 Infected with Adware.SpywareStorm [Desktop Computer], Dr. Web cannot be deleted!! Restoring or Using Computer Disk W |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Dec 9 2009, 02:10 PM
Post
#1
|
|
|
Forum Regular  Group: Members Posts: 341 Joined: 22-July 08 Member No.: 224,432  |
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/4/2009 2:36:24 PM System Uptime: 12/9/2009 10:50:46 AM (0 hours ago) Motherboard: ECS | | Nettle2 Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+ | Socket M2 | 2100/201mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 289 GiB total, 269.4 GiB free. D: is FIXED (NTFS) - 9 GiB total, 1.035 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP2: 12/4/2009 8:47:34 PM - Removed HP Update RP3: 12/4/2009 9:02:44 PM - Removed Snapfish Media Detector RP4: 12/7/2009 6:13:59 PM - Windows Update RP5: 12/9/2009 10:26:46 AM - Windows Update RP6: 12/9/2009 10:55:11 AM - Windows Update ==== Installed Programs ====================== Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player 9 ActiveX Adobe Reader 8 Enhanced Multimedia Keyboard Solution Hardware Diagnostic Tools HP Customer Experience Enhancements HP Customer Feedback HP Easy Setup - Frontend HP On-Screen Cap/Num/Scroll Lock Indicator HP Photosmart Essential 2.0 HP Photosmart Essential2.5 HP Picasso Media Center Add-In HP Total Care Advisor HP Update LightScribe 1.4.142.1 McAfee SecurityCenter Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Works MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee autoProducer 6.0 My HP Games NVIDIA Drivers PSSWCORE Python 2.4.3 RealPlayer Realtek High Definition Audio Driver Rhapsody Rhapsody Player Engine Roxio Activation Module Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Basic v9 Snapfish Media Detector Soft Data Fax Modem with SmartCP ==== Event Viewer Messages From Past Week ======== 12/7/2009 6:46:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 959130-9_neutral_PACKAGE from package KB959130(Update) into Staging(Staging) state 12/7/2009 6:46:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 959130-8_neutral_GDR from package KB959130(Update) into Staging(Staging) state 12/7/2009 6:46:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 959130-7_neutral_LDR from package KB959130(Update) into Staging(Staging) state 12/7/2009 6:46:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 959130-3_neutral_PACKAGE from package KB959130(Update) into Staging(Staging) state 12/7/2009 6:46:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 959130-2_neutral_GDR from package KB959130(Update) into Staging(Staging) state 12/7/2009 6:46:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 959130-14_neutral_PACKAGE from package KB959130(Update) into Staging(Staging) state 12/7/2009 6:46:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 959130-13_neutral_PACKAGE from package KB959130(Update) into Staging(Staging) state 12/7/2009 6:46:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 959130-12_neutral_PACKAGE from package KB959130(Update) into Staging(Staging) state 12/7/2009 6:46:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 959130-10_neutral_PACKAGE from package KB959130(Update) into Staging(Staging) state 12/7/2009 6:46:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 959130-1_neutral_LDR from package KB959130(Update) into Staging(Staging) state 12/7/2009 6:46:30 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB959130 (Update) into Staging(Staging) state 12/7/2009 6:46:09 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 931213-6_RTM_PACKAGE from package KB931213(Security Update) into Staging(Staging) state 12/7/2009 6:46:09 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 931213-5_RTM_PACKAGE from package KB931213(Security Update) into Staging(Staging) state 12/7/2009 6:46:09 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 931213-4_RTM_LDR from package KB931213_1(Security Update) into Staging(Staging) state 12/7/2009 6:46:09 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 931213-3_RTM_GDR from package KB931213_1(Security Update) into Staging(Staging) state 12/7/2009 6:46:09 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 931213-2_RTM_LDR from package KB931213_2(Security Update) into Staging(Staging) state 12/7/2009 6:46:09 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 931213-1_RTM_GDR from package KB931213_2(Security Update) into Staging(Staging) state 12/7/2009 6:46:09 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB931213_2 (Security Update) into Staging(Staging) state 12/7/2009 6:46:09 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB931213_1 (Security Update) into Staging(Staging) state 12/7/2009 6:46:09 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB931213 (Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-6_neutral_PACKAGE from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-5_neutral_GDR from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-41_neutral_PACKAGE from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-40_neutral_PACKAGE from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-4_neutral_LDR from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-39_neutral_PACKAGE from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-38_neutral_PACKAGE from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-37_neutral_PACKAGE from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-35_neutral_PACKAGE from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-32_neutral_PACKAGE from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-29_neutral_PACKAGE from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-24_neutral_PACKAGE from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-23_neutral_GDR from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-22_neutral_LDR from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-15_neutral_PACKAGE from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-14_neutral_GDR from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 970238-13_neutral_LDR from package KB970238(Security Update) into Staging(Staging) state 12/7/2009 6:45:46 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB970238 (Security Update) into Staging(Staging) state 12/7/2009 6:45:21 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 951698-9_neutral_PACKAGE from package KB951698(Security Update) into Staging(Staging) state 12/7/2009 6:45:21 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 951698-8_neutral_GDR from package KB951698(Security Update) into Staging(Staging) state 12/7/2009 6:45:21 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 951698-7_neutral_LDR from package KB951698(Security Update) into Staging(Staging) state 12/7/2009 6:45:21 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 951698-3_neutral_PACKAGE from package KB951698(Security Update) into Staging(Staging) state 12/7/2009 6:45:21 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 951698-2_neutral_GDR from package KB951698(Security Update) into Staging(Staging) state 12/7/2009 6:45:21 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 951698-14_neutral_PACKAGE from package KB951698(Security Update) into Staging(Staging) state 12/7/2009 6:45:21 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 951698-13_neutral_PACKAGE from package KB951698(Security Update) into Staging(Staging) state 12/7/2009 6:45:21 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 951698-12_neutral_PACKAGE from package KB951698(Security Update) into Staging(Staging) state 12/7/2009 6:45:21 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 951698-10_neutral_PACKAGE from package KB951698(Security Update) into Staging(Staging) state 12/7/2009 6:45:21 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 951698-1_neutral_LDR from package KB951698(Security Update) into Staging(Staging) state 12/7/2009 6:45:21 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951698 (Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-31_neutral_PACKAGE from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-30_neutral_PACKAGE from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-3_neutral_PACKAGE from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-29_neutral_PACKAGE from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-28_neutral_PACKAGE from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-25_neutral_PACKAGE from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-22_neutral_PACKAGE from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-21_neutral_PACKAGE from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-20_neutral_GDR from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-2_neutral_GDR from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-19_neutral_LDR from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-12_neutral_PACKAGE from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-11_neutral_GDR from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-10_neutral_LDR from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 975517-1_neutral_LDR from package KB975517(Security Update) into Staging(Staging) state 12/7/2009 6:44:59 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB975517 (Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-6_neutral_PACKAGE from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-5_neutral_GDR from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-4_neutral_LDR from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-36_neutral_PACKAGE from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-35_neutral_PACKAGE from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-34_neutral_PACKAGE from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-33_neutral_PACKAGE from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-32_neutral_PACKAGE from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-29_neutral_PACKAGE from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-26_neutral_PACKAGE from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-24_neutral_PACKAGE from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-23_neutral_GDR from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-22_neutral_LDR from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-15_neutral_PACKAGE from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-14_neutral_GDR from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973565-13_neutral_LDR from package KB973565(Security Update) into Staging(Staging) state 12/7/2009 6:44:04 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973565 (Security Update) into Staging(Staging) state 12/7/2009 6:37:52 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 949939-1_RTM_neutral_GDR from package KB949939(Update) into Staging(Staging) state 12/7/2009 6:37:52 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB949939 (Update) into Staging(Staging) state 12/7/2009 6:37:19 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 925902-4_RTM_GDR from package KB925902(Security Update) into Staging(Staging) state 12/7/2009 6:37:19 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 925902-3_RTM_LDR from package KB925902(Security Update) into Staging(Staging) state 12/7/2009 6:37:19 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 925902-2_RTM_LDR from package KB925902(Security Update) into Staging(Staging) state 12/7/2009 6:37:19 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 925902-1_RTM_GDR from package KB925902(Security Update) into Staging(Staging) state 12/7/2009 6:37:19 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB925902 (Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954459-3_neutral_PACKAGE from package KB954459(Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954459-24_neutral_PACKAGE from package KB954459(Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954459-23_neutral_PACKAGE from package KB954459(Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954459-22_neutral_PACKAGE from package KB954459(Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954459-21_neutral_PACKAGE from package KB954459(Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954459-2_neutral_GDR from package KB954459(Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954459-19_neutral_PACKAGE from package KB954459(Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954459-16_neutral_PACKAGE from package KB954459(Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954459-12_neutral_PACKAGE from package KB954459(Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954459-11_neutral_GDR from package KB954459(Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954459-10_neutral_LDR from package KB954459(Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954459-1_neutral_LDR from package KB954459(Security Update) into Staging(Staging) state 12/7/2009 6:37:08 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954459 (Security Update) into Staging(Staging) state 12/7/2009 6:36:36 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 939159-2_RTM_neutral_LDR from package KB939159(Update) into Staging(Staging) state 12/7/2009 6:36:36 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 939159-1_RTM_neutral_GDR from package KB939159(Update) into Staging(Staging) state 12/7/2009 6:36:36 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB939159 (Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-9_neutral_PACKAGE from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-8_neutral_GDR from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-7_neutral_LDR from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-3_neutral_PACKAGE from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-22_neutral_PACKAGE from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-21_neutral_PACKAGE from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-20_neutral_PACKAGE from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-2_neutral_GDR from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-18_neutral_PACKAGE from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-16_neutral_PACKAGE from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-15_neutral_PACKAGE from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-14_neutral_GDR from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-13_neutral_LDR from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 954155-1_neutral_LDR from package KB954155(Security Update) into Staging(Staging) state 12/7/2009 6:36:26 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954155 (Security Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-84_neutral_GDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-83_neutral_LDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-82_neutral_GDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-81_neutral_LDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-718_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-717_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-716_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-715_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-714_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-713_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-712_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-711_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-710_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-709_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-708_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-707_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-706_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-705_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-704_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-703_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-702_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-701_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-700_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-699_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-698_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-697_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-696_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-695_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-694_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-693_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-692_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-691_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-690_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-689_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-688_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-687_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-686_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-685_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-684_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-683_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-682_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-681_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-620_neutral_GDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-619_neutral_LDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-618_neutral_GDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-617_neutral_LDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-564_neutral_GDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-563_neutral_LDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-562_neutral_GDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-561_neutral_LDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-28_neutral_GDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-27_neutral_LDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-26_neutral_GDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-25_neutral_LDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-181_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-180_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-179_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-178_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-177_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-176_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-175_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-174_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-173_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-172_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-171_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-170_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-169_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-168_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-167_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-166_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-165_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-164_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-163_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-162_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-161_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-160_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-159_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-158_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-157_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-156_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-155_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-154_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-153_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-152_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-151_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-150_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-149_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-148_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-147_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-146_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-145_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1264_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1263_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1262_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1261_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1258_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1255_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1254_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1253_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1252_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1251_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1250_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1249_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1248_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1247_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1246_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1245_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1244_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1243_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1242_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1241_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1240_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1239_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1238_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1237_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1236_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1235_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1234_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1233_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1232_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1231_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1230_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1229_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1228_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1227_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1226_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1225_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1224_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1223_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1222_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1221_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1220_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1219_neutral_PACKAGE from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1158_neutral_GDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1157_neutral_LDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1156_neutral_GDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1155_neutral_LDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1102_neutral_GDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1101_neutral_LDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1100_neutral_GDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 972145-1099_neutral_LDR from package KB972145(Update) into Staging(Staging) state 12/7/2009 6:35:59 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB972145 (Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-9_neutral_PACKAGE from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-8_neutral_GDR from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-7_neutral_LDR from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-6_neutral_PACKAGE from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-5_neutral_GDR from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-4_neutral_LDR from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-3_neutral_PACKAGE from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-2_neutral_GDR from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-13_neutral_PACKAGE from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-12_neutral_PACKAGE from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-11_neutral_PACKAGE from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-10_neutral_PACKAGE from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 973768-1_neutral_LDR from package KB973768(Update) into Staging(Staging) state 12/7/2009 6:29:48 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB973768 (Update) into Staging(Staging) state 12/7/2009 6:18:31 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:31 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state 12/7/2009 6:18:31 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state 12/7/2009 6:18:31 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state 12/7/2009 6:18:31 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state 12/7/2009 6:18:30 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state 12/7/2009 6:10:30 PM, Error: EventLog [6008] - The previous system shutdown at 11:04:51 PM on 12/4/2009 was unexpected. 