServiceTable-->jqs.exe [ ETHREAD 0x87B1EDA8 ] TID: 4328
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x898D2DA8 ] TID: 4356
0x8055C700 Faked ServiceTable-->MailWasher.exe [ ETHREAD 0x88D3EDA8 ] TID: 4360
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88AB73A0 ] TID: 4372
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88E29030 ] TID: 4376
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88CF93A0 ] TID: 4388
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x8903ADA8 ] TID: 4408
0x8055C700 Faked ServiceTable-->wcescomm.exe [ ETHREAD 0x88EE3030 ] TID: 4424
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88E0E800 ] TID: 4460
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88E0F5D0 ] TID: 4488
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8931FC78 ] TID: 4496
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8739F428 ] TID: 4512
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88D4EDA8 ] TID: 4520
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x87451438 ] TID: 4532
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x874450F0 ] TID: 4592
0x8055C700 Faked ServiceTable-->spoolsv.exe [ ETHREAD 0x87D9C1B8 ] TID: 4596
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x89B88DA8 ] TID: 4648
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x88448B88 ] TID: 4696
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8945CAD8 ] TID: 4712
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88D4B368 ] TID: 4724
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x88FB8DA8 ] TID: 4788
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8988A8F0 ] TID: 4804
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x896BD5C8 ] TID: 4888
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89B09DA8 ] TID: 4900
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8985F628 ] TID: 4924
0x8055C700 Faked ServiceTable-->TeaTimer.exe [ ETHREAD 0x89B59DA8 ] TID: 4928
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x89181720 ] TID: 4936
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x895E08A8 ] TID: 4956
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x88028640 ] TID: 4996
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x89BE2838 ] TID: 5004
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8855B998 ] TID: 5008
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x881D2030 ] TID: 5028
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x895D4DA8 ] TID: 5032
0x8055C700 Faked ServiceTable-->csrss.exe [ ETHREAD 0x89767DA8 ] TID: 5048
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8B6E22C8 ] TID: 5076
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x888075D0 ] TID: 5104
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x89D9E030 ] TID: 5108
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x892EADA8 ] TID: 5120
0x8055C700 Faked ServiceTable-->services.exe [ ETHREAD 0x89734620 ] TID: 5144
0x8055C700 Faked ServiceTable-->mbamservice.exe [ ETHREAD 0x890E38F8 ] TID: 5156
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8740A458 ] TID: 5172
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x88E90B58 ] TID: 5180
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x894976E0 ] TID: 5184
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x895C0540 ] TID: 5208
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x898605B8 ] TID: 5228
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x889EAD00 ] TID: 5248
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x8977C4F0 ] TID: 5260
0x8055C700 Faked ServiceTable-->lsass.exe [ ETHREAD 0x8908DDA8 ] TID: 5296
0x8055C700 Faked ServiceTable-->sqlservr.exe [ ETHREAD 0x88ED9120 ] TID: 5320
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88F70030 ] TID: 5348
0x8055C700 Faked ServiceTable-->MailWasher.exe [ ETHREAD 0x88DB1030 ] TID: 5360
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x88F73328 ] TID: 5364
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x88A6D428 ] TID: 5436
0x8055C700 Faked ServiceTable-->winlogon.exe [ ETHREAD 0x87BF8AE0 ] TID: 5440
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x8959B8B0 ] TID: 5476
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x89460DA8 ] TID: 5480
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x8906D8B0 ] TID: 5488
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88DE3948 ] TID: 5496
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x895B68A0 ] TID: 5508, 4325888 bytes
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x89494AD0 ] TID: 5516
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x89EDEDA8 ] TID: 5524
0x8055C700 Faked ServiceTable-->firefox.exe [ ETHREAD 0x88E36AC8 ] TID: 5564
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x872C2030 ] TID: 5584
0x8055C700 Faked ServiceTable-->AvastSvc.exe [ ETHREAD 0x88E96938 ] TID: 5680
0x8055C700 Faked ServiceTable-->explorer.exe [ ETHREAD 0x895A3030 ] TID: 5708
0x8055C700 Faked ServiceTable-->searchindexer.exe [ ETHREAD 0x897EE8A8 ] TID: 5808
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x89594560 ] TID: 5824
0x8055C700 Faked ServiceTable-->svchost.exe [ ETHREAD 0x88956840 ] TID: 5836
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x89E7F8B0 ] TID: 5864
0x8055C700 Faked ServiceTable-->LMIGuardian.exe [ ETHREAD 0x8959A030 ] TID: 5888
0x8055C700 Faked ServiceTable-->LogMeInSystray.exe [ ETHREAD 0x895915C0 ] TID: 5928
0x8055C700 Faked ServiceTable-->AvastUI.exe [ ETHREAD 0x8946ADA8 ] TID: 5976
0x8055C700 Faked ServiceTable-->mbamgui.exe [ ETHREAD 0x89E305C0 ] TID: 6004
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x8958F5D8 ] TID: 6044
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x894728A0 ] TID: 6056
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x893B5DA8 ] TID: 6060
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x894888A0 ] TID: 6064
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x895A6DA8 ] TID: 6128
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x89E30030 ] TID: 6136
0x8055C700 Faked ServiceTable-->cfp.exe [ ETHREAD 0x895AE030 ] TID: 6140
0xA8275A40 Unknown thread object [ ETHREAD 0x8ABFA030 ] , 600 bytes
0xA8278980 Unknown thread object [ ETHREAD 0x8B6F76F0 ] , 600 bytes
At the end it said "!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)", but it didn't copy it to the report.
Here's the OTL log after the reboot. I'll run OTL again, as you mentioned, and post the log afterwards.
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Application Data
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
User: Music
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: Music.RUSSELL
->Temp folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 131072 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
User: Russell Alexander
->Temp folder emptied: 200978587 bytes
->Java cache emptied: 19153 bytes
->FireFox cache emptied: 40362636 bytes
->Google Chrome cache emptied: 22083002 bytes
->Flash cache emptied: 11213 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6807809 bytes
Session Manager Temp folder emptied: 0 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 37776 bytes
Total Files Cleaned = 258.00 mb
OTL by OldTimer - Version 3.2.7.0 log created on 07302010_113129
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_c0c.dat not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_d78.dat not found!
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
BTW - after reboot, iexplore.exe tried to run again, but was blocked by Process Blocker.
Sign In
Create Account