12/4/2009 7:33:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 12/4/2009 7:33:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/4/2009 7:33:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/4/2009 7:32:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 12/4/2009 7:32:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 12/4/2009 7:32:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 12/4/2009 7:32:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/4/2009 7:32:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/4/2009 7:31:56 PM, Error: EventLog [6008] - The previous system shutdown at 7:30:32 PM on 12/4/2009 was unexpected. 12/4/2009 7:31:34 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 9, function 0. Please contact your system vendor for technical assistance. 12/4/2009 7:31:34 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0. Please contact your system vendor for technical assistance. 12/4/2009 7:31:34 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 11, function 0. Please contact your system vendor for technical assistance. 12/4/2009 10:19:51 PM, Error: EventLog [6008] - The previous system shutdown at 10:18:15 PM on 12/4/2009 was unexpected. ==== End Of File =========================== DDS (Ver_09-12-01.01) - NTFSx86 Run by Go to Hell at 10:57:23.54 on Wed 12/09/2009 Internet Explorer: 7.0.6000.16386 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1044 [GMT -8:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\hp\kbd\kbd.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Go to Hell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E40GISIZ\dds[1].scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.att.net/ mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KbdStub.EXE mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [<NO NAME>] mRun: [SnapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide mRunOnce: [PCDrProfiler] c:\program files\pc-doctor 5 for windows\RunProfiler.exe -r mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-4 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-4 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-4 40552] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-4 34248] =============== Created Last 30 ================ 2009-12-09 18:45:15 441856 ----a-w- c:\windows\system32\win32spl.dll 2009-12-09 18:45:15 37376 ----a-w- c:\windows\system32\printcom.dll 2009-12-09 18:44:55 2031104 ----a-w- c:\windows\system32\win32k.sys 2009-12-09 18:44:34 14848 ----a-w- c:\windows\system32\wshrm.dll 2009-12-09 18:44:34 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2009-12-09 18:44:09 43520 ----a-w- c:\windows\system32\msdxm.tlb 2009-12-09 18:44:09 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-12-09 18:44:09 18432 ----a-w- c:\windows\system32\amcompat.tlb 2009-12-09 18:43:32 11776 ----a-w- c:\windows\system32\sbunattend.exe 2009-12-09 18:43:12 558080 ----a-w- c:\windows\system32\oleaut32.dll 2009-12-09 18:42:57 290304 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-09 18:42:42 84480 ----a-w- c:\windows\system32\dnsrslvr.dll 2009-12-09 18:42:42 24576 ----a-w- c:\windows\system32\dnscacheugc.exe 2009-12-09 18:42:14 269824 ----a-w- c:\windows\system32\schannel.dll 2009-12-09 18:41:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-12-09 18:41:43 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-12-09 18:41:43 1686528 ----a-w- c:\windows\system32\gameux.dll 2009-12-09 18:41:05 98816 ----a-w- c:\windows\system32\mfps.dll 2009-12-09 18:41:05 52736 ----a-w- c:\windows\system32\rrinstaller.exe 2009-12-09 18:41:05 2855424 ----a-w- c:\windows\system32\mf.dll 2009-12-09 18:41:05 24576 ----a-w- c:\windows\system32\mfpmp.exe 2009-12-09 18:41:05 2048 ----a-w- c:\windows\system32\mferror.dll 2009-12-09 18:41:04 996352 ----a-w- c:\windows\system32\WMNetMgr.dll 2009-12-09 18:41:04 94720 ----a-w- c:\windows\system32\logagent.exe 2009-12-09 18:40:43 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-09 18:40:43 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2009-12-09 18:40:43 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-09 18:39:57 84480 ----a-w- c:\windows\system32\INETRES.dll 2009-12-09 18:39:57 737792 ----a-w- c:\windows\system32\inetcomm.dll 2009-12-09 18:39:30 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-12-09 18:39:05 1645568 ----a-w- c:\windows\system32\connect.dll 2009-12-09 18:38:48 5120 ----a-w- c:\windows\system32\wmi.dll 2009-12-09 18:38:48 152576 ----a-w- c:\windows\system32\imagehlp.dll 2009-12-09 18:38:48 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2009-12-09 18:38:03 788992 ----a-w- c:\windows\system32\rpcrt4.dll 2009-12-09 18:37:46 1327104 ----a-w- c:\windows\system32\quartz.dll 2009-12-09 18:36:35 130048 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-12-09 18:35:55 321536 ----a-w- c:\windows\system32\WSDApi.dll 2009-12-09 18:35:38 99840 ----a-w- c:\windows\system32\poqexec.exe 2009-12-09 18:35:13 0 d-----w- c:\program files\MSXML 4.0 2009-12-09 18:34:27 633856 ----a-w- c:\windows\system32\user32.dll 2009-12-09 18:34:13 2048 ----a-w- c:\windows\system32\msxml6r.dll 2009-12-09 18:34:13 1341440 ----a-w- c:\windows\system32\msxml6.dll 2009-12-09 18:33:27 750080 ----a-w- c:\windows\system32\qmgr.dll 2009-12-09 18:33:17 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-12-09 18:32:33 8147968 ----a-w- c:\windows\system32\wmploc.DLL 2009-12-09 18:32:32 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-12-09 18:32:32 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-12-09 18:32:31 4096 ----a-w- c:\windows\system32\msdxm.ocx 2009-12-09 18:32:29 311296 ----a-w- c:\windows\system32\unregmp2.exe 2009-12-08 02:16:43 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-12-08 02:15:03 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-12-08 02:15:03 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-12-05 05:02:02 6644 ----a-w- c:\windows\system32\Config.MPF 2009-12-05 05:01:42 0 d-----w- c:\programdata\SiteAdvisor 2009-12-05 04:59:53 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-12-05 04:59:53 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-12-05 04:59:53 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-12-05 04:59:46 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-12-05 04:59:13 0 d-----w- c:\program files\common files\McAfee 2009-12-05 04:59:10 0 d-----w- c:\program files\McAfee.com 2009-12-05 04:59:06 0 d-----w- c:\program files\McAfee 2009-12-05 04:55:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-12-05 04:42:19 0 d-----w- c:\programdata\McAfee 2009-12-04 23:36:26 0 d-----w- c:\programdata\Hewlett-Packard 2009-12-04 23:32:54 0 d-----w- c:\windows\SMINST 2009-12-04 23:27:16 0 d-----w- c:\programdata\Symantec 2009-12-04 23:27:03 0 d-----w- c:\program files\common files\Symantec Shared 2009-12-04 23:25:45 0 d-----w- c:\program files\Yahoo! 2009-12-04 23:24:01 0 d-----w- c:\program files\Online Services 2009-12-04 23:24:01 0 d-----w- c:\program files\earthlink totalaccess 2009-12-04 23:21:33 0 d-----w- c:\programdata\PC-Doctor 2009-12-04 23:21:07 0 d-----w- c:\program files\PC-Doctor 5 for Windows 2009-12-04 23:19:21 0 d-----w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1} 2009-12-04 23:19:14 0 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites 2009-12-04 23:18:42 32592 ----a-w- c:\windows\system32\msonpmon.dll 2009-12-04 23:17:58 0 d-----w- c:\windows\PCHEALTH 2009-12-04 23:16:52 0 d-----w- c:\programdata\Microsoft Help 2009-12-04 23:14:57 0 d-----w- c:\program files\Snapfish Media Detector 2009-12-04 23:14:20 0 d-----w- c:\programdata\Adobe 2009-12-04 23:13:10 0 d-----w- c:\program files\muvee Technologies 2009-12-04 23:13:09 0 d-----w- c:\program files\common files\muvee Technologies 2009-12-04 23:13:08 0 d-----w- c:\programdata\muvee Technologies 2009-12-04 23:12:42 0 d-----w- c:\program files\common files\xing shared 2009-12-04 23:12:34 0 d-----w- c:\program files\common files\Real 2009-12-04 23:11:44 0 d-----w- c:\program files\Rhapsody 2009-12-04 23:11:01 0 d---a-w- c:\program files\common files\LS Getting Started 2009-12-04 23:10:53 0 d-----w- c:\program files\common files\SureThing Shared 2009-12-04 23:09:40 0 d-----w- c:\programdata\Sonic 2009-12-04 23:09:21 0 d-----w- c:\program files\common files\PX Storage Engine 2009-12-04 23:08:50 0 d-----w- c:\programdata\Roxio 2009-12-04 23:08:49 0 d-----w- c:\program files\common files\Sonic Shared 2009-12-04 23:08:48 0 d-----w- c:\program files\Roxio 2009-12-04 23:02:47 0 d-----w- c:\program files\common files\HP 2009-12-04 23:02:46 0 d-----w- c:\program files\HP 2009-12-04 23:02:16 103521 ----a-w- c:\windows\hpqins13.dat 2009-12-04 23:02:13 0 d-----w- c:\programdata\HP 2009-12-04 22:57:09 0 d-----w- c:\programdata\WildTangent 2009-12-04 22:57:09 0 d-----w- c:\program files\HP Games 2009-12-04 22:52:53 0 d-----w- c:\program files\Realtek 2009-12-04 22:50:39 2379776 ----a-w- c:\windows\system32\nvwssr.dll 2009-12-04 22:49:47 414208 ----a-w- c:\windows\system32\msscp.dll 2009-12-04 22:49:26 146944 ----a-w- c:\windows\system32\MMDevAPI.dll 2009-12-04 22:48:10 135680 ----a-w- c:\windows\system32\wusa.exe 2009-12-04 22:47:51 974336 ----a-w- c:\windows\system32\crypt32.dll 2009-12-04 22:47:31 104448 ----a-w- c:\windows\system32\DWWIN.EXE 2009-12-04 22:47:13 74752 ----a-w- c:\windows\system32\drivers\rasl2tp.sys 2009-12-04 22:47:13 60928 ----a-w- c:\windows\system32\drivers\raspptp.sys 2009-12-04 22:46:31 229888 ----a-w- c:\windows\system32\msshsq.dll 2009-12-04 22:46:09 80896 ----a-w- c:\windows\system32\MSNP.ax 2009-12-04 22:46:08 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax 2009-12-04 22:46:08 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2009-12-04 22:46:08 292352 ----a-w- c:\windows\system32\psisdecd.dll 2009-12-04 22:46:08 218624 ----a-w- c:\windows\system32\psisrndr.ax 2009-12-04 22:44:39 8704 ----a-w- c:\windows\system32\hccoin.dll 2009-12-04 22:44:39 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-12-04 22:44:39 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2009-12-04 22:44:39 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys 2009-12-04 22:44:39 223744 ----a-w- c:\windows\system32\drivers\usbport.sys 2009-12-04 22:44:39 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys 2009-12-04 22:44:39 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys 2009-12-04 22:44:04 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys 2009-12-04 22:43:46 61440 ------w- c:\windows\system32\OsdRemove.exe 2009-12-04 22:43:05 48760 ----a-w- c:\windows\system32\RUNCLOSE.OCX 2009-12-04 22:43:05 19072 ----a-w- c:\windows\system32\drivers\PS2.sys 2009-12-04 22:42:28 253952 ----a-w- c:\windows\system32\cPC_DMIRD.dll 2009-12-04 22:40:37 327680 ----a-w- c:\windows\system32\pythoncom24.dll 2009-12-04 22:40:37 102400 ----a-w- c:\windows\system32\pywintypes24.dll 2009-12-04 22:40:23 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-12-04 22:40:23 1060864 ----a-w- c:\windows\system32\mfc71.dll 2009-12-04 22:40:03 0 d-sh--w- c:\windows\Installer 2009-12-04 22:33:08 0 d-----w- c:\program files\CONEXANT 2009-12-04 22:28:55 0 d--h--w- C:\hp 2009-12-04 22:28:46 94208 ----a-w- c:\windows\system32\mdmxsdk.dll 2009-12-04 22:28:46 172032 ----a-w- c:\windows\system32\UCI32m15.dll 2009-12-04 22:28:46 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys 2009-12-04 22:28:27 352768 ----a-w- c:\windows\system32\idecoiins.dll 2009-12-04 22:28:27 352768 ----a-w- c:\windows\system32\idecoi.dll 2009-12-04 22:28:27 101672 ----a-w- c:\windows\system32\drivers\nvstor32.sys 2009-12-04 22:28:16 0 d-----w- c:\windows\system32\OEM 2009-12-04 22:28:16 0 d-----w- c:\windows\Panther 2009-12-04 22:28:03 8192 --s-a-r- C:\BOOTSECT.BAK 2009-12-04 22:28:01 438840 --sha-r- C:\bootmgr 2009-12-04 22:28:01 0 d-sh--w- C:\Boot ==================== Find3M ==================== 2009-12-09 18:51:52 86016 ----a-w- c:\windows\inf\infstrng.dat 2009-12-09 18:51:52 86016 ----a-w- c:\windows\inf\infstor.dat 2009-12-09 18:51:52 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-12-09 18:51:52 51200 ----a-w- c:\windows\inf\infpub.dat 2009-12-04 22:52:55 319456 ----a-w- c:\windows\DIFxAPI.dll 2009-12-04 22:52:53 315392 ----a-w- c:\windows\HideWin.exe 2009-12-04 22:48:47 356576 ----a-w- c:\windows\fonts\monbaiti.ttf 2009-12-04 22:46:52 160872 ----a-w- c:\windows\system32\halmacpi.dll 2009-12-04 22:46:52 134760 ----a-w- c:\windows\system32\halacpi.dll 2009-11-05 00:54:12 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2006-11-02 12:50:50 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 10:58:46.82 =============== SlgClientServicesRedists.exe\data002;C:\Program Files\HP Games\Cake Mania\SlgClientServicesRedists.exe;Adware.SpywareStorm;; SlgClientServicesRedists.exe;C:\Program Files\HP Games\Cake Mania;Archive contains infected objects;; Setup.exe\data053;C:\Program Files\Online Services\Netscape_ca\Setup.exe;Trojan.MulDrop.origin;; Setup.exe;C:\Program Files\Online Services\Netscape_ca;Archive contains infected objects;; cakemania-setup.exe/data032\data002;D:\hp\apps\APP04310\src\install\games\cakemania-setup.exe/data032;Adware.SpywareStorm;; data032;D:\hp\apps\APP04310\src\install\games;Archive contains infected objects;; cakemania-setup.exe;D:\hp\apps\APP04310\src\install\games;Archive contains infected objects;; SlgClientServicesRedists.exe\data002;C:\Program Files\HP Games\Cake Mania\SlgClientServicesRedists.exe;Adware.SpywareStorm;; SlgClientServicesRedists.exe;C:\Program Files\HP Games\Cake Mania;Archive contains infected objects;Cannot delete.; Setup.exe\data053;C:\Program Files\Online Services\Netscape_ca\Setup.exe;Trojan.MulDrop.origin;; Setup.exe;C:\Program Files\Online Services\Netscape_ca;Archive contains infected objects;Cannot delete.; cakemania-setup.exe/data032\data002;D:\hp\apps\APP04310\src\install\games\cakemania-setup.exe/data032;Adware.SpywareStorm;; data032;D:\hp\apps\APP04310\src\install\games;Archive contains infected objects;; cakemania-setup.exe;D:\hp\apps\APP04310\src\install\games;Archive contains infected objects;Cannot delete.; This post has been edited by kymberly: Dec 9 2009, 02:32 PM |
 |
 
|
|
Dec 21 2009, 05:23 PM
Post
#2
|
|
 Bleeping Cookie Group: Malware Study Hall Senior Posts: 1,873 Joined: 15-October 08 From: I don't know. Member No.: 246,867 |
Hello and welcome to Bleeping Computer
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:
Information on A/V control HERE Elle -------------------- |
|
|
|
|
Dec 23 2009, 07:36 PM
Post
#3
|
|
|
Forum Regular Group: Members Posts: 341 Joined: 22-July 08 Member No.: 224,432 |
DDS (Ver_09-12-01.01) - NTFSx86
Run by Go to Hell at 16:32:59.34 on Wed 12/23/2009 Internet Explorer: 7.0.6000.16386 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1001 [GMT -8:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SMINST\remind.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\hp\kbd\kbd.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wuauclt.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Go to Hell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E40GISIZ\dds[2].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.att.net/ mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KbdStub.EXE mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [<NO NAME>] mRun: [SnapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide mRunOnce: [PCDrProfiler] c:\program files\pc-doctor 5 for windows\RunProfiler.exe -r mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-4 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-4 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-4 40552] R3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-4 34248] =============== Created Last 30 ================ 2009-12-09 19:00:53 0 ----a-w- c:\users\go to hell\settings.dat 2009-12-09 18:57:33 123904 ----a-w- c:\windows\system32\L2SecHC.dll 2009-12-09 18:57:32 67584 ----a-w- c:\windows\system32\wlanhlp.dll 2009-12-09 18:57:32 47104 ----a-w- c:\windows\system32\wlanapi.dll 2009-12-09 18:57:32 1657350 ----a-w- c:\windows\system32\wlan.tmf 2009-12-09 18:57:32 12876 ----a-w- c:\windows\system32\wbem\wlan.mof 2009-12-09 18:57:31 502272 ----a-w- c:\windows\system32\wlansvc.dll 2009-12-09 18:57:31 297984 ----a-w- c:\windows\system32\wlansec.dll 2009-12-09 18:57:31 290816 ----a-w- c:\windows\system32\wlanmsm.dll 2009-12-09 18:56:01 2923520 ----a-w- c:\windows\explorer.exe 2009-12-09 18:45:15 441856 ----a-w- c:\windows\system32\win32spl.dll 2009-12-09 18:45:15 37376 ----a-w- c:\windows\system32\printcom.dll 2009-12-09 18:44:55 2031104 ----a-w- c:\windows\system32\win32k.sys 2009-12-09 18:44:34 14848 ----a-w- c:\windows\system32\wshrm.dll 2009-12-09 18:44:34 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2009-12-09 18:44:09 43520 ----a-w- c:\windows\system32\msdxm.tlb 2009-12-09 18:44:09 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-12-09 18:44:09 18432 ----a-w- c:\windows\system32\amcompat.tlb 2009-12-09 18:43:32 11776 ----a-w- c:\windows\system32\sbunattend.exe 2009-12-09 18:43:12 558080 ----a-w- c:\windows\system32\oleaut32.dll 2009-12-09 18:42:57 290304 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-09 18:42:42 84480 ----a-w- c:\windows\system32\dnsrslvr.dll 2009-12-09 18:42:42 24576 ----a-w- c:\windows\system32\dnscacheugc.exe 2009-12-09 18:42:14 269824 ----a-w- c:\windows\system32\schannel.dll 2009-12-09 18:41:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-12-09 18:41:43 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-12-09 18:41:43 1686528 ----a-w- c:\windows\system32\gameux.dll 2009-12-09 18:41:05 98816 ----a-w- c:\windows\system32\mfps.dll 2009-12-09 18:41:05 52736 ----a-w- c:\windows\system32\rrinstaller.exe 2009-12-09 18:41:05 2855424 ----a-w- c:\windows\system32\mf.dll 2009-12-09 18:41:05 24576 ----a-w- c:\windows\system32\mfpmp.exe 2009-12-09 18:41:05 2048 ----a-w- c:\windows\system32\mferror.dll 2009-12-09 18:41:04 996352 ----a-w- c:\windows\system32\WMNetMgr.dll 2009-12-09 18:41:04 94720 ----a-w- c:\windows\system32\logagent.exe 2009-12-09 18:40:43 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-09 18:40:43 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2009-12-09 18:40:43 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-09 18:39:57 84480 ----a-w- c:\windows\system32\INETRES.dll 2009-12-09 18:39:57 737792 ----a-w- c:\windows\system32\inetcomm.dll 2009-12-09 18:39:30 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-12-09 18:39:05 1645568 ----a-w- c:\windows\system32\connect.dll 2009-12-09 18:38:48 5120 ----a-w- c:\windows\system32\wmi.dll 2009-12-09 18:38:48 152576 ----a-w- c:\windows\system32\imagehlp.dll 2009-12-09 18:38:48 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2009-12-09 18:38:03 788992 ----a-w- c:\windows\system32\rpcrt4.dll 2009-12-09 18:37:46 1327104 ----a-w- c:\windows\system32\quartz.dll 2009-12-09 18:36:35 130048 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-12-09 18:35:55 321536 ----a-w- c:\windows\system32\WSDApi.dll 2009-12-09 18:35:38 99840 ----a-w- c:\windows\system32\poqexec.exe 2009-12-09 18:35:13 0 d-----w- c:\program files\MSXML 4.0 2009-12-09 18:34:27 633856 ----a-w- c:\windows\system32\user32.dll 2009-12-09 18:34:13 2048 ----a-w- c:\windows\system32\msxml6r.dll 2009-12-09 18:34:13 1341440 ----a-w- c:\windows\system32\msxml6.dll 2009-12-09 18:33:27 750080 ----a-w- c:\windows\system32\qmgr.dll 2009-12-09 18:33:17 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-12-09 18:32:33 8147968 ----a-w- c:\windows\system32\wmploc.DLL 2009-12-09 18:32:32 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-12-09 18:32:32 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-12-09 18:32:31 4096 ----a-w- c:\windows\system32\msdxm.ocx 2009-12-09 18:32:29 311296 ----a-w- c:\windows\system32\unregmp2.exe 2009-12-08 02:16:43 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-12-08 02:15:03 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-12-08 02:15:03 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-12-05 05:02:02 6978 ----a-w- c:\windows\system32\Config.MPF 2009-12-05 05:01:42 0 d-----w- c:\programdata\SiteAdvisor 2009-12-05 04:59:53 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-12-05 04:59:53 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-12-05 04:59:53 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-12-05 04:59:46 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-12-05 04:59:13 0 d-----w- c:\program files\common files\McAfee 2009-12-05 04:59:10 0 d-----w- c:\program files\McAfee.com 2009-12-05 04:59:06 0 d-----w- c:\program files\McAfee 2009-12-05 04:55:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-12-05 04:42:19 0 d-----w- c:\programdata\McAfee 2009-12-04 23:36:26 0 d-----w- c:\programdata\Hewlett-Packard 2009-12-04 23:32:54 0 d-----w- c:\windows\SMINST 2009-12-04 23:27:16 0 d-----w- c:\programdata\Symantec 2009-12-04 23:27:03 0 d-----w- c:\program files\common files\Symantec Shared 2009-12-04 23:25:45 0 d-----w- c:\program files\Yahoo! 2009-12-04 23:24:01 0 d-----w- c:\program files\Online Services 2009-12-04 23:24:01 0 d-----w- c:\program files\earthlink totalaccess 2009-12-04 23:21:33 0 d-----w- c:\programdata\PC-Doctor 2009-12-04 23:21:07 0 d-----w- c:\program files\PC-Doctor 5 for Windows 2009-12-04 23:19:21 0 d-----w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1} 2009-12-04 23:19:14 0 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites 2009-12-04 23:18:42 32592 ----a-w- c:\windows\system32\msonpmon.dll 2009-12-04 23:17:58 0 d-----w- c:\windows\PCHEALTH 2009-12-04 23:16:52 0 d-----w- c:\programdata\Microsoft Help 2009-12-04 23:14:57 0 d-----w- c:\program files\Snapfish Media Detector 2009-12-04 23:14:20 0 d-----w- c:\programdata\Adobe 2009-12-04 23:13:10 0 d-----w- c:\program files\muvee Technologies 2009-12-04 23:13:09 0 d-----w- c:\program files\common files\muvee Technologies 2009-12-04 23:13:08 0 d-----w- c:\programdata\muvee Technologies 2009-12-04 23:12:42 0 d-----w- c:\program files\common files\xing shared 2009-12-04 23:12:34 0 d-----w- c:\program files\common files\Real 2009-12-04 23:11:44 0 d-----w- c:\program files\Rhapsody 2009-12-04 23:11:01 0 d---a-w- c:\program files\common files\LS Getting Started 2009-12-04 23:10:53 0 d-----w- c:\program files\common files\SureThing Shared 2009-12-04 23:09:40 0 d-----w- c:\programdata\Sonic 2009-12-04 23:09:21 0 d-----w- c:\program files\common files\PX Storage Engine 2009-12-04 23:08:50 0 d-----w- c:\programdata\Roxio 2009-12-04 23:08:49 0 d-----w- c:\program files\common files\Sonic Shared 2009-12-04 23:08:48 0 d-----w- c:\program files\Roxio 2009-12-04 23:02:47 0 d-----w- c:\program files\common files\HP 2009-12-04 23:02:46 0 d-----w- c:\program files\HP 2009-12-04 23:02:16 103521 ----a-w- c:\windows\hpqins13.dat 2009-12-04 23:02:13 0 d-----w- c:\programdata\HP 2009-12-04 22:57:09 0 d-----w- c:\programdata\WildTangent 2009-12-04 22:57:09 0 d-----w- c:\program files\HP Games 2009-12-04 22:52:53 0 d-----w- c:\program files\Realtek 2009-12-04 22:50:39 2379776 ----a-w- c:\windows\system32\nvwssr.dll 2009-12-04 22:49:47 414208 ----a-w- c:\windows\system32\msscp.dll 2009-12-04 22:49:26 146944 ----a-w- c:\windows\system32\MMDevAPI.dll 2009-12-04 22:48:10 135680 ----a-w- c:\windows\system32\wusa.exe 2009-12-04 22:47:51 974336 ----a-w- c:\windows\system32\crypt32.dll 2009-12-04 22:47:31 104448 ----a-w- c:\windows\system32\DWWIN.EXE 2009-12-04 22:47:13 74752 ----a-w- c:\windows\system32\drivers\rasl2tp.sys 2009-12-04 22:47:13 60928 ----a-w- c:\windows\system32\drivers\raspptp.sys 2009-12-04 22:46:31 229888 ----a-w- c:\windows\system32\msshsq.dll 2009-12-04 22:46:09 80896 ----a-w- c:\windows\system32\MSNP.ax 2009-12-04 22:46:08 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax 2009-12-04 22:46:08 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2009-12-04 22:46:08 292352 ----a-w- c:\windows\system32\psisdecd.dll 2009-12-04 22:46:08 218624 ----a-w- c:\windows\system32\psisrndr.ax 2009-12-04 22:44:39 8704 ----a-w- c:\windows\system32\hccoin.dll 2009-12-04 22:44:39 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-12-04 22:44:39 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2009-12-04 22:44:39 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys 2009-12-04 22:44:39 223744 ----a-w- c:\windows\system32\drivers\usbport.sys 2009-12-04 22:44:39 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys 2009-12-04 22:44:39 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys 2009-12-04 22:44:04 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys 2009-12-04 22:43:46 61440 ------w- c:\windows\system32\OsdRemove.exe 2009-12-04 22:43:05 48760 ----a-w- c:\windows\system32\RUNCLOSE.OCX 2009-12-04 22:43:05 19072 ----a-w- c:\windows\system32\drivers\PS2.sys 2009-12-04 22:42:28 253952 ----a-w- c:\windows\system32\cPC_DMIRD.dll 2009-12-04 22:40:37 327680 ----a-w- c:\windows\system32\pythoncom24.dll 2009-12-04 22:40:37 102400 ----a-w- c:\windows\system32\pywintypes24.dll 2009-12-04 22:40:23 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-12-04 22:40:23 1060864 ----a-w- c:\windows\system32\mfc71.dll 2009-12-04 22:40:03 0 d-sh--w- c:\windows\Installer 2009-12-04 22:33:08 0 d-----w- c:\program files\CONEXANT 2009-12-04 22:28:55 0 d--h--w- C:\hp 2009-12-04 22:28:46 94208 ----a-w- c:\windows\system32\mdmxsdk.dll 2009-12-04 22:28:46 172032 ----a-w- c:\windows\system32\UCI32m15.dll 2009-12-04 22:28:46 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys 2009-12-04 22:28:27 352768 ----a-w- c:\windows\system32\idecoiins.dll 2009-12-04 22:28:27 352768 ----a-w- c:\windows\system32\idecoi.dll 2009-12-04 22:28:27 101672 ----a-w- c:\windows\system32\drivers\nvstor32.sys 2009-12-04 22:28:16 0 d-----w- c:\windows\system32\OEM 2009-12-04 22:28:16 0 d-----w- c:\windows\Panther 2009-12-04 22:28:03 8192 --s-a-r- C:\BOOTSECT.BAK 2009-12-04 22:28:01 438840 --sha-r- C:\bootmgr 2009-12-04 22:28:01 0 d-sh--w- C:\Boot ==================== Find3M ==================== 2009-12-09 18:51:52 86016 ----a-w- c:\windows\inf\infstrng.dat 2009-12-09 18:51:52 86016 ----a-w- c:\windows\inf\infstor.dat 2009-12-09 18:51:52 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-12-09 18:51:52 51200 ----a-w- c:\windows\inf\infpub.dat 2009-12-04 22:52:55 319456 ----a-w- c:\windows\DIFxAPI.dll 2009-12-04 22:52:53 315392 ----a-w- c:\windows\HideWin.exe 2009-12-04 22:48:47 356576 ----a-w- c:\windows\fonts\monbaiti.ttf 2009-12-04 22:46:52 160872 ----a-w- c:\windows\system32\halmacpi.dll 2009-12-04 22:46:52 134760 ----a-w- c:\windows\system32\halacpi.dll 2009-11-05 00:54:12 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2006-11-02 12:50:50 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 16:33:42.11 =============== DDS (Ver_09-12-01.01) - NTFSx86 Run by Go to Hell at 16:32:59.34 on Wed 12/23/2009 Internet Explorer: 7.0.6000.16386 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1001 [GMT -8:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SMINST\remind.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\hp\kbd\kbd.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wuauclt.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Go to Hell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E40GISIZ\dds[2].scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.att.net/ mStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://www.yahoo.com BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe mRun: [KBD] c:\hp\kbd\KbdStub.EXE mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe" mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [<NO NAME>] mRun: [SnapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide mRunOnce: [PCDrProfiler] c:\program files\pc-doctor 5 for windows\RunProfiler.exe -r mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-4 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-4 35272] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-4 40552] R3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-4 34248] =============== Created Last 30 ================ 2009-12-09 19:00:53 0 ----a-w- c:\users\go to hell\settings.dat 2009-12-09 18:57:33 123904 ----a-w- c:\windows\system32\L2SecHC.dll 2009-12-09 18:57:32 67584 ----a-w- c:\windows\system32\wlanhlp.dll 2009-12-09 18:57:32 47104 ----a-w- c:\windows\system32\wlanapi.dll 2009-12-09 18:57:32 1657350 ----a-w- c:\windows\system32\wlan.tmf 2009-12-09 18:57:32 12876 ----a-w- c:\windows\system32\wbem\wlan.mof 2009-12-09 18:57:31 502272 ----a-w- c:\windows\system32\wlansvc.dll 2009-12-09 18:57:31 297984 ----a-w- c:\windows\system32\wlansec.dll 2009-12-09 18:57:31 290816 ----a-w- c:\windows\system32\wlanmsm.dll 2009-12-09 18:56:01 2923520 ----a-w- c:\windows\explorer.exe 2009-12-09 18:45:15 441856 ----a-w- c:\windows\system32\win32spl.dll 2009-12-09 18:45:15 37376 ----a-w- c:\windows\system32\printcom.dll 2009-12-09 18:44:55 2031104 ----a-w- c:\windows\system32\win32k.sys 2009-12-09 18:44:34 14848 ----a-w- c:\windows\system32\wshrm.dll 2009-12-09 18:44:34 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2009-12-09 18:44:09 43520 ----a-w- c:\windows\system32\msdxm.tlb 2009-12-09 18:44:09 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-12-09 18:44:09 18432 ----a-w- c:\windows\system32\amcompat.tlb 2009-12-09 18:43:32 11776 ----a-w- c:\windows\system32\sbunattend.exe 2009-12-09 18:43:12 558080 ----a-w- c:\windows\system32\oleaut32.dll 2009-12-09 18:42:57 290304 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-09 18:42:42 84480 ----a-w- c:\windows\system32\dnsrslvr.dll 2009-12-09 18:42:42 24576 ----a-w- c:\windows\system32\dnscacheugc.exe 2009-12-09 18:42:14 269824 ----a-w- c:\windows\system32\schannel.dll 2009-12-09 18:41:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-12-09 18:41:43 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-12-09 18:41:43 1686528 ----a-w- c:\windows\system32\gameux.dll 2009-12-09 18:41:05 98816 ----a-w- c:\windows\system32\mfps.dll 2009-12-09 18:41:05 52736 ----a-w- c:\windows\system32\rrinstaller.exe 2009-12-09 18:41:05 2855424 ----a-w- c:\windows\system32\mf.dll 2009-12-09 18:41:05 24576 ----a-w- c:\windows\system32\mfpmp.exe 2009-12-09 18:41:05 2048 ----a-w- c:\windows\system32\mferror.dll 2009-12-09 18:41:04 996352 ----a-w- c:\windows\system32\WMNetMgr.dll 2009-12-09 18:41:04 94720 ----a-w- c:\windows\system32\logagent.exe 2009-12-09 18:40:43 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-09 18:40:43 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2009-12-09 18:40:43 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-09 18:39:57 84480 ----a-w- c:\windows\system32\INETRES.dll 2009-12-09 18:39:57 737792 ----a-w- c:\windows\system32\inetcomm.dll 2009-12-09 18:39:30 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-12-09 18:39:05 1645568 ----a-w- c:\windows\system32\connect.dll 2009-12-09 18:38:48 5120 ----a-w- c:\windows\system32\wmi.dll 2009-12-09 18:38:48 152576 ----a-w- c:\windows\system32\imagehlp.dll 2009-12-09 18:38:48 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2009-12-09 18:38:03 788992 ----a-w- c:\windows\system32\rpcrt4.dll 2009-12-09 18:37:46 1327104 ----a-w- c:\windows\system32\quartz.dll 2009-12-09 18:36:35 130048 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-12-09 18:35:55 321536 ----a-w- c:\windows\system32\WSDApi.dll 2009-12-09 18:35:38 99840 ----a-w- c:\windows\system32\poqexec.exe 2009-12-09 18:35:13 0 d-----w- c:\program files\MSXML 4.0 2009-12-09 18:34:27 633856 ----a-w- c:\windows\system32\user32.dll 2009-12-09 18:34:13 2048 ----a-w- c:\windows\system32\msxml6r.dll 2009-12-09 18:34:13 1341440 ----a-w- c:\windows\system32\msxml6.dll 2009-12-09 18:33:27 750080 ----a-w- c:\windows\system32\qmgr.dll 2009-12-09 18:33:17 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-12-09 18:32:33 8147968 ----a-w- c:\windows\system32\wmploc.DLL 2009-12-09 18:32:32 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-12-09 18:32:32 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-12-09 18:32:31 4096 ----a-w- c:\windows\system32\msdxm.ocx 2009-12-09 18:32:29 311296 ----a-w- c:\windows\system32\unregmp2.exe 2009-12-08 02:16:43 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-12-08 02:15:03 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-12-08 02:15:03 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-12-05 05:02:02 6978 ----a-w- c:\windows\system32\Config.MPF 2009-12-05 05:01:42 0 d-----w- c:\programdata\SiteAdvisor 2009-12-05 04:59:53 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-12-05 04:59:53 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-12-05 04:59:53 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-12-05 04:59:46 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-12-05 04:59:13 0 d-----w- c:\program files\common files\McAfee 2009-12-05 04:59:10 0 d-----w- c:\program files\McAfee.com 2009-12-05 04:59:06 0 d-----w- c:\program files\McAfee 2009-12-05 04:55:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-12-05 04:42:19 0 d-----w- c:\programdata\McAfee 2009-12-04 23:36:26 0 d-----w- c:\programdata\Hewlett-Packard 2009-12-04 23:32:54 0 d-----w- c:\windows\SMINST 2009-12-04 23:27:16 0 d-----w- c:\programdata\Symantec 2009-12-04 23:27:03 0 d-----w- c:\program files\common files\Symantec Shared 2009-12-04 23:25:45 0 d-----w- c:\program files\Yahoo! 2009-12-04 23:24:01 0 d-----w- c:\program files\Online Services 2009-12-04 23:24:01 0 d-----w- c:\program files\earthlink totalaccess 2009-12-04 23:21:33 0 d-----w- c:\programdata\PC-Doctor 2009-12-04 23:21:07 0 d-----w- c:\program files\PC-Doctor 5 for Windows 2009-12-04 23:19:21 0 d-----w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1} 2009-12-04 23:19:14 0 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites 2009-12-04 23:18:42 32592 ----a-w- c:\windows\system32\msonpmon.dll 2009-12-04 23:17:58 0 d-----w- c:\windows\PCHEALTH 2009-12-04 23:16:52 0 d-----w- c:\programdata\Microsoft Help 2009-12-04 23:14:57 0 d-----w- c:\program files\Snapfish Media Detector 2009-12-04 23:14:20 0 d-----w- c:\programdata\Adobe 2009-12-04 23:13:10 0 d-----w- c:\program files\muvee Technologies 2009-12-04 23:13:09 0 d-----w- c:\program files\common files\muvee Technologies 2009-12-04 23:13:08 0 d-----w- c:\programdata\muvee Technologies 2009-12-04 23:12:42 0 d-----w- c:\program files\common files\xing shared 2009-12-04 23:12:34 0 d-----w- c:\program files\common files\Real 2009-12-04 23:11:44 0 d-----w- c:\program files\Rhapsody 2009-12-04 23:11:01 0 d---a-w- c:\program files\common files\LS Getting Started 2009-12-04 23:10:53 0 d-----w- c:\program files\common files\SureThing Shared 2009-12-04 23:09:40 0 d-----w- c:\programdata\Sonic 2009-12-04 23:09:21 0 d-----w- c:\program files\common files\PX Storage Engine 2009-12-04 23:08:50 0 d-----w- c:\programdata\Roxio 2009-12-04 23:08:49 0 d-----w- c:\program files\common files\Sonic Shared 2009-12-04 23:08:48 0 d-----w- c:\program files\Roxio 2009-12-04 23:02:47 0 d-----w- c:\program files\common files\HP 2009-12-04 23:02:46 0 d-----w- c:\program files\HP 2009-12-04 23:02:16 103521 ----a-w- c:\windows\hpqins13.dat 2009-12-04 23:02:13 0 d-----w- c:\programdata\HP 2009-12-04 22:57:09 0 d-----w- c:\programdata\WildTangent 2009-12-04 22:57:09 0 d-----w- c:\program files\HP Games 2009-12-04 22:52:53 0 d-----w- c:\program files\Realtek 2009-12-04 22:50:39 2379776 ----a-w- c:\windows\system32\nvwssr.dll 2009-12-04 22:49:47 414208 ----a-w- c:\windows\system32\msscp.dll 2009-12-04 22:49:26 146944 ----a-w- c:\windows\system32\MMDevAPI.dll 2009-12-04 22:48:10 135680 ----a-w- c:\windows\system32\wusa.exe 2009-12-04 22:47:51 974336 ----a-w- c:\windows\system32\crypt32.dll 2009-12-04 22:47:31 104448 ----a-w- c:\windows\system32\DWWIN.EXE 2009-12-04 22:47:13 74752 ----a-w- c:\windows\system32\drivers\rasl2tp.sys 2009-12-04 22:47:13 60928 ----a-w- c:\windows\system32\drivers\raspptp.sys 2009-12-04 22:46:31 229888 ----a-w- c:\windows\system32\msshsq.dll 2009-12-04 22:46:09 80896 ----a-w- c:\windows\system32\MSNP.ax 2009-12-04 22:46:08 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax 2009-12-04 22:46:08 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2009-12-04 22:46:08 292352 ----a-w- c:\windows\system32\psisdecd.dll 2009-12-04 22:46:08 218624 ----a-w- c:\windows\system32\psisrndr.ax 2009-12-04 22:44:39 8704 ----a-w- c:\windows\system32\hccoin.dll 2009-12-04 22:44:39 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-12-04 22:44:39 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2009-12-04 22:44:39 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys 2009-12-04 22:44:39 223744 ----a-w- c:\windows\system32\drivers\usbport.sys 2009-12-04 22:44:39 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys 2009-12-04 22:44:39 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys 2009-12-04 22:44:04 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys 2009-12-04 22:43:46 61440 ------w- c:\windows\system32\OsdRemove.exe 2009-12-04 22:43:05 48760 ----a-w- c:\windows\system32\RUNCLOSE.OCX 2009-12-04 22:43:05 19072 ----a-w- c:\windows\system32\drivers\PS2.sys 2009-12-04 22:42:28 253952 ----a-w- c:\windows\system32\cPC_DMIRD.dll 2009-12-04 22:40:37 327680 ----a-w- c:\windows\system32\pythoncom24.dll 2009-12-04 22:40:37 102400 ----a-w- c:\windows\system32\pywintypes24.dll 2009-12-04 22:40:23 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-12-04 22:40:23 1060864 ----a-w- c:\windows\system32\mfc71.dll 2009-12-04 22:40:03 0 d-sh--w- c:\windows\Installer 2009-12-04 22:33:08 0 d-----w- c:\program files\CONEXANT 2009-12-04 22:28:55 0 d--h--w- C:\hp 2009-12-04 22:28:46 94208 ----a-w- c:\windows\system32\mdmxsdk.dll 2009-12-04 22:28:46 172032 ----a-w- c:\windows\system32\UCI32m15.dll 2009-12-04 22:28:46 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys 2009-12-04 22:28:27 352768 ----a-w- c:\windows\system32\idecoiins.dll 2009-12-04 22:28:27 352768 ----a-w- c:\windows\system32\idecoi.dll 2009-12-04 22:28:27 101672 ----a-w- c:\windows\system32\drivers\nvstor32.sys 2009-12-04 22:28:16 0 d-----w- c:\windows\system32\OEM 2009-12-04 22:28:16 0 d-----w- c:\windows\Panther 2009-12-04 22:28:03 8192 --s-a-r- C:\BOOTSECT.BAK 2009-12-04 22:28:01 438840 --sha-r- C:\bootmgr 2009-12-04 22:28:01 0 d-sh--w- C:\Boot ==================== Find3M ==================== 2009-12-09 18:51:52 86016 ----a-w- c:\windows\inf\infstrng.dat 2009-12-09 18:51:52 86016 ----a-w- c:\windows\inf\infstor.dat 2009-12-09 18:51:52 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-12-09 18:51:52 51200 ----a-w- c:\windows\inf\infpub.dat 2009-12-04 22:52:55 319456 ----a-w- c:\windows\DIFxAPI.dll 2009-12-04 22:52:53 315392 ----a-w- c:\windows\HideWin.exe 2009-12-04 22:48:47 356576 ----a-w- c:\windows\fonts\monbaiti.ttf 2009-12-04 22:46:52 160872 ----a-w- c:\windows\system32\halmacpi.dll 2009-12-04 22:46:52 134760 ----a-w- c:\windows\system32\halacpi.dll 2009-11-05 00:54:12 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2006-11-02 12:50:50 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 16:33:42.11 =============== Also very slow start up pitch black screen. I am not sure why I get update notices but cant update. Also have iexplore I cant get rid of and svc.host is high. Something really weird just happen while I was on the internet. A screen came up like I ran a scan or something stating I had 46 trojans and need to be scan. It look like the control panel because it had my computer on the screen as well. I haven't ran any scan but Mcafee but its not finding anything. So this is another malware trick on my computer. It would not let you click off the screen unless you click the button that was presented. This post has been edited by kymberly: Dec 23 2009, 08:08 PM |
|
|
|
|
Dec 24 2009, 08:22 AM
Post
#4
|
|
|
Forum Addict Group: Malware Response Team Posts: 2,095 Joined: 11-August 07 Member No.: 149,370 |
Hi kymberly,
Welcome to BleepingComputer HijackThis Logs and Malware Removal,  My name is sundavis, I will be helping you to deal with your Malware problems today. Step1 Please download GMER Rootkit Scanner from Here or Here.
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Step2 Please download Malwarebytes' Anti-Malware from Here or Here
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. Step3
In your next reply, please post back: 1.GMER log 2.MBAM log 3.RSIT log.txt and info.txt. Thanks. |
|
|
|
|
Dec 25 2009, 09:48 PM
Post
#5
|
|
|
Forum Regular Group: Members Posts: 341 Joined: 22-July 08 Member No.: 224,432 |
info.txt logfile of random's system information tool 1.06 2009-12-25 18:45:58
======Uninstall list====== -->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe" -->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe" -->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe" -->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe" -->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe" -->"C:\Program Files\HP Games\Cue Master\Uninstall.exe" -->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe" -->"C:\Program Files\HP Games\Family Feud\Uninstall.exe" -->"C:\Program Files\HP Games\FATE\Uninstall.exe" -->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe" -->"C:\Program Files\HP Games\Flip Words\Uninstall.exe" -->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe" -->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe" -->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe" -->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe" -->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe" -->"C:\Program Files\HP Games\Otto\Uninstall.exe" -->"C:\Program Files\HP Games\Overball\Uninstall.exe" -->"C:\Program Files\HP Games\Penguins!\Uninstall.exe" -->"C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe" -->"C:\Program Files\HP Games\Polar Tubing\Uninstall.exe" -->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe" -->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe" -->"C:\Program Files\HP Games\Super Granny\Uninstall.exe" -->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe" -->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe" -->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe" -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002} Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC} HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B} HP Total Care Advisor-->MsiExec.exe /X{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8} HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x0009 -removeonly My HP Games-->"C:\Program Files\HP Games\Uninstall.exe" NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B} Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240} Snapfish Media Detector-->MsiExec.exe /X{4EF6FDB0-3B11-4820-9860-8E08E9965195} Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF ======Security center information====== AV: McAfee VirusScan FW: McAfee Personal Firewall AS: McAfee VirusScan AS: Windows Defender (disabled) ======System event log====== Computer Name: GotoHell-PC Event Code: 4374 Message: Windows Servicing identified that package KB938123_33(Security Update) is not applicable for this system Record Number: 19148 Source Name: Microsoft-Windows-Servicing Time Written: 20091226024516.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: GotoHell-PC Event Code: 4374 Message: Windows Servicing identified that package KB938123_34(Security Update) is not applicable for this system Record Number: 19149 Source Name: Microsoft-Windows-Servicing Time Written: 20091226024516.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: GotoHell-PC Event Code: 4374 Message: Windows Servicing identified that package KB938123_35(Security Update) is not applicable for this system Record Number: 19150 Source Name: Microsoft-Windows-Servicing Time Written: 20091226024517.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: GotoHell-PC Event Code: 4374 Message: Windows Servicing identified that package KB968816(Security Update) is not applicable for this system Record Number: 19170 Source Name: Microsoft-Windows-Servicing Time Written: 20091226024542.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: GotoHell-PC Event Code: 4374 Message: Windows Servicing identified that package KB975467(Security Update) is not applicable for this system Record Number: 19189 Source Name: Microsoft-Windows-Servicing Time Written: 20091226024557.000000-000 Event Type: Warning User: NT AUTHORITY\SYSTEM =====Application event log===== Computer Name: GotoHell-PC Event Code: 2004 Message: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Record Number: 1036 Source Name: Microsoft-Windows-PerfNet Time Written: 20091226011231.000000-000 Event Type: Error User: Computer Name: GotoHell-PC Event Code: 2002 Message: Unable to open the Redirector service performance object. The first four bytes (DWORD) of the Data section contains the status code. Record Number: 1037 Source Name: Microsoft-Windows-PerfNet Time Written: 20091226011231.000000-000 Event Type: Error User: Computer Name: GotoHell-PC Event Code: 1000 Message: Faulting application gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0, faulting module gmer.exe, version 1.0.15.15281, time stamp 0x4b2763f0, exception code 0xc0000005, fault offset 0x0000cb02, process id 0x638, application start time 0x01ca85c8423098a7. Record Number: 1042 Source Name: Application Error Time Written: 20091226021926.000000-000 Event Type: Error User: Computer Name: GotoHell-PC Event Code: 6000 Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event. Record Number: 1043 Source Name: Microsoft-Windows-Winlogon Time Written: 20091226022001.000000-000 Event Type: Warning User: Computer Name: GotoHell-PC Event Code: 6000 Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event. Record Number: 1046 Source Name: Microsoft-Windows-Winlogon Time Written: 20091226022001.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: GotoHell-PC Event Code: 4904 Message: An attempt was made to register a security event source. Subject : Security ID: S-1-5-18 Account Name: GOTOHELL-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xb64 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xd48c8 Record Number: 1023 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091226022609.663409-000 Event Type: Audit Success User: Computer Name: GotoHell-PC Event Code: 4905 Message: An attempt was made to unregister a security event source. Subject Security ID: S-1-5-18 Account Name: GOTOHELL-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Process: Process ID: 0xb64 Process Name: C:\Windows\System32\VSSVC.exe Event Source: Source Name: VSSAudit Event Source ID: 0xd48c8 Record Number: 1024 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091226022609.664409-000 Event Type: Audit Success User: Computer Name: GotoHell-PC Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: GOTOHELL-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: SYSTEM Account Domain: NT AUTHORITY Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x280 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 1025 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091226024622.561409-000 Event Type: Audit Success User: Computer Name: GotoHell-PC Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: GOTOHELL-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x280 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 1026 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091226024622.561409-000 Event Type: Audit Success User: Computer Name: GotoHell-PC Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 1027 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091226024622.561409-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=6b01 "NUMBER_OF_PROCESSORS"=2 "RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ "PLATFORM"=HPD "PCBRAND"=Presario "OnlineServices"=Online Services -----------------EOF-----------------Logfile of random's system information tool 1.06 (written by random/random) Run by Go to Hell at 2009-12-25 18:45:23 Microsoft® Windows Vista™ Home Premium System drive C: has 270 GB (91%) free of 296 GB Total RAM: 1918 MB (46% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:45:55 PM, on 12/25/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe C:\hp\kbd\kbd.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Go to Hell\Desktop\RSIT.exe C:\Users\Go to Hell\Desktop\RSIT.exe C:\Program Files\trend micro\Go to Hell.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6088 bytes ======Scheduled tasks folder====== C:\Windows\tasks\McDefragTask.job C:\Windows\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-11-04 62784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-01-29 145424] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-01-29 145424] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-02 1004136] "hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536] "KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536] "OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784] "NvSvc"=C:\Windows\system32\nvsvc.dll [2007-02-10 90192] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-02-10 8429568] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-02-10 81920] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912] ""= [] "SnapfishMediaDetector"=C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-03-02 1441792] "HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008] "McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"=C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-02-08 73728] "Launcher"=C:\Windows\SMINST\launcher.exe [2007-03-07 44168] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 3 months====== 2009-12-25 18:45:26 ----D---- C:\Program Files\trend micro 2009-12-25 18:45:23 ----D---- C:\rsit 2009-12-25 16:56:17 ----A---- C:\Windows\system32\rastls.dll 2009-12-25 16:56:17 ----A---- C:\Windows\system32\raschap.dll 2009-12-23 16:55:39 ----D---- C:\Users\Go to Hell\AppData\Roaming\Adobe 2009-12-09 10:57:33 ----A---- C:\Windows\system32\L2SecHC.dll 2009-12-09 10:57:32 ----A---- C:\Windows\system32\wlanhlp.dll 2009-12-09 10:57:32 ----A---- C:\Windows\system32\wlanapi.dll 2009-12-09 10:57:31 ----A---- C:\Windows\system32\wlansvc.dll 2009-12-09 10:57:31 ----A---- C:\Windows\system32\wlansec.dll 2009-12-09 10:57:31 ----A---- C:\Windows\system32\wlanmsm.dll 2009-12-09 10:56:01 ----A---- C:\Windows\explorer.exe 2009-12-09 10:45:15 ----A---- C:\Windows\system32\win32spl.dll 2009-12-09 10:45:15 ----A---- C:\Windows\system32\printcom.dll 2009-12-09 10:44:34 ----A---- C:\Windows\system32\wshrm.dll 2009-12-09 10:44:09 ----A---- C:\Windows\system32\wmpdxm.dll 2009-12-09 10:43:32 ----A---- C:\Windows\system32\sbunattend.exe 2009-12-09 10:43:12 ----A---- C:\Windows\system32\oleaut32.dll 2009-12-09 10:42:42 ----A---- C:\Windows\system32\dnsrslvr.dll 2009-12-09 10:42:42 ----A---- C:\Windows\system32\dnscacheugc.exe 2009-12-09 10:42:42 ----A---- C:\Windows\system32\dnsapi.dll 2009-12-09 10:42:14 ----A---- C:\Windows\system32\schannel.dll 2009-12-09 10:41:45 ----A---- C:\Windows\system32\Apphlpdm.dll 2009-12-09 10:41:43 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2009-12-09 10:41:43 ----A---- C:\Windows\system32\gameux.dll 2009-12-09 10:41:05 ----A---- C:\Windows\system32\rrinstaller.exe 2009-12-09 10:41:05 ----A---- C:\Windows\system32\mfps.dll 2009-12-09 10:41:05 ----A---- C:\Windows\system32\mfpmp.exe 2009-12-09 10:41:05 ----A---- C:\Windows\system32\mferror.dll 2009-12-09 10:41:05 ----A---- C:\Windows\system32\mf.dll 2009-12-09 10:41:04 ----A---- C:\Windows\system32\WMVCORE.DLL 2009-12-09 10:41:04 ----A---- C:\Windows\system32\WMNetMgr.dll 2009-12-09 10:41:04 ----A---- C:\Windows\system32\logagent.exe 2009-12-09 10:39:57 ----A---- C:\Windows\system32\INETRES.dll 2009-12-09 10:39:57 ----A---- C:\Windows\system32\inetcomm.dll 2009-12-09 10:39:30 ----A---- C:\Windows\system32\msasn1.dll 2009-12-09 10:39:05 ----A---- C:\Windows\system32\connect.dll 2009-12-09 10:38:48 ----A---- C:\Windows\system32\wmi.dll 2009-12-09 10:38:48 ----A---- C:\Windows\system32\imagehlp.dll 2009-12-09 10:38:03 ----A---- C:\Windows\system32\rpcrt4.dll 2009-12-09 10:37:46 ----A---- C:\Windows\system32\quartz.dll 2009-12-09 10:35:55 ----A---- C:\Windows\system32\WSDApi.dll 2009-12-09 10:35:13 ----D---- C:\Program Files\MSXML 4.0 2009-12-09 10:34:27 ----A---- C:\Windows\system32\user32.dll 2009-12-09 10:34:13 ----A---- C:\Windows\system32\msxml6r.dll 2009-12-09 10:34:13 ----A---- C:\Windows\system32\msxml6.dll 2009-12-09 10:33:27 ----A---- C:\Windows\system32\qmgr.dll 2009-12-09 10:33:17 ----A---- C:\Windows\system32\WMSPDMOD.DLL 2009-12-09 10:32:33 ----A---- C:\Windows\system32\wmploc.DLL 2009-12-09 10:32:33 ----A---- C:\Windows\system32\wmp.dll 2009-12-09 10:32:32 ----A---- C:\Windows\system32\spwmp.dll 2009-12-09 10:32:32 ----A---- C:\Windows\system32\dxmasf.dll 2009-12-09 10:32:29 ----A---- C:\Windows\system32\unregmp2.exe 2009-12-07 18:44:14 ----D---- C:\Users\Go to Hell\AppData\Roaming\Macromedia 2009-12-07 18:16:43 ----A---- C:\Windows\system32\wups2.dll 2009-12-07 18:16:43 ----A---- C:\Windows\system32\wucltux.dll 2009-12-07 18:16:43 ----A---- C:\Windows\system32\wuaueng.dll 2009-12-07 18:16:43 ----A---- C:\Windows\system32\wuauclt.exe 2009-12-07 18:15:03 ----A---- C:\Windows\system32\wuwebv.dll 2009-12-07 18:15:03 ----A---- C:\Windows\system32\wuapp.exe 2009-12-04 21:01:42 ----D---- C:\ProgramData\SiteAdvisor 2009-12-04 20:59:13 ----D---- C:\Program Files\Common Files\McAfee 2009-12-04 20:59:10 ----D---- C:\Program Files\McAfee.com 2009-12-04 20:59:06 ----D---- C:\Program Files\McAfee 2009-12-04 20:49:25 ----SHD---- C:\Config.Msi 2009-12-04 20:42:19 ----D---- C:\ProgramData\McAfee 2009-12-04 19:31:44 ----A---- C:\Windows\ntbtlog.txt 2009-12-04 19:17:10 ----D---- C:\Users\Go to Hell\AppData\Roaming\Snapfish 2009-12-04 19:16:42 ----D---- C:\Users\Go to Hell\AppData\Roaming\Identities 2009-12-04 19:16:17 ----SD---- C:\Users\Go to Hell\AppData\Roaming\Microsoft 2009-12-04 19:16:17 ----D---- C:\Users\Go to Hell\AppData\Roaming\Media Center Programs 2009-12-04 15:36:26 ----D---- C:\ProgramData\Hewlett-Packard 2009-12-04 15:32:54 ----D---- C:\Windows\SMINST 2009-12-04 15:27:21 ----A---- C:\Windows\system32\capicom.dll 2009-12-04 15:27:16 ----D---- C:\ProgramData\Symantec 2009-12-04 15:27:03 ----D---- C:\Program Files\Common Files\Symantec Shared 2009-12-04 15:25:45 ----D---- C:\Program Files\Yahoo! 2009-12-04 15:24:01 ----D---- C:\Program Files\Online Services 2009-12-04 15:24:01 ----D---- C:\Program Files\earthlink totalaccess 2009-12-04 15:21:33 ----D---- C:\ProgramData\PC-Doctor 2009-12-04 15:21:07 ----D---- C:\Program Files\PC-Doctor 5 for Windows 2009-12-04 15:19:21 ----D---- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1} 2009-12-04 15:19:14 ----D---- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites 2009-12-04 15:18:42 ----A---- C:\Windows\system32\msonpmon.dll 2009-12-04 15:18:07 ----D---- C:\Program Files\Common Files\DESIGNER 2009-12-04 15:17:58 ----D---- C:\Windows\PCHEALTH 2009-12-04 15:17:58 ----D---- C:\Program Files\Microsoft.NET 2009-12-04 15:16:52 ----D---- C:\ProgramData\Microsoft Help 2009-12-04 15:16:39 ----RHD---- C:\MSOCache 2009-12-04 15:16:20 ----D---- C:\Program Files\Microsoft Office 2009-12-04 15:16:12 ----D---- C:\Program Files\Microsoft Works 2009-12-04 15:14:57 ----D---- C:\Program Files\Snapfish Media Detector 2009-12-04 15:14:20 ----D---- C:\ProgramData\Adobe 2009-12-04 15:14:15 ----D---- C:\Program Files\Common Files\Adobe 2009-12-04 15:14:15 ----D---- C:\Program Files\Adobe 2009-12-04 15:13:26 ----N---- C:\Windows\system32\pxhpinst.exe 2009-12-04 15:13:10 ----D---- C:\Program Files\muvee Technologies 2009-12-04 15:13:09 ----D---- C:\Program Files\Common Files\muvee Technologies 2009-12-04 15:13:08 ----D---- C:\ProgramData\muvee Technologies 2009-12-04 15:12:42 ----D---- C:\Program Files\Common Files\xing shared 2009-12-04 15:12:38 ----A---- C:\Windows\system32\rmoc3260.dll 2009-12-04 15:12:35 ----A---- C:\Windows\system32\pndx5032.dll 2009-12-04 15:12:35 ----A---- C:\Windows\system32\pndx5016.dll 2009-12-04 15:12:35 ----A---- C:\Windows\system32\pncrt.dll 2009-12-04 15:12:34 ----D---- C:\Program Files\Common Files\Real 2009-12-04 15:12:02 ----D---- C:\Program Files\Real 2009-12-04 15:11:44 ----D---- C:\Program Files\Rhapsody 2009-12-04 15:11:01 ----AD---- C:\Program Files\Common Files\LS Getting Started 2009-12-04 15:11:01 ----AD---- C:\Program Files\Common Files\LightScribe 2009-12-04 15:10:53 ----D---- C:\Program Files\Common Files\SureThing Shared 2009-12-04 15:09:40 ----D---- C:\ProgramData\Sonic 2009-12-04 15:09:21 ----D---- C:\Program Files\Common Files\PX Storage Engine 2009-12-04 15:08:50 ----D---- C:\ProgramData\Roxio 2009-12-04 15:08:49 ----D---- C:\Program Files\Common Files\Sonic Shared 2009-12-04 15:08:48 ----D---- C:\Program Files\Roxio 2009-12-04 15:08:48 ----D---- C:\Program Files\Common Files\Roxio Shared 2009-12-04 15:02:47 ----D---- C:\Program Files\Common Files\HP 2009-12-04 15:02:46 ----D---- C:\Program Files\HP 2009-12-04 15:02:13 ----D---- C:\ProgramData\HP 2009-12-04 14:57:09 ----D---- C:\ProgramData\WildTangent 2009-12-04 14:57:09 ----D---- C:\Program Files\HP Games 2009-12-04 14:56:35 ----D---- C:\Windows\system32\Macromed 2009-12-04 14:52:55 ----A---- C:\Windows\DIFxAPI.dll 2009-12-04 14:52:53 ----HD---- C:\Program Files\InstallShield Installation Information 2009-12-04 14:52:53 ----D---- C:\Program Files\Realtek 2009-12-04 14:52:53 ----A---- C:\Windows\RtlExUpd.dll 2009-12-04 14:52:53 ----A---- C:\Windows\HideWin.exe 2009-12-04 14:52:50 ----D---- C:\Program Files\Common Files\InstallShield 2009-12-04 14:52:41 ----D---- C:\Windows\system32\RTCOM 2009-12-04 14:52:28 ----A---- C:\Windows\system32\SRSWOW.dll 2009-12-04 14:52:28 ----A---- C:\Windows\system32\SRSTSXT.dll 2009-12-04 14:52:28 ----A---- C:\Windows\system32\RtkPgExt.dll 2009-12-04 14:52:28 ----A---- C:\Windows\system32\RtkAPO.dll 2009-12-04 14:52:28 ----A---- C:\Windows\RtlUpd.exe 2009-12-04 14:52:28 ----A---- C:\Windows\RtHDVCpl.exe 2009-12-04 14:50:39 ----A---- C:\Windows\system32\nvwssr.dll 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvwss.dll 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvvitvsr.dll 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvvitvs.dll 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvuninst.exe 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvudisp.exe 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvsvc.dll 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvoglv32.dll 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvmoblsr.dll 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvmobls.dll 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvmctray.dll 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvmccssr.dll 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvmccss.dll 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvmccsrs.dll 2009-12-04 14:50:38 ----A---- C:\Windows\system32\nvmccs.dll 2009-12-04 14:50:37 ----A---- C:\Windows\system32\nvgamesr.dll 2009-12-04 14:50:37 ----A---- C:\Windows\system32\nvgames.dll 2009-12-04 14:50:37 ----A---- C:\Windows\system32\nvexpbar.dll 2009-12-04 14:50:37 ----A---- C:\Windows\system32\nvdispsr.dll 2009-12-04 14:50:36 ----A---- C:\Windows\system32\nvdisps.dll 2009-12-04 14:50:36 ----A---- C:\Windows\system32\nvcpluir.dll 2009-12-04 14:50:36 ----A---- C:\Windows\system32\nvcplui.exe 2009-12-04 14:50:36 ----A---- C:\Windows\system32\nvcpl.dll 2009-12-04 14:50:36 ----A---- C:\Windows\system32\nvcolor.exe 2009-12-04 14:50:36 ----A---- C:\Windows\system32\nvapi.dll 2009-12-04 14:50:35 ----A---- C:\Windows\system32\dpinst.exe 2009-12-04 14:49:47 ----A---- C:\Windows\system32\msscp.dll 2009-12-04 14:49:26 ----A---- C:\Windows\system32\MMDevAPI.dll 2009-12-04 14:48:10 ----A---- C:\Windows\system32\wusa.exe 2009-12-04 14:47:51 ----A---- C:\Windows\system32\crypt32.dll 2009-12-04 14:47:31 ----A---- C:\Windows\system32\DWWIN.EXE 2009-12-04 14:46:31 ----A---- C:\Windows\system32\msshsq.dll 2009-12-04 14:46:08 ----A---- C:\Windows\system32\psisdecd.dll 2009-12-04 14:45:05 ----A---- C:\Windows\system32\mshtml.dll 2009-12-04 14:45:03 ----A---- C:\Windows\system32\ieapfltr.dll 2009-12-04 14:44:39 ----A---- C:\Windows\system32\hccoin.dll 2009-12-04 14:43:46 ----N---- C:\Windows\system32\OsdRemove.exe 2009-12-04 14:43:45 ----D---- C:\Program Files\Hewlett-Packard 2009-12-04 14:42:28 ----A---- C:\Windows\system32\cPC_DMIRD.dll 2009-12-04 14:40:37 ----A---- C:\Windows\system32\pywintypes24.dll 2009-12-04 14:40:37 ----A---- C:\Windows\system32\pythoncom24.dll 2009-12-04 14:40:23 ----A---- C:\Windows\system32\msvcr71.dll 2009-12-04 14:40:23 ----A---- C:\Windows\system32\mfc71.dll 2009-12-04 14:40:21 ----A---- C:\Windows\csup.txt 2009-12-04 14:40:03 ----SHD---- C:\Windows\Installer 2009-12-04 14:33:44 ----D---- C:\Windows\SoftwareDistribution 2009-12-04 14:33:08 ----D---- C:\Program Files\CONEXANT 2009-12-04 14:31:36 ----D---- C:\Windows\Debug 2009-12-04 14:30:02 ----D---- C:\Windows\Prefetch 2009-12-04 14:29:52 ----SHD---- C:\System Volume Information 2009-12-04 14:28:55 ----HD---- C:\hp 2009-12-04 14:28:46 ----A---- C:\Windows\system32\UCI32m15.dll 2009-12-04 14:28:46 ----A---- C:\Windows\system32\mdmxsdk.dll 2009-12-04 14:28:27 ----A---- C:\Windows\system32\idecoiins.dll 2009-12-04 14:28:27 ----A---- C:\Windows\system32\idecoi.dll 2009-12-04 14:28:16 ----D---- C:\Windows\system32\OEM 2009-12-04 14:28:16 ----D---- C:\Windows\Panther 2009-12-04 14:28:03 ----RAS---- C:\BOOTSECT.BAK 2009-12-04 14:28:01 ----SHD---- C:\Boot ======List of files/folders modified in the last 3 months====== 2009-12-25 18:45:33 ----D---- C:\Windows\Temp 2009-12-25 18:45:26 ----RD---- C:\Program Files 2009-12-25 18:27:20 ----D---- C:\Windows\System32 2009-12-25 18:27:19 ----D---- C:\Windows\inf 2009-12-25 18:27:19 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-12-25 18:26:07 ----D---- C:\Windows\winsxs 2009-12-25 18:25:36 ----D---- C:\Windows\servicing 2009-12-25 17:14:20 ----D---- C:\Windows\system32\drivers 2009-12-25 17:09:57 ----D---- C:\Windows\system32\catroot 2009-12-25 17:08:57 ----D---- C:\Program Files\Windows Mail 2009-12-25 16:58:45 ----D---- C:\Windows\system32\catroot2 2009-12-23 13:36:13 ----D---- C:\Windows\system32\WDI 2009-12-09 11:24:30 ----D---- C:\Windows\system32\wbem 2009-12-09 11:24:28 ----D---- C:\Windows 2009-12-09 10:49:28 ----D---- C:\Windows\rescache 2009-12-09 10:46:46 ----D---- C:\Program Files\Windows Sidebar 2009-12-09 10:46:37 ----D---- C:\Windows\AppPatch 2009-12-09 10:32:43 ----D---- C:\Windows\system32\en-US 2009-12-09 10:32:42 ----D---- C:\Program Files\Windows Media Player 2009-12-09 10:29:42 ----D---- C:\Windows\ehome 2009-12-04 21:01:42 ----HD---- C:\ProgramData 2009-12-04 20:59:28 ----D---- C:\Windows\Tasks 2009-12-04 20:59:28 ----D---- C:\Windows\system32\Tasks 2009-12-04 20:59:13 ----D---- C:\Program Files\Common Files 2009-12-04 20:52:03 ----RSD---- C:\Windows\assembly 2009-12-04 20:47:34 ----D---- C:\Windows\system32\restore 2009-12-04 19:39:01 ----SD---- C:\ProgramData\Microsoft 2009-12-04 19:37:07 ----SHD---- C:\$Recycle.Bin 2009-12-04 19:36:33 ----RD---- C:\Users 2009-12-04 15:37:43 ----D---- C:\Windows\system32\sysprep 2009-12-04 15:36:15 ----D---- C:\Windows\system32\oobe 2009-12-04 15:22:48 ----RSD---- C:\Windows\Fonts 2009-12-04 15:20:51 ----D---- C:\Windows\Help 2009-12-04 15:18:13 ----D---- C:\Program Files\Common Files\microsoft shared 2009-12-04 15:17:16 ----D---- C:\Windows\ShellNew 2009-12-04 15:13:27 ----A---- C:\autoexec.bat 2009-12-04 15:11:45 ----D---- C:\Program Files\Internet Explorer 2009-12-04 14:46:52 ----A---- C:\Windows\system32\halmacpi.dll 2009-12-04 14:46:52 ----A---- C:\Windows\system32\halacpi.dll 2009-12-04 14:46:52 ----A---- C:\Windows\system32\hal.dll 2009-12-04 14:43:53 ----D---- C:\Windows\Logs 2009-12-04 14:40:21 ----D---- C:\Windows\Setup ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-11-04 214664] R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704] R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992] R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-11-04 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-11-04 35272] R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-11-04 40552] R3 netr73;Netopia RT73 Wireless Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-05-24 501248] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-01 429056] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-02-10 7409024] R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-11-04 34248] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-10-29 865832] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-04 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-04 606736] S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-10-28 365072] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544] S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-08 74656] -----------------EOF----------------- Ok I am not able to post the gmer report. Every time I hit post it tells me its too long. Can sum you please advise me on what to do. I tried uploading and still wont work. Will run other things you ask for instead. Malwarebytes' Anti-Malware 1.42 Database version: 3431 Windows 6.0.6000 Internet Explorer 7.0.6000.16386 12/25/2009 7:06:24 PM mbam-log-2009-12-25 (19-06-24).txt Scan type: Quick Scan Objects scanned: 104603 Time elapsed: 6 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) This post has been edited by kymberly: Dec 25 2009, 10:08 PM |
|
|
|
|
Dec 26 2009, 04:23 AM
Post
#6
|
|
|
Forum Addict Group: Malware Response Team Posts: 2,095 Joined: 11-August 07 Member No.: 149,370 |
Hi kymberly,
QUOTE Can sum you please advise me on what to do. Yes, you can use multiple post while one frame cant fit all posts or you may upload the files as instructed in this thread . QUOTE Dr. Web cannot be deleted Can you post the Dr.Web log if still available? Or, you may rerun it and save the logs (in the Dr.Web CureIt menu on top, click file and choose save report list) QUOTE Configuring Updates Please Wait... In your event log, the problem seemed you cant update your Vista and can't configure it properly as well. Had you ever tried to download the hotfix and install it manually? Please post the contents of Gmer and Dr.Web log in your next reply and detail the problem you're experiencing now. This post has been edited by sundavis: Dec 26 2009, 05:13 AM |
|
|
|
|
Dec 30 2009, 08:13 PM
Post
#7
|
|
|
Forum Regular Group: Members Posts: 341 Joined: 22-July 08 Member No.: 224,432 |
SlgClientServicesRedists.exe\data002;C:\Program Files\HP Games\Cake Mania\SlgClientServicesRedists.exe;Adware.SpywareStorm;;
SlgClientServicesRedists.exe;C:\Program Files\HP Games\Cake Mania;Archive contains infected objects;; Setup.exe\data053;C:\Program Files\Online Services\Netscape_ca\Setup.exe;Trojan.MulDrop.origin;; Setup.exe;C:\Program Files\Online Services\Netscape_ca;Archive contains infected objects;; cakemania-setup.exe/data032\data002;D:\hp\apps\APP04310\src\install\games\cakemania-setup.exe/data032;Adware.SpywareStorm;; data032;D:\hp\apps\APP04310\src\install\games;Archive contains infected objects;; cakemania-setup.exe;D:\hp\apps\APP04310\src\install\games;Archive contains infected objects;; SlgClientServicesRedists.exe\data002;C:\Program Files\HP Games\Cake Mania\SlgClientServicesRedists.exe;Adware.SpywareStorm;; SlgClientServicesRedists.exe;C:\Program Files\HP Games\Cake Mania;Archive contains infected objects;Cannot delete.; Setup.exe\data053;C:\Program Files\Online Services\Netscape_ca\Setup.exe;Trojan.MulDrop.origin;; Setup.exe;C:\Program Files\Online Services\Netscape_ca;Archive contains infected objects;Cannot delete.; cakemania-setup.exe/data032\data002;D:\hp\apps\APP04310\src\install\games\cakemania-setup.exe/data032;Adware.SpywareStorm;; data032;D:\hp\apps\APP04310\src\install\games;Archive contains infected objects;; cakemania-setup.exe;D:\hp\apps\APP04310\src\install\games;Archive contains infected objects;Cannot delete.; |
|
|
|
|
Dec 30 2009, 09:44 PM
Post
#8
|
|
|
Forum Regular Group: Members Posts: 341 Joined: 22-July 08 Member No.: 224,432 |
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-30 18:03:55 Windows 6.0.6000 Running: gmer.exe; Driver: C:\Users\GOTOHE~1\AppData\Local\Temp\uxrirkog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x81DBE057] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x81C657CE] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x81E4A707] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x81C65805] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x81E4A746] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x81C65840] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x81E4A78F] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x81E4A7D8] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x81E88F47] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x81E8AFF4] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddDriverEntry [0x81E8C282] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x81E3EEE5] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x81E3EACD] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlertResumeThread [0x81E1D327] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlertThread [0x81E1D2CF] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x81E89390] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x81DE743F] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x81E88A70] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateVirtualMemory [0x81DD531F] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcAcceptConnectPort [0x81DC0B37] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCancelMessage [0x81DC62C7] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcConnectPort [0x81DBFE3B] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreatePort [0x81DBF54B] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreatePortSection [0x81DC839B] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateResourceReserve [0x81DC9CC3] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateSectionView [0x81DC8637] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateSecurityContext [0x81DCA27F] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeletePortSection [0x81DC853A] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteResourceReserve [0x81DC9DFA] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteSectionView [0x81DC886D] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteSecurityContext [0x81DCA577] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDisconnectPort [0x81DCC39B] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcImpersonateClientOfPort [0x81DCA803] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcOpenSenderProcess [0x81DCE107] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcOpenSenderThread [0x81DCE6B7] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcQueryInformation [0x81DCD953] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcQueryInformationMessage [0x81DC70D5] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcRevokeSecurityContext [0x81DCA430] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcSendWaitReceivePort [0x81DC615B] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcSetInformation [0x81DCD48B] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwApphelpCacheControl [0x81E9F2F9] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x81DD21CB] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x81E1F5BB] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x81C8037C] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x81D8046C] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x81D8BD6C] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x81C79318] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x81E87095] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x81DF189C] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x81E4ACC9] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x81D3CD2B] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x81E4E0C9] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x81DBE0DB] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x81D3CFB7] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwConnectPort [0x81DBE023] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x81C903B8] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x81D752D2] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x81DED9DF] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x81E870E8] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x81E8FA91] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x81D8EC5E] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x81D8B298] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x81E1F339] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x81E2210F] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x81D37576] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyTransacted [0x81D375D9] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x81D8ED8F] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMutant [0x81E8FF0A] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x81D8ECA1] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePrivateNamespace [0x81DFA0B6] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x81DE37EC] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x81DBDB25] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x81E123B2] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x81E123FD] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x81E90403] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x81DD7703] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x81E880FF] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x81DEFC6B] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThread [0x81E11F31] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x81E8F6F1] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x81E4CCED] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTransaction [0x81E53AC4] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTransaction [0x81E53DD7] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationTransaction [0x81E53FCF] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationTransactionManager [0x81E56472] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrePrepareEnlistment [0x81E54E64] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrepareEnlistment [0x81E54DA3] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCommitEnlistment [0x81E54F25] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadOnlyEnlistment [0x81E553A9] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackComplete [0x81E55468] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackEnlistment [0x81E54FE6] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCommitTransaction [0x81E544CF] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackTransaction [0x81E54538] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrePrepareComplete [0x81E55168] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrepareComplete [0x81E550A7] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCommitComplete [0x81E55229] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSinglePhaseReject [0x81E552EA] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationTransaction [0x81E545B5] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationTransactionManager [0x81E56879] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationResourceManager [0x81E55D36] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTransactionManager [0x81E55ED0] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTransactionManager [0x81E560E7] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollforwardTransactionManager [0x81E56356] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverEnlistment [0x81E549C3] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverResourceManager [0x81E55999] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverTransactionManager [0x81E56417] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateResourceManager [0x81E55527] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenResourceManager [0x81E557ED] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetNotificationResourceManager [0x81E559F2] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationResourceManager [0x81E55B07] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEnlistment [0x81E5470D] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEnlistment [0x81E547FA] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationEnlistment [0x81E54C06] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationEnlistment [0x81E54A1F] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStartTm [0x81E89383] SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & This post has been edited by kymberly: Dec 30 2009, 09:47 PM |
|
|
|
|
Dec 30 2009, 09:46 PM
Post
#9
|
|
|
Forum Regular Group: Members Posts: 341 Joined: 22-July 08 Member No.: 224,432 |
INT 0x00 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D640
INT 0x01 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D7C0 INT 0x03 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DC14 INT 0x04 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DD9C INT 0x05 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DEFC INT 0x06 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8E070 INT 0x07 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8E6E0 INT 0x09 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8EB08 INT 0x0A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8EC2C INT 0x0B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8ED6C INT 0x0C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8EFCC INT 0x0D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8F2B4 INT 0x0E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8F998 INT 0x0F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x10 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FE4C INT 0x11 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FF8C INT 0x12 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x13 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C900F8 INT 0x14 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x15 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x16 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x17 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x18 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x19 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x1A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x1B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x1C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x1D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x1E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x1F \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB5AC4 INT 0x2A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8CDAA INT 0x2B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8CF30 INT 0x2C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D06C INT 0x2D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DAEC INT 0x2E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C76E INT 0x2F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28 INT 0x30 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE30 INT 0x31 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE3A INT 0x32 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE44 INT 0x33 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE4E INT 0x34 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE58 INT 0x35 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE62 INT 0x36 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE6C INT 0x37 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB50E8 INT 0x38 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE80 INT 0x39 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE8A INT 0x3A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE94 INT 0x3B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE9E INT 0x3C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEA8 INT 0x3D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEB2 INT 0x3E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEBC INT 0x3F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEC6 INT 0x40 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BED0 INT 0x41 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEDA INT 0x42 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEE4 INT 0x43 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEEE INT 0x44 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEF8 INT 0x45 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF02 INT 0x46 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF0C INT 0x47 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF16 INT 0x48 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF20 INT 0x49 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF2A INT 0x4A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF34 INT 0x4B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF3E INT 0x4C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF48 INT 0x4D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF52 INT 0x4E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF5C INT 0x4F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF66 INT 0x50 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF70 INT 0x51 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF7A INT 0x52 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 88014E1B INT 0x53 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF8E INT 0x54 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF98 INT 0x55 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFA2 INT 0x56 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFAC INT 0x57 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFB6 INT 0x58 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFC0 INT 0x59 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFCA INT 0x5A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFD4 INT 0x5B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFDE INT 0x5C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFE8 INT 0x5D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFF2 INT 0x5E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFFC INT 0x5F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C006 INT 0x60 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C010 INT 0x61 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C01A INT 0x62 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 88014E1B INT 0x63 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C02E INT 0x64 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C038 INT 0x65 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C042 INT 0x66 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C04C INT 0x67 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C056 INT 0x68 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C060 INT 0x69 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C06A INT 0x6A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C074 INT 0x6B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C07E INT 0x6C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C088 INT 0x6D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C092 INT 0x6E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C09C INT 0x6F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0A6 INT 0x70 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0B0 INT 0x71 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) 8806A15C INT 0x72 \SystemRoot\system32\drivers\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 8078EED0 INT 0x73 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0CE INT 0x74 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0D8 INT 0x75 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0E2 INT 0x76 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0EC INT 0x77 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0F6 INT 0x78 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C100 INT 0x79 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C10A INT 0x7A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C114 INT 0x7B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C11E INT 0x7C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C128 INT 0x7D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C132 INT 0x7E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C13C INT 0x7F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C146 INT 0x80 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C150 INT 0x81 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C15A INT 0x82 \SystemRoot\system32\drivers\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 8078EED0 INT 0x83 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C16E INT 0x84 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C178 INT 0x85 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C182 INT 0x86 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C18C INT 0x87 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C196 INT 0x88 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1A0 INT 0x89 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1AA INT 0x8A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1B4 INT 0x8B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1BE INT 0x8C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1C8 INT 0x8D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1D2 INT 0x8E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1DC INT 0x8F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1E6 INT 0x90 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1F0 INT 0x91 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1FA INT 0x92 \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 807E9E30 INT 0x93 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C20E INT 0x94 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C218 INT 0x95 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C222 INT 0x96 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C22C INT 0x97 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C236 INT 0x98 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C240 INT 0x99 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C24A INT 0x9A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C254 INT 0x9B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C25E INT 0x9C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C268 INT 0x9D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C272 INT 0x9E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C27C INT 0x9F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C286 INT 0xA0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C290 INT 0xA1 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C29A INT 0xA2 \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 807E9E30 INT 0xA3 \SystemRoot\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) 881B6354 INT 0xA4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2B8 INT 0xA5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2C2 INT 0xA6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2CC INT 0xA7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2D6 INT 0xA8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2E0 INT 0xA9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2EA INT 0xAA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2F4 INT 0xAB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2FE INT 0xAC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C308 INT 0xAD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C312 INT 0xAE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C31C INT 0xAF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C326 INT 0xB0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C330 INT 0xB1 \SystemRoot\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) 8023768C INT 0xB2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C344 INT 0xB3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C34E INT 0xB4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C358 INT 0xB5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C362 INT 0xB6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C36C INT 0xB7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C376 INT 0xB8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C380 INT 0xB9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C38A INT 0xBA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C394 INT 0xBB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C39E INT 0xBC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3A8 INT 0xBD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3B2 INT 0xBE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3BC INT 0xBF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3C6 INT 0xC0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3D0 INT 0xC1 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB53D8 INT 0xC2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3E4 INT 0xC3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3EE INT 0xC4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3F8 INT 0xC5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C402 INT 0xC6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C40C INT 0xC7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C416 INT 0xC8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C420 INT 0xC9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C42A INT 0xCA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C434 INT 0xCB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C43E INT 0xCC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C448 INT 0xCD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C452 INT 0xCE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C45C INT 0xCF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C466 INT 0xD0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C470 INT 0xD1 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FA497C INT 0xD2 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FA3F08 INT 0xD3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C48E INT 0xD4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C498 INT 0xD5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4A2 INT 0xD6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4AC INT 0xD7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4B6 INT 0xD8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4C0 INT 0xD9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4CA INT 0xDA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4D4 INT 0xDB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4DE INT 0xDC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4E8 INT 0xDD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4F2 INT 0xDE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4FC INT 0xDF \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB51C0 INT 0xE0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C510 INT 0xE1 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB5934 INT 0xE2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C524 INT 0xE3 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB56D4 INT 0xE4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C538 INT 0xE5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C542 INT 0xE6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C54C INT 0xE7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C556 INT 0xE8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C560 INT 0xE9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C56A INT 0xEA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C574 INT 0xEB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C57E INT 0xEC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C588 INT 0xED \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C592 INT 0xEE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C599 INT 0xEF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5A0 INT 0xF0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5A7 INT 0xF1 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5AE INT 0xF2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5B5 INT 0xF3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5BC INT 0xF4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5C3 INT 0xF5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5CA INT 0xF6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5D1 INT 0xF7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5D8 INT 0xF8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5DF INT 0xF9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5E6 INT 0xFA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5ED INT 0xFB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5F4 INT 0xFC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5FB INT 0xFD \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB5EDC INT 0xFE \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB6148 INT 0xFF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C610 SYSENTER \SystemRoot\system32\ntkrnlpa.exe |
|
|
|
|
Dec 30 2009, 09:48 PM
Post
#10
|
|
|
Forum Regular Group: Members Posts: 341 Joined: 22-July 08 Member No.: 224,432 |
-- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation) Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation) Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \ Device \Driver\NDIS \Device\Ndis ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) Device \Driver\KSecDD \Device\KsecDD ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) Device \Driver\KSecDD \Device\KsecDD ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation) Device \Driver\Beep \Device\Beep ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\00000032 Device \Device\00000025 Device \Device\00000019 Device \Device\00000033 Device \Device\00000026 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) Device \Device\00000040 Device \Device\00000034 Device \Device\00000027 Device \Driver\kbdclass \Device\KeyboardClass0 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) Device \Driver\kbdclass \Device\KeyboardClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\Video0 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) Device \Device\00000041 Device \Driver\Wdf01000 \Device\KMDF0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) Device \Driver\Wdf01000 \Device\KMDF0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\WMIxWDM \Device\WMIAdminDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\WMIxWDM \Device\WMIAdminDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\00000035 Device \Device\00000028 Device \Driver\kbdclass \Device\KeyboardClass1 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) Device \Driver\kbdclass \Device\KeyboardClass1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000036 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000036 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl volmgr.sys (Volume Manager Driver/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\ACPI \Device\00000042 acpi.sys (ACPI Driver for NT/Microsoft Corporation) Device \Device\00000029 Device \Driver\PnpManager \Device\00000037 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000037 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\mouclass \Device\PointerClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation) Device \Driver\mouclass \Device\PointerClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\nvstor32 \Device\00000050 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) Device \Driver\nvstor32 \Device\00000050 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) Device \Driver\ACPI \Device\00000043 acpi.sys (ACPI Driver for NT/Microsoft Corporation) Device \Device\0000000a Device \Driver\nvstor32 \Device\00000051 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) Device \Driver\nvstor32 \Device\00000051 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\PointerClass1 Device \Driver\usbohci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) Device \Driver\usbohci \Device\USBPDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000038 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000038 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) Device \Driver\ACPI \Device\00000044 acpi.sys (ACPI Driver for NT/Microsoft Corporation) Device \Device\0000000b Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) Device \Device\00000045 Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\00000039 Device \Device\0000000c Device \Driver\usbhub \Device\USBPDO-2 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) Device \Driver\usbhub \Device\USBPDO-2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\usbhub \Device\00000053 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) Device \Driver\usbhub \Device\00000053 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) Device \Device\00000046 Device \Device\NTPNP_PCI0000 Device \Device\0000001a Device \Device\0000000d Device \Driver\USBSTOR \Device\00000060 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) Device \Driver\USBSTOR \Device\00000060 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\usbhub \Device\USBPDO-3 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) Device \Driver\usbhub \Device\USBPDO-3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\usbhub \Device\00000054 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) Device \Driver\usbhub \Device\00000054 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) Device \Device\00000047 Device \Driver\pci \Device\NTPNP_PCI0001 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\pci \Device\NTPNP_PCI0001 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) Device \Device\0000001b Device \Device\0000000e Device \Driver\USBSTOR \Device\00000061 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) Device \Driver\USBSTOR \Device\00000061 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\00000055 Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) Device \Device\00000048 Device \Device\NTPNP_PCI0002 Device \Device\0000001c Device \Device\0000000f Device \Driver\pci \Device\NTPNP_PCI0010 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\pci \Device\NTPNP_PCI0010 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) Device \Device\00000049 Device \Device\NTPNP_PCI0003 Device \Device\0000001d Device \Driver\usbccgp \Device\00000057 usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) Device \Driver\usbccgp \Device\00000057 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\pci \Device\NTPNP_PCI0004 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\pci \Device\NTPNP_PCI0004 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) Device \Driver\pci \Device\NTPNP_PCI0011 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\pci \Device\NTPNP_PCI0011 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) Device \Device\0000002a Device \Device\0000001e Device \Driver\volmgr \Device\HarddiskVolume1 volmgr.sys (Volume Manager Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\00000058 Device \Driver\pci \Device\NTPNP_PCI0005 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\pci \Device\NTPNP_PCI0005 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) Device \Device\NTPNP_PCI0012 Device \Device\0000002b Device \Device\0000001f Device \Driver\volmgr \Device\HarddiskVolume2 volmgr.sys (Volume Manager Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\00000059 Device \Driver\TermDD \Device\Termdd termdd.sys (Terminal Server Driver/Microsoft Corporation) Device \Driver\Ecache \Device\ECacheControl ecache.sys (Special Memory Device Cache/Microsoft Corporation) Device \Device\NTPNP_PCI0013 Device \Device\NTPNP_PCI0006 Device \Device\0000002c Device \Driver\volmgr \Device\HarddiskVolume3 volmgr.sys (Volume Manager Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Device\_HID00000000 Device \Driver\PnpManager \Device\0000003a ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\0000003a ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdePort0 ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdePort0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdePort1 ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdePort1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\pciide \Device\Ide\PciIde0Channel0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\pciide \Device\Ide\PciIde0Channel0 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) Device \Driver\pciide \Device\Ide\PciIde0Channel1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\pciide \Device\Ide\PciIde0Channel1 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) Device \Device\Ide\PciIde0 Device \Device\i Device \Driver\pci \Device\NTPNP_PCI0007 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\pci \Device\NTPNP_PCI0007 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume4 volmgr.sys (Volume Manager Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\pci \Device\NTPNP_PCI0021 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\pci \Device\NTPNP_PCI0021 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) Device \Driver\PnpManager \Device\0000003b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\0000003b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume5 volmgr.sys (Volume Manager Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume5 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000003c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000003c hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume6 volmgr.sys (Volume Manager Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume6 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\ACPI \Device\0000003f acpi.sys (ACPI Driver for NT/Microsoft Corporation) Device \Driver\ACPI \Device\0000004c acpi.sys (ACPI Driver for NT/Microsoft Corporation) Device \Driver\MountMgr \Device\MountPointManager mountmgr.sys (Mount Point Manager/Microsoft Corporation) Device \Driver\MountMgr \Device\MountPointManager ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\HidUsb \Device\0000005b HIDCLASS.SYS (Hid Class Library/Microsoft Corporation) Device \Driver\HidUsb \Device\0000005b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\HidUsb \Device\0000005c HIDCLASS.SYS (Hid Class Library/Microsoft Corporation) Device \Driver\HidUsb \Device\0000005c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\ACPI \Device\0000004f acpi.sys (ACPI Driver for NT/Microsoft Corporation) Device \Driver\nvstor32 \Device\RaidPort0 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) Device \Driver\nvstor32 \Device\RaidPort0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\Mup \Device\Mup mup.sys (Multiple UNC Provider driver/Microsoft Corporation) Device \Driver\USBSTOR \Device\0000005d USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) Device \Driver\USBSTOR \Device\0000005d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\Ps2 \Device\Ps2 PS2.sys (PS2 SYS/Hewlett-Packard Company) Device \Driver\nvstor32 \Device\RaidPort1 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) Device \Driver\nvstor32 \Device\RaidPort1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\disk \Device\Harddisk0\DR0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) Device \Driver\disk \Device\Harddisk0\DR0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\USBSTOR \Device\0000005e USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) Device \Driver\USBSTOR \Device\0000005e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\iScsiPrt \Device\RaidPort2 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) Device \Driver\iScsiPrt \Device\RaidPort2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\USBSTOR \Device\0000005f USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) Device \Driver\USBSTOR \Device\0000005f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\disk \Device\Harddisk1\DR1 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) Device \Driver\disk \Device\Harddisk1\DR1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\usbohci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) Device \Driver\usbohci \Device\USBFDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\disk \Device\Harddisk2\DR2 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) Device \Driver\disk \Device\Harddisk2\DR2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation) Device \Driver\Null \Device\Null ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\ohci1394 \Device\1394BUS0 1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation) Device \Driver\ohci1394 \Device\1394BUS0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\ohci1394 \Device\1394BUS0 ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) Device \Driver\disk \Device\Harddisk3\DR3 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) Device \Driver\disk \Device\Harddisk3\DR3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\usbehci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBFDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\disk \Device\Harddisk4\DR4 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) Device \Driver\disk \Device\Harddisk4\DR4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000005 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\PnpManager \Device\00000005 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation) Device \FileSystem\Npfs \Device\NamedPipe ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation) Device \FileSystem\Msfs \Device\Mailslot ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \Driver\uxrirkog \Device\uxrirkog uxrirkog.sys Device \Driver\uxrirkog \Device\uxrirkog ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\FileInfo \Device\FileInfo fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) Device \FileSystem\FileInfo \Device\FileInfo ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\Filters\FltMgrMsg Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) Device \FileSystem\cdfs \Cdfs Modules - GMER 1.0.15 ---- Module \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C00000-81FA1000 (3805184 bytes) Module \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FA1000-81FD5000 (212992 bytes) Module \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation) 802C6000-802CE000 (32768 bytes) Module \SystemRoot\system32\PSHED.dll (Platform Specific Hardware Error Driver/Microsoft Corporation) 802BD000-802C6000 (36864 bytes) Module \SystemRoot\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) 802B5000-802BD000 (32768 bytes) Module \SystemRoot\system32\CLFS.SYS (Common Log File System Driver/Microsoft Corporation) 8027A000-802B5000 (241664 bytes) Module \SystemRoot\system32\CI.dll (Code Integrity Module/Microsoft Corporation) 8051F000-80600000 (921600 bytes) Module \SystemRoot\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) 804A4000-8051F000 (503808 bytes) Module \SystemRoot\system32\drivers\WDFLDR.SYS (WDFLDR/Microsoft Corporation) 8026D000-8027A000 (53248 bytes) Module \SystemRoot\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) 8022A000-8026D000 (274432 bytes) Module \SystemRoot\system32\drivers\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) 80221000-8022A000 (36864 bytes) Module \SystemRoot\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) 80219000-80221000 (32768 bytes) Module \SystemRoot\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) 8047F000-804A4000 (151552 bytes) Module \SystemRoot\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) 8020A000-80219000 (61440 bytes) Module \SystemRoot\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) 8046F000-8047F000 (65536 bytes) Module \SystemRoot\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) 80203000-8020A000 (28672 bytes) Module \SystemRoot\system32\drivers\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) 80461000-8046F000 (57344 bytes) Module \SystemRoot\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) 80417000-80461000 (303104 bytes) Module \SystemRoot\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) 8040F000-80417000 (32768 bytes) Module \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 807E2000-80800000 (122880 bytes) Module \SystemRoot\system32\drivers\nvstor32.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) 807C8000-807E2000 (106496 bytes) Module \SystemRoot\system32\drivers\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 80788000-807C8000 (262144 bytes) Module \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) 80757000-80788000 (200704 bytes) Module \SystemRoot\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) 80747000-80757000 (65536 bytes) Module \SystemRoot\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) 80406000-8040F000 (36864 bytes) Module \SystemRoot\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) 80643000-80747000 (1064960 bytes) Module \SystemRoot\system32\drivers\msrpc.sys (Kernel Remote Procedure Call Provider/Microsoft Corporation) 80618000-80643000 (176128 bytes) Module \SystemRoot\system32\drivers\NETIO.SYS (Network I/O Subsystem/Microsoft Corporation) 81BC7000-81C00000 (233472 bytes) Module \SystemRoot\System32\Drivers\Ntfs.sys (NT File System Driver/Microsoft Corporation) 81ABF000-81BC7000 (1081344 bytes) Module \SystemRoot\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) 81A55000-81ABF000 (434176 bytes) Module \SystemRoot\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) 81A1F000-81A55000 (221184 bytes) Module \SystemRoot\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) 80601000-80610000 (61440 bytes) Module \SystemRoot\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) 81A10000-81A1F000 (61440 bytes) Module \SystemRoot\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) 873DB000-87400000 (151552 bytes) Module \SystemRoot\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) 873CA000-873DB000 (69632 bytes) Module \SystemRoot\system32\drivers\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) 873A9000-873CA000 (135168 bytes) Module \SystemRoot\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) 81A07000-81A10000 (36864 bytes) Module \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) 88069000-8807C000 (77824 bytes) Module \SystemRoot\system32\DRIVERS\PS2.sys (PS2 SYS/Hewlett-Packard Company) 88064000-88069000 (20480 bytes) Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) 88059000-88064000 (45056 bytes) Module \SystemRoot\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) 8804F000-88059000 (40960 bytes) Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 88012000-8804F000 (249856 bytes) Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) 880C1000-880CF000 (57344 bytes) Module \SystemRoot\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) 881B0000-881C0000 (65536 bytes) Module \SystemRoot\system32\DRIVERS\1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation) 8A120000-8A12E000 (57344 bytes) Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) 88000000-88012000 (73728 bytes) Module \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) 8A108000-8A120000 (98304 bytes) Module \SystemRoot\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) 8A0DD000-8A108000 (176128 bytes) Module \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) 880F5000-88100000 (45056 bytes) Module \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) 87205000-87214000 (61440 bytes) Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) 8A0D2000-8A0DD000 (45056 bytes) Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) 880D1000-880D3000 (8192 bytes) Module \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation) 8A0A8000-8A0D2000 (172032 bytes) Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 8A09E000-8A0A8000 (40960 bytes) Module \SystemRoot\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) 8A091000-8A09E000 (53248 bytes) Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) 8A05D000-8A091000 (212992 bytes) Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) 87214000-8721D000 (36864 bytes) Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) 87CB5000-87CBC000 (28672 bytes) Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) 8A8A0000-8A8A7000 (28672 bytes) Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) 8A041000-8A04D000 (49152 bytes) Module \SystemRoot\System32\drivers\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) 8A020000-8A041000 (135168 bytes) Module \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) 8A013000-8A020000 (53248 bytes) Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) 8A008000-8A013000 (45056 bytes) Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) 8A12E000-8A13C000 (57344 bytes) Module \SystemRoot\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) 8A859000-8A870000 (94208 bytes) Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) 880D5000-880D7000 (8192 bytes) Module \SystemRoot\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) 8A82C000-8A835000 (36864 bytes) Module \SystemRoot\system32\DRIVERS\HIDCLASS.SYS (Hid Class Library/Microsoft Corporation) 88120000-88130000 (65536 bytes) Module \SystemRoot\system32\DRIVERS\HIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation) 8A8A7000-8A8AE000 (28672 bytes) Module \SystemRoot\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) 87D20000-87D28000 (32768 bytes) Module \SystemRoot\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) 8A81A000-8A82C000 (73728 bytes) Module \SystemRoot\System32\Drivers\crashdmp.sys (Crash Dump Driver/Microsoft Corporation) 880A0000-880AD000 (53248 bytes) Module \SystemRoot\System32\Drivers\dump_diskdump.sys 88096000-880A0000 (40960 bytes) Module \SystemRoot\System32\Drivers\dump_nvstor32.sys 8A800000-8A81A000 (106496 bytes) Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) 90200000-90400000 (2097152 bytes) Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) 8ACD6000-8ACE0000 (40960 bytes) Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) 905E0000-905F7000 (94208 bytes) Module \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation) 90400000-90409000 (36864 bytes) Module \SystemRoot\System32\framebuf.dll (Framebuffer Display Driver/Microsoft Corporation) 90410000-90418000 (32768 bytes) Module \SystemRoot\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) 90F01000-90F17000 (90112 bytes) Module \??\C:\Users\GOTOHE~1\AppData\Local\Temp\uxrirkog.sys (GMER) 90E5A000-90E71000 (94208 bytes) Module \Windows\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 77810000-7792E000 (1171456 bytes) |
|
|
|
|
Dec 30 2009, 09:50 PM
Post
#11
|
|
|
Forum Regular Group: Members Posts: 341 Joined: 22-July 08 Member No.: 224,432 |
---- Services - GMER 1.0.15 ----
Service .NET CLR Data Service .NET CLR Networking Service .NET Data Provider for Oracle Service .NET Data Provider for SqlServer Service .NETFramework Service C:\Windows\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI Service C:\Windows\system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [DISABLED] adp94xx Service C:\Windows\system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [DISABLED] adpahci Service C:\Windows\system32\drivers\adpu160m.sys (Adaptec LH Ultra160 Driver (x86)/Adaptec, Inc.) [DISABLED] adpu160m Service C:\Windows\system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver/Adaptec, Inc.) [DISABLED] adpu320 Service adsi Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AeLookupSvc Service C:\Windows\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD Service C:\Windows\system32\drivers\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440 Service C:\Windows\system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [DISABLED] aic78xx Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG Service C:\Windows\system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [DISABLED] aliide Service C:\Windows\system32\drivers\amdagp.sys (AMD NT AGP Filter/Microsoft Corporation) [MANUAL] amdagp Service C:\Windows\system32\drivers\amdide.sys (AMD IDE Driver/Microsoft Corporation) [DISABLED] amdide Service C:\Windows\system32\drivers\amdk7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] AmdK7 Service C:\Windows\system32\DRIVERS\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8 Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo Service C:\Windows\system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [DISABLED] arc Service C:\Windows\system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [DISABLED] arcsas Service C:\Windows\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac Service C:\Windows\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Audiosrv Service (Battery Class Driver/Microsoft Corporation) BattC Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BITS Service system32\drivers\blbdrive.sys [DISABLED] blbdrive Service C:\Windows\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser Service C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo Service C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Browser Service C:\Windows\system32\drivers\brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [DISABLED] Brserid Service C:\Windows\system32\drivers\brserwdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [DISABLED] BrSerWdm Service C:\Windows\system32\drivers\brusbmdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [DISABLED] BrUsbMdm Service C:\Windows\system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer Service C:\Windows\system32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [DISABLED] BTHMODEM Service C:\Windows\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs Service C:\Windows\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc Service C:\Windows\system32\drivers\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [DISABLED] circlass Service C:\Windows\System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32 Service C:\Windows\system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] cmdide Service C:\Windows\system32\drivers\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [DISABLED] Compbatt Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp Service C:\Windows\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [BOOT] crcdisk Service C:\Windows\system32\drivers\crusoe.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Crusoe Service crypt32 Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc Service DCLocator Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch Service C:\Windows\System32\Drivers\dfsc.sys (DFS Client MUP Surrogate Driver/Microsoft Corporation) [SYSTEM] DfsC Service C:\Windows\system32\DFSR.exe (Distributed File System Replication/Microsoft Corporation) [MANUAL] DFSR Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp Service C:\Windows\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] disk Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS Service C:\Windows\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud Service C:\Windows\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl Service C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel® PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60 Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost Service C:\Windows\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) [BOOT] Ecache Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center Receiver Service/Microsoft Corporation) [MANUAL] ehRecvr Service C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service/Microsoft Corporation) [MANUAL] ehSched Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ehstart Service C:\Windows\system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [DISABLED] elxstor Service EmdCache Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EMDMgmt Service ESENT Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Eventlog Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat Service C:\Windows\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [DISABLED] fdc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] fdPHost Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] FDResPub Service C:\Windows\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo Service C:\Windows\system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace Service C:\Windows\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [DISABLED] flpydisk Service C:\Windows\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr Service C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Windows Presentation Foundation Font Cache Service/Microsoft Corporation) [MANUAL] FontCache3.0.0.0 Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec Service C:\Windows\system32\drivers\gagp30kx.sys (MS Generic AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] gagp30kx Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] gpsvc Service C:\Windows\system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService Service C:\Windows\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus Service C:\Windows\system32\drivers\hidbth.sys (Bluetooth Miniport Driver for HID Devices/Microsoft Corporation) [DISABLED] HidBth Service C:\Windows\system32\drivers\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [DISABLED] HidIr Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] hidserv Service C:\Windows\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hkmsvc Service C:\Windows\system32\drivers\hpcisss.sys (Smart Array Storport Driver/Hewlett-Packard Company) [DISABLED] HpCISSs Service C:\Windows\system32\DRIVERS\HSX_DP.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DP Service C:\Windows\system32\DRIVERS\HSXHWBS2.sys (HSF_HWB2 WDM driver/Conexant Systems, Inc.) [MANUAL] HSXHWBS2 Service C:\Windows\system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP Service C:\Windows\system32\drivers\i2omp.sys (I2O Miniport Driver/Microsoft Corporation) [DISABLED] i2omp Service C:\Windows\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt Service C:\Windows\system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) [DISABLED] iaStorV Service c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc Service C:\Windows\system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [DISABLED] iirsp Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] IKEEXT Service inetaccs Service C:\Windows\system32\drivers\RTKVHDA.sys (Realtek® High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService Service C:\Windows\system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [DISABLED] intelide Service C:\Windows\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] intelppm Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] IPBusEnum Service C:\Windows\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] iphlpsvc Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\Windows\system32\drivers\ipmidrv.sys (WMI IPMI DRIVER/Microsoft Corporation) [DISABLED] IPMIDRV Service C:\Windows\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT Service C:\Windows\system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM Service C:\Windows\system32\drivers\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [DISABLED] isapnp Service C:\Windows\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt Service C:\Windows\system32\drivers\iteatapi.sys (ITE IT8211 ATA/ATAPI SCSI miniport/Integrated Technology Express, Inc.) [DISABLED] iteatapi Service C:\Windows\system32\drivers\iteraid.sys (ITE IT8212 ATA RAID SCSI miniport/Integrated Technology Express, Inc.) [DISABLED] iteraid Service C:\Windows\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] kbdclass Service C:\Windows\system32\drivers\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation) [DISABLED] kbdhid Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso Service C:\Windows\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] KtmRm Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation Service ldap Service c:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [AUTO] LightScribeService Service C:\Windows\system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts Service Lsa Service C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic Fusion-MPT FC Driver (StorPort)/LSI Logic) [DISABLED] LSI_FC Service C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic Fusion-MPT SAS Driver (StorPort)/LSI Logic) [DISABLED] LSI_SAS Service C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) [DISABLED] LSI_SCSI Service C:\Windows\system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [AUTO] McAfee SiteAdvisor Service Service C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) [AUTO] mcmscsvc Service c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee Network Agent/McAfee, Inc.) [AUTO] McNASvc Service C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee VirusScan - On Demand Scan/McAfee, Inc.) [MANUAL] McODS Service c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) [AUTO] McProxy Service C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (On-Access Scanner service/McAfee, Inc.) [AUTO] McShield Service C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee SystemGuards Service/McAfee, Inc.) [MANUAL] McSysmon Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc Service C:\Windows\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) [AUTO] mdmxsdk Service C:\Windows\system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) [DISABLED] megasas Service C:\Windows\system32\drivers\mfeavfk.sys (Anti-Virus File System Filter Driver/McAfee, Inc.) [MANUAL] mfeavfk Service C:\Windows\system32\drivers\mfebopk.sys (Buffer Overflow Protection Driver/McAfee, Inc.) [MANUAL] mfebopk Service C:\Windows\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) [SYSTEM] mfehidk Service C:\Windows\system32\drivers\mferkdk.sys (VSCore Code Analysis Driver/McAfee, Inc.) [MANUAL] mferkdk Service C:\Windows\system32\drivers\mfesmfk.sys (System Monitor Filter Driver/McAfee, Inc.) [MANUAL] mfesmfk Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS Service C:\Windows\system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem Service C:\Windows\system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor Service C:\Windows\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] mouclass Service C:\Windows\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid Service C:\Windows\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [BOOT] MountMgr Service C:\Windows\System32\Drivers\Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) [SYSTEM] MPFP Service C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee Personal Firewall Service/McAfee, Inc.) [AUTO] MpfService Service C:\Windows\system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [DISABLED] mpio Service C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc Service C:\Windows\system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) [DISABLED] Mraid35x Service C:\Windows\system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV Service C:\Windows\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb Service C:\Windows\system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10 Service C:\Windows\system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20 Service C:\Windows\system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [DISABLED] msahci Service C:\Windows\system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [DISABLED] msdsm Service C:\Windows\System32\msdtc.exe (MS DTCconsole program/Microsoft Corporation) [MANUAL] MSDTC Service MSDTC Bridge 3.0.0.0 Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs Service C:\Windows\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI Service C:\Windows\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] msiserver Service C:\Windows\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV Service C:\Windows\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK Service C:\Windows\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC Service MSSCNTRS Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios Service C:\Windows\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE Service C:\Windows\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent Service C:\Windows\system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP Service C:\Windows\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) [BOOT] NDIS Service C:\Windows\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi Service C:\Windows\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio Service C:\Windows\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy Service C:\Windows\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS Service C:\Windows\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] netbt Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Netman Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] netprofm Service C:\Windows\system32\DRIVERS\netr73.sys (Ralink 802.11 USB Wireless Adapter Driver/Ralink Technology, Corp.) [MANUAL] netr73 Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing Service C:\Windows\system32\drivers\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [DISABLED] nfrd960 Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] NlaSvc Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] nsi Service C:\Windows\system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy Service NTDS Service (NT File System Driver/Microsoft Corporation) [MANUAL] Ntfs Service C:\Windows\system32\drivers\ntrigdigi.sys (N-trig tablet digitizer in-box driver/N-trig Innovative Technologies) [DISABLED] ntrigdigi Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null Service C:\Windows\system32\DRIVERS\nvm60x32.sys (NVIDIA MCP Networking Function Driver./NVIDIA Corporation) [MANUAL] NVENETFD Service C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 100.65 /NVIDIA Corporation) [MANUAL] nvlddmkm Service C:\Windows\system32\drivers\nvraid.sys (NVIDIA® nForce™ RAID Driver/NVIDIA Corporation) [DISABLED] nvraid Service C:\Windows\system32\drivers\nvstor.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) [DISABLED] nvstor Service C:\Windows\system32\drivers\nvstor32.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) [BOOT] nvstor32 Service C:\Windows\system32\drivers\nv_agp.sys (NForce NT AGP Filter/Microsoft Corporation) [MANUAL] nv_agp Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv Service C:\Windows\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394 Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2pimsvc Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2psvc Service C:\Windows\system32\drivers\parport.sys (Parallel Port Driver/Microsoft Corporation) [DISABLED] Parport Service C:\Windows\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr Service C:\Windows\system32\drivers\parvdm.sys (VDM Parallel Driver/Microsoft Corporation) [AUTO] Parvdm Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PcaSvc Service C:\Windows\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] pci Service C:\Windows\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] pciide Service C:\Windows\system32\drivers\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] pcmcia Service C:\Windows\system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] pla Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PlugPlay Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPAutoReg Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPsvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PolicyAgent Service PortProxy Service C:\Windows\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport Service C:\Windows\system32\drivers\processr.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Processor Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ProfSvc Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage Service C:\Windows\system32\DRIVERS\PS2.sys (PS2 SYS/Hewlett-Packard Company) [MANUAL] Ps2 Service C:\Windows\system32\DRIVERS\pacer.sys (QoS Packet Scheduler/Microsoft Corporation) [SYSTEM] PSched Service C:\Windows\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20 Service C:\Windows\system32\drivers\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [DISABLED] ql2300 Service C:\Windows\system32\drivers\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [DISABLED] ql40xx Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] QWAVE Service C:\Windows\system32\drivers\qwavedrv.sys (Microsoft Quality Windows Audio Video Experience (qWave) Support Driver/Microsoft Corporation) [MANUAL] QWAVEdrv Service C:\Windows\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasAuto Service C:\Windows\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasMan Service C:\Windows\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe Service C:\Windows\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] rdbss Service C:\Windows\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD Service RDPDD Service C:\Windows\system32\drivers\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [DISABLED] rdpdr Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD Service RDPNP Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] RemoteAccess Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RemoteRegistry Service c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (RoxMediaDB9 Module/Sonic Solutions) [MANUAL] RoxMediaDB9 Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcSs Service C:\Windows\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs Service C:\Windows\system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [DISABLED] sbp2port Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCardSvr Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Schedule Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCPolicySvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SDRSVC Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] seclogon Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SENS Service C:\Windows\system32\drivers\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum Service C:\Windows\system32\drivers\serial.sys (Serial Device Driver/Microsoft Corporation) [MANUAL] Serial Service C:\Windows\system32\drivers\sermouse.sys (Serial Mouse Filter Driver/Microsoft Corporation) [DISABLED] sermouse Service ServiceModelEndpoint 3.0.0.0 Service ServiceModelOperation 3.0.0.0 Service ServiceModelService 3.0.0.0 Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SessionEnv Service C:\Windows\system32\drivers\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [DISABLED] sffdisk Service C:\Windows\system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc Service C:\Windows\system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd Service C:\Windows\system32\drivers\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [DISABLED] sfloppy Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] SharedAccess Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ShellHWDetection Service C:\Windows\system32\drivers\sisagp.sys (SIS NT AGP Filter/Microsoft Corporation) [MANUAL] sisagp Service C:\Windows\system32\drivers\sisraid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [DISABLED] SiSRaid2 Service C:\Windows\system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [DISABLED] SiSRaid4 Service C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) [AUTO] slsvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SLUINotify Service C:\Windows\system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [SYSTEM] Smb Service SMSvcHost 3.0.0.0 Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP Service (loader for security processor/Microsoft Corporation) [BOOT] spldr Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler Service C:\Windows\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv Service C:\Windows\System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2 Service C:\Windows\System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] stisvc Service c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (SureThing Labelflash Disc Printer Service Module/MicroVision Development, Inc.) [MANUAL] stllssvr Service C:\Windows\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv Service C:\Windows\system32\drivers\symc8xx.sys (LSI Logic 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] Symc8xx Service SYMTDI Service C:\Windows\system32\drivers\sym_hi.sys (LSI Logic Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_hi Service C:\Windows\system32\drivers\sym_u3.sys (LSI Logic Ultra160 SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_u3 Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TabletInputService Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TBS Service C:\Windows\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [SYSTEM] Tcpip Service C:\Windows\system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] Tcpip6 Service C:\Windows\System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg Service C:\Windows\system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE Service C:\Windows\system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP Service C:\Windows\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx Service C:\Windows\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TermService Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller Service TSDDD Service C:\Windows\System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv Service C:\Windows\system32\DRIVERS\tunmp.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunmp Service C:\Windows\system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel Service C:\Windows\system32\drivers\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35 Service C:\Windows\system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs Service UGatherer Service UGTHRSVC Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect Service C:\Windows\system32\drivers\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx Service C:\Windows\system32\drivers\uliahci.sys (ULi SATA Controller Driver/ULi Electronics Inc.) [DISABLED] uliahci Service C:\Windows\system32\drivers\ulsata.sys (Promise Ultra/Sata Series Driver for Win2003/Promise Technology, Inc.) [DISABLED] UlSata Service C:\Windows\system32\drivers\ulsata2.sys (Promise SATAII150 Series Windows Drivers/Promise Technology, Inc.) [DISABLED] ulsata2 Service C:\Windows\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] upnphost Service usb Service C:\Windows\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp Service C:\Windows\system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [DISABLED] usbcir Service C:\Windows\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci Service C:\Windows\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub Service C:\Windows\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci Service C:\Windows\system32\drivers\usbprint.sys (USB Printer driver/Microsoft Corporation) [DISABLED] usbprint Service C:\Windows\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR Service C:\Windows\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [DISABLED] usbuhci Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] UxSms Service C:\Windows\System32\vds.exe (Virtual Disk Service/Microsoft Corporation) [MANUAL] vds Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga Service C:\Windows\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave Service C:\Windows\system32\drivers\viaagp.sys (VIA NT AGP Filter/Microsoft Corporation) [MANUAL] viaagp Service C:\Windows\system32\drivers\viac7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] ViaC7 Service C:\Windows\system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [DISABLED] viaide Service C:\Windows\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr Service C:\Windows\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) [BOOT] volmgrx Service C:\Windows\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] volsnap Service C:\Windows\system32\drivers\vsmraid.sys (VIA RAID DRIVER FOR X86-32/VIA Technologies Inc.,Ltd) [DISABLED] vsmraid Service C:\Windows\system32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] W32Time Service W3SVC Service C:\Windows\system32\drivers\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [DISABLED] WacomPen Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6 Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wcncsvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WcsPlugInService Service C:\Windows\system32\drivers\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [DISABLED] Wd Service C:\Windows\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) [BOOT] Wdf01000 Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiServiceHost Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiSystemHost Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WebClient Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Wecsvc Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wercplsupport Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WerSvc Service C:\Windows\system32\DRIVERS\HSX_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WinDefend Service Windows Workflow Foundation 3.0.0.0 Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Winmgmt Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinRM Service [MANUAL] Winsock Service WinSock2 Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Wlansvc Service C:\Windows\system32\drivers\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [DISABLED] WmiAcpi Service WmiApRpl Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv Service C:\Program Files\Windows Media Player\wmpnetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPCSvc Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WPDBusEnum Service C:\Windows\system32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] ws2ifsl Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wscsvc Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) [AUTO] WSearch Service WSearchIdxPi Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wuauserv Service C:\Windows\system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wudfsvc Service C:\Windows\system32\DRIVERS\xaudio.sys (Modem Audio Device Driver/Conexant Systems, Inc.) [AUTO] XAudio Service C:\Windows\system32\DRIVERS\xaudio.exe (Modem Audio Service/Conexant Systems, Inc.) [AUTO] XAudioService Service xmlprov Service {601A5320-DCF5-446A-927C-B8D82549B2D5} Service {F3769668-9053-4646-A348-318E45BF9064} ---- EOF - GMER 1.0.15 ---- |
|
|
|
|
Dec 30 2009, 09:53 PM
Post
#12
|
|
|
Forum Regular Group: Members Posts: 341 Joined: 22-July 08 Member No.: 224,432 |
---- Processes - GMER 1.0.15 ----
Process System Idle 0 Process System 4 Process C:\Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation) 228 Library C:\Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation) 0x477A0000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 352 Library C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x4A0B0000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x76020000 Library C:\Windows\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x76000000 Library C:\Windows\system32\winsrv.dll (Multi-User Windows Server DLL/Microsoft Corporation) 0x75FA0000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x75E70000 Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 388 Library C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x4A0B0000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x76020000 Library C:\Windows\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x76000000 Library C:\Windows\system32\winsrv.dll (Multi-User Windows Server DLL/Microsoft Corporation) 0x75FA0000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x75E70000 Process C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 396 Library C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 0x00260000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75F80000 Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75F60000 Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76200000 Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x764B0000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x761D0000 Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76580000 Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x75150000 Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75520000 Process C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 440 Library C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 0x00C10000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75F60000 Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75F30000 Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76030000 Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75F80000 Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76200000 Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x764B0000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74E90000 Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x779F0000 Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x761D0000 Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76580000 Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x758F0000 Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76770000 Library C:\Windows\system32\SHSVCS.dll (Windows Shell Services Dll/Microsoft Corporation) 0x75260000 Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75DE0000 Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x757E0000 Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x75870000 Process C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 472 Library C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 0x000E0000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75F80000 Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75F60000 Library C:\Windows\system32\SCESRV.dll (Windows Security Configuration Editor Engine/Microsoft Corporation) 0x75EE0000 Library C:\Windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x75E50000 Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75DE0000 Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76030000 Library C:\Windows\system32\NCObjAPI.DLL (Microsoft Corporation) 0x75ED0000 Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76200000 Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x764B0000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75540000 Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75AE0000 Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75A70000 Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75100000 Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74E90000 Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x779F0000 Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x761D0000 Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76580000 Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x758F0000 Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76770000 Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x75150000 Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75520000 Process C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 492 Library C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 0x00E60000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library C:\Windows\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation) 0x75CB0000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75F60000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library C:\Windows\system32\SAMSRV.dll (SAM Server DLL/Microsoft Corporation) 0x75BE0000 Library C:\Windows\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x75A90000 Library C:\Windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x759F0000 Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x761D0000 Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76580000 Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75DE0000 Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76030000 Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x758F0000 Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75A70000 Library C:\Windows\system32\NTDSAPI.dll (Active Directory Domain Services API/Microsoft Corporation) 0x758D0000 Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x779F0000 Library C:\Windows\system32\FeClient.dll (Windows NT File Encryption Client Interfaces/Microsoft Corporation) 0x75AB0000 Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x75870000 Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75F80000 Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75AE0000 Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x757E0000 Library C:\Windows\system32\SYSNTFY.dll (Windows Notifications Dynamic Link Library/Microsoft Corporation) 0x75C60000 Library C:\Windows\system32\wevtapi.dll (Eventing Consumption and Configuration API/Microsoft Corporation) 0x75760000 Library C:\Windows\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x75840000 Library C:\Windows\system32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x75720000 Library C:\Windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x75820000 Library C:\Windows\system32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75700000 Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76200000 Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x764B0000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library C:\Windows\system32\cngaudit.dll (Windows Cryptographic Next Generation audit library/Microsoft Corporation) 0x75830000 Library C:\Windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x75E50000 Library C:\Windows\system32\ncrypt.dll (Windows cryptographic library/Microsoft Corporation) 0x75C70000 Library C:\Windows\system32\BCRYPT.dll (Windows Cryptographic Primitives Library/Microsoft Corporation) 0x75A20000 Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75540000 Library C:\Windows\system32\msprivs.dll (Microsoft Privilege Translations/Microsoft Corporation) 0x757D0000 Library C:\Windows\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x75190000 Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x75150000 Library C:\Windows\System32\wship6.dll (Winsock2 Helper DLL (TL/IPv6)/Microsoft Corporation) 0x75530000 Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75520000 Library C:\Windows\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x750A0000 Library C:\Windows\system32\netlogon.dll (Net Logon Services DLL/Microsoft Corporation) 0x75010000 Library C:\Windows\system32\WINBRAND.dll (Windows Branding Resources/Microsoft Corporation) 0x74F30000 Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75100000 Library C:\Windows\system32\wdigest.dll (Microsoft Digest Access/Microsoft Corporation) 0x754F0000 Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74EF0000 Library C:\Windows\system32\tspkg.dll (Web Service Security Package/Microsoft Corporation) 0x750E0000 Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x74E60000 Library C:\Windows\system32\setupapi.dll (Windows Setup API/Microsoft Corporation) 0x768C0000 Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x76380000 Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76770000 Library C:\Windows\system32\scecli.dll (Windows Security Configuration Editor Client Engine/Microsoft Corporation) 0x74EC0000 Library C:\Windows\system32\keyiso.dll (CNG Key Isolation Service/Microsoft Corporation) 0x759B0000 Process C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 504 Library C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 0x00A80000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\SYSNTFY.dll (Windows Notifications Dynamic Link Library/Microsoft Corporation) 0x75C60000 Library C:\Windows\system32\WMsgAPI.dll (WinLogon IPC Client/Microsoft Corporation) 0x75AC0000 Library C:\Windows\system32\secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75F60000 Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75540000 Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75AE0000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75A70000 Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75F80000 Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76200000 Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x764B0000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75100000 Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75DE0000 Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76030000 Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 644 Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00900000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library c:\windows\system32\umpnpmgr.dll (User-mode Plug-and-Play Service/Microsoft Corporation) 0x74E20000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75F80000 Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75F60000 Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76200000 Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x764B0000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library C:\Windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74E00000 Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x74E60000 Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x757E0000 Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x74CE0000 Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x761D0000 Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76580000 Library c:\windows\system32\FirewallAPI.dll (Windows Firewall API/Microsoft Corporation) 0x74D90000 Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x76380000 Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76770000 Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75860000 Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75540000 Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75AE0000 Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75A70000 Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75100000 Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75DE0000 Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76030000 Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x768C0000 Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x762F0000 Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74E90000 Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x779F0000 Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x758F0000 Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75F30000 Library C:\Windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x75AD0000 Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 696 Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00900000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x74CE0000 Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x761D0000 Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76580000 Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75F60000 Library c:\windows\system32\FirewallAPI.dll (Windows Firewall API/Microsoft Corporation) 0x74D90000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x76380000 Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76770000 Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75860000 Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76200000 Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x764B0000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75540000 Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75AE0000 Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75A70000 Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75F80000 Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75100000 Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75DE0000 Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76030000 Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74EF0000 Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x75150000 Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75520000 Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x762F0000 Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 824 Library C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00900000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library c:\windows\system32\wevtsvc.dll (Event Logging Service/Microsoft Corporation) 0x74560000 Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75F80000 Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75F60000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75860000 Library c:\windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x74E60000 Library c:\windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x757E0000 Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76200000 Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x764B0000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75540000 Library C:\Windows\System32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75AE0000 Library C:\Windows\System32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75A70000 Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75100000 Library C:\Windows\System32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75DE0000 Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76030000 Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x761D0000 Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76580000 Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x75150000 Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75520000 Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 848 Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00900000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74E90000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x779F0000 Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x761D0000 Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76580000 Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76030000 Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x758F0000 Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76770000 Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76200000 Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x764B0000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library c:\windows\system32\profsvc.dll (ProfSvc/Microsoft Corporation) 0x74C50000 Library c:\windows\system32\SYSNTFY.dll (Windows Notifications Dynamic Link Library/Microsoft Corporation) 0x75C60000 Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75F80000 Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75F60000 Library c:\windows\system32\nlaapi.dll (Network Location Awareness 2/Microsoft Corporation) 0x74E80000 Library c:\windows\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x75840000 Library c:\windows\system32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x75720000 Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x759F0000 Library c:\windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x75820000 Library c:\windows\system32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75700000 Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x759D0000 Library c:\windows\system32\wbem\wmisvc.dll (WMI/Microsoft Corporation) 0x754C0000 Library c:\windows\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75360000 Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x76380000 Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x762F0000 Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74EF0000 Library c:\windows\system32\appinfo.dll (Application Information Service/Microsoft Corporation) 0x748C0000 Library C:\Windows\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x753C0000 Library C:\Windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x75990000 Library C:\Windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x75E50000 Library C:\Windows\system32\XmlLite.dll (Microsoft XmlLite Library/Microsoft Corporation) 0x758A0000 Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75DE0000 Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x75870000 Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x768C0000 Library C:\Windows\system32\wbem\wbemcore.dll (Windows Management Instrumentation/Microsoft Corporation) 0x72550000 Library C:\Windows\system32\wbem\esscli.dll (WMI/Microsoft Corporation) 0x73B60000 Library C:\Windows\system32\wbem\FastProx.dll (WMI Custom Marshaller/Microsoft Corporation) 0x72630000 Library C:\Windows\system32\NTDSAPI.dll (Active Directory Domain Services API/Microsoft Corporation) 0x758D0000 Library C:\Windows\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x72C10000 Library C:\Windows\system32\wbem\repdrvfs.dll (WMI Repository Driver/Microsoft Corporation) 0x724B0000 Library C:\Windows\system32\wbem\wmiprvsd.dll (WMI/Microsoft Corporation) 0x723B0000 Library C:\Windows\system32\NCObjAPI.DLL (Microsoft Corporation) 0x75ED0000 Library C:\Windows\system32\wbem\wbemess.dll (WMI/Microsoft Corporation) 0x72350000 Library C:\Windows\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x72610000 Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 900 Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00900000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74E90000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x779F0000 Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x761D0000 Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76580000 Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76030000 Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x758F0000 Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76770000 Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76200000 Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x764B0000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library c:\windows\system32\cryptsvc.dll (Cryptographic Services/Microsoft Corporation) 0x757A0000 Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x76380000 Library c:\windows\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x753C0000 Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x759D0000 Library c:\windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x75990000 Library c:\windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x75E50000 Library c:\windows\system32\XmlLite.dll (Microsoft XmlLite Library/Microsoft Corporation) 0x758A0000 Library c:\windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75DE0000 Library c:\windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x75870000 Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x768C0000 Library c:\windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75AE0000 Library c:\windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75A70000 Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75F80000 Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75F60000 Library C:\Windows\system32\ESENT.dll (Extensible Storage Engine for Microsoft® Windows®/Microsoft Corporation) 0x71C50000 Process C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1076 Library C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation) 0x00130000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x76A50000 Library C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x76C10000 Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76770000 Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x76380000 Library C:\Windows\system32\SHDOCVW.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x74450000 Library C:\Windows\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x749C0000 Library C:\Windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74E00000 Library C:\Windows\system32\dwmapi.dll (Microsoft Desktop Window Manager API/Microsoft Corporation) 0x759C0000 Library C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x74660000 Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x757E0000 Library C:\Windows\system32\PROPSYS.dll (Microsoft Property System/Microsoft Corporation) 0x752A0000 Library C:\Windows\system32\BROWSEUI.dll (Shell Browser UI Library/Microsoft Corporation) 0x74300000 Library C:\Windows\system32\IMM32.dll (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76200000 Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x764B0000 Library C:\Windows\system32\DUser.dll (Windows DirectUser Engine/Microsoft Corporation) 0x74CB0000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x75550000 Library C:\Windows\system32\WindowsCodecs.dll (Microsoft Windows Codecs Library/Microsoft Corporation) 0x74240000 Library C:\Windows\system32\IconCodecService.dll (Converts a PNG part of the icon to a legacy bmp icon/Microsoft Corporation) 0x75970000 Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x762F0000 Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74EF0000 Library C:\Windows\system32\timedate.cpl (Time Date Control Panel Applet/Microsoft Corporation) 0x74180000 Library C:\Windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x759D0000 Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75DE0000 Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76030000 Library C:\Windows\system32\OLEACC.dll (Active Accessibility Core Component/Microsoft Corporation) 0x74C10000 Library C:\Windows\system32\WINBRAND.dll (Windows Branding Resources/Microsoft Corporation) 0x74F30000 Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75F80000 Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75F60000 Library C:\Windows\System32\shacct.dll (Shell Accounts Classes/Microsoft Corporation) 0x75930000 Library C:\Windows\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x758F0000 Library C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x74C80000 Library C:\Windows\System32\msshsq.dll (Structured Query/Microsoft Corporation) 0x74820000 Library C:\Windows\System32\NaturalLanguage6.dll (Natural Language Development Platform 6/Microsoft Corporation) 0x73FE0000 Library C:\Windows\System32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75AE0000 Library C:\Windows\System32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75A70000 Library C:\Windows\System32\NLSData0009.dll (Microsoft English Natural Language Server Data and Code/Microsoft Corporation) 0x73680000 Library C:\Windows\System32\NLSLexicons0009.dll (Microsoft English Natural Language Server Data and Code/Microsoft Corporation) 0x733F0000 Library C:\Windows\system32\authui.dll (Windows Authentication UI/Microsoft Corporation) 0x74A00000 Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x756F0000 Library C:\Windows\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) 0x72E20000 Library C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x777C0000 Library C:\Windows\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x75980000 Library C:\Windows\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x76220000 Library C:\Windows\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x77930000 Library C:\Windows\system32\ExplorerFrame.dll (ExplorerFrame/Microsoft Corporation) 0x75920000 Library C:\Windows\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x76AE0000 Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74E90000 Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x779F0000 Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x761D0000 Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76580000 Library C:\Windows\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x75220000 Library C:\Windows\system32\wdmaud.drv (Winmm audio system driver/Microsoft Corporation) 0x74870000 Library C:\Windows\system32\ksuser.dll (User CSA Library/Microsoft Corporation) 0x75910000 Library C:\Windows\system32\AVRT.dll (Multimedia Realtime Runtime/Microsoft Corporation) 0x75890000 Library C:\Windows\system32\MMDevAPI.DLL (MMDevice API/Microsoft Corporation) 0x74150000 Library C:\Windows\system32\ntshrui.dll (Shell extensions for sharing/Microsoft Corporation) 0x748E0000 Library C:\Windows\system32\cscapi.dll (Offline Files Win32 API/Microsoft Corporation) 0x75960000 Library C:\Windows\system32\stobject.dll (Systray shell service object/Microsoft Corporation) 0x73F40000 Library C:\Windows\system32\BatMeter.dll (Battery Meter Helper DLL/Microsoft Corporation) 0x73E80000 Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x768C0000 Library C:\Windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x75AD0000 Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75F30000 Library C:\Windows\system32\es.dll (COM+/Microsoft Corporation) 0x740B0000 Library C:\Windows\System32\SndVolSSO.dll (SCA Volume/Microsoft Corporation) 0x74120000 Library C:\Windows\system32\msiltcfg.dll (Windows Installer Configuration API Stub/Microsoft Corporation) 0x75950000 Library C:\Windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75860000 Library C:\Windows\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x73C70000 Library C:\Windows\ehome\ehSSO.dll (Windows Media Center Shell Service Object/Microsoft Corporation) 0x73C40000 Library C:\Windows\system32\HID.DLL (Hid User Library/Microsoft Corporation) 0x75210000 Library C:\Windows\System32\netshell.dll (Network Connections Shell/Microsoft Corporation) 0x72800000 Library C:\Windows\System32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x75840000 Library C:\Windows\System32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x75720000 Library C:\Windows\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x759F0000 Library C:\Windows\System32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x75820000 Library C:\Windows\System32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75700000 Library C:\Windows\System32\nlaapi.dll (Network Location Awareness 2/Microsoft Corporation) 0x74E80000 Library C:\Windows\system32\FirewallAPI.dll (Windows Firewall API/Microsoft Corporation) 0x74D90000 Library C:\Windows\system32\pnidui.dll (Network System Icon/Microsoft Corporation) 0x72C60000 Library C:\Windows\system32\QUtil.dll (Quarantine Utilities/Microsoft Corporation) 0x74BF0000 Library C:\Windows\system32\wevtapi.dll (Eventing Consumption and Configuration API/Microsoft Corporation) 0x75760000 Library C:\Windows\system32\wlanutil.dll (Windows Wireless LAN 802.11 Utility DLL/Microsoft Corporation) 0x748B0000 Library C:\Windows\system32\FunDisc.dll (Function Discovery Dll/Microsoft Corporation) 0x73BE0000 Library C:\Windows\system32\fdproxy.dll (Function Discovery Proxy Dll/Microsoft Corporation) 0x748A0000 Library C:\Windows\System32\msxml3.dll (MSXML 3.0 SP9/Microsoft Corporation) 0x726D0000 Library C:\Windows\system32\actxprxy.dll (ActiveX Interface Marshaling Library/Microsoft Corporation) 0x72BA0000 Library C:\Windows\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E70000 Library C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Tablet PC Input Panel Text Services Framework/Microsoft Corporation) 0x72B40000 Library C:\Windows\system32\thumbcache.dll (Microsoft Thumbnail Cache/Microsoft Corporation) 0x74D70000 Library C:\Windows\system32\MLANG.dll (Multi Language Support DLL/Microsoft Corporation) 0x73BB0000 Library C:\Windows\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x73B30000 Library C:\Windows\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76AB0000 Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x75870000 Library C:\Windows\system32\Wlanapi.dll (Windows WLAN AutoConfig Client Side API DLL/Microsoft Corporation) 0x74860000 Library C:\Windows\system32\OneX.DLL (IEEE 802.1X supplicant library/Microsoft Corporation) 0x72B10000 Library C:\Windows\system32\eappprxy.dll (Microsoft EAPHost Peer Client DLL/Microsoft Corporation) 0x74110000 Library C:\Windows\system32\eappcfg.dll (Eap Peer Config/Microsoft Corporation) 0x72520000 Library C:\Windows\system32\bcrypt.dll (Windows Cryptographic Primitives Library/Microsoft Corporation) 0x75A20000 Library C:\Windows\System32\AltTab.dll (Windows Shell Alt Tab/Microsoft Corporation) 0x72C00000 Library C:\Windows\system32\wpdshserviceobj.dll (Windows Portable Device Shell Service Object/Microsoft Corporation) 0x72450000 Library C:\Windows\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x722F0000 Library C:\Windows\System32\srchadmin.dll (Indexing Options/Microsoft Corporation) 0x72270000 Library C:\Windows\system32\webcheck.dll (Web Site Monitor/Microsoft Corporation) 0x72230000 Library C:\Windows\System32\SyncCenter.dll (Microsoft Sync Center/Microsoft Corporation) 0x71DF0000 Library C:\Windows\system32\wscntfy.dll (Windows Security Center Notification App/Microsoft Corporation) 0x722B0000 Library C:\Windows\system32\WSCAPI.dll (Windows Security Center API/Microsoft Corporation) 0x74100000 Library C:\Windows\system32\bthprops.cpl (Bluetooth Control Panel Applet/Microsoft Corporation) 0x72130000 Library C:\Windows\system32\imapi2.dll (Image Mastering API v2/Microsoft Corporation) 0x72070000 Library C:\Windows\system32\PortableDeviceTypes.dll (Windows Portable Device (Parameter) Types Component/Microsoft Corporation) 0x72100000 Library C:\Windows\system32\PortableDeviceApi.dll (Windows Portable Device API Components/Microsoft Corporation) 0x71C00000 Library C:\Windows\System32\QAgent.dll (Quarantine Agent Proxy/Microsoft Corporation) 0x720D0000 Library C:\Windows\System32\fwpuclnt.dll (FWP/IPsec User-Mode API/Microsoft Corporation) 0x71B70000 Library C:\Windows\System32\ntlanman.dll (Microsoft® Lan Manager/Microsoft Corporation) 0x72C40000 Library C:\Windows\System32\drprov.dll (Microsoft Terminal Server Network Provider/Microsoft Corporation) 0x73C30000 Library C:\Windows\System32\davclnt.dll (Web DAV Client DLL/Microsoft Corporation) 0x73C20000 Process C:\Users\Orange and Blue\Desktop\gmer\gmer.exe 1724 Library C:\Users\Orange and Blue\Desktop\gmer\gmer.exe 0x00400000 Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77810000 Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x776E0000 Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.DLL (Common Controls Library/Microsoft Corporation) 0x71AE0000 Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76660000 Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x76590000 Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76720000 Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76410000 Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76200000 Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x764B0000 Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77940000 Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A40000 Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76150000 Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x76A50000 Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x75550000 Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76770000 Library C:\Windows\system32\VERSION.DLL (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75860000 ---- Services - GMER 1.0.15 ---- SUNDAVIS PLEASE FORGIVE ME 4 MAKING SO MANY POSTS BUT IT WOULD NOT LET ME POST THIS SO I HAD TO BREAK THIS DOWN. I KEPT GETTING AN ERROR MESSAGE ONCE I GET IT POSTED. I HAD TO RUN THIS IN SAFE MODE BECAUSE I GOT THE BLUE SCREEN OF DEATH TWICE. ERROR CODES WHERE: (1) A THREAD TRIED TO RELEASE A THREAD IT DID NOT OWN, (2) _IROL_NOT_LESS_OREQUAL. ALSO I HAVE ALWAYS HAD A TROJAN LOCATED IN MY HP GAMES BUT COULDNT BE DELETED FROM PREVIOUS SCANS I RAN IN THE PAST. I AM ALMOST POSTIIVE THAT A TROJAN IS HIDING ON THIS SYSTEM BECAUSE IT COULDNT BE DELETED FROM PREVIOUS SCANS SO I JUST RESTORED SYSTEM THINKN IT WOULD REMOVE IT AND IT DIDNT. WHILE I AM ON BLEEPING COMUPTER MY SCREEN SEEMED REALLY FUNNY LOOKING BECAUSE ONCE I POSTED I GOT THOSE LITTLE SMILEY ICONS THAT ARE IN "POST ICONS" THEY WERE IN THE MIDDLE OF THE SCREEN---WEIRD. PROGRAMS I HAVE TRIED IN THE PAST WHERE COMOBOX, ROOTREPEAL, DRWEB AND MANY MORE BUT NONE OF THEM RUN BECAUSE AS SOON AS I DOWNLOAD THEM I GET AN ERROR MESSAGE. This post has been edited by kymberly: Dec 30 2009, 09:59 PM |
|
|
|
|
Dec 30 2009, 11:05 PM
Post
#13
|
|
|
Forum Addict Group: Malware Response Team Posts: 2,095 Joined: 11-August 07 Member No.: 149,370 |
Hi kymberly,
QUOTE AS SOON AS I DOWNLOAD THEM I GET AN ERROR MESSAGE. What kind of message? Can you be more specific? Anyway, Let's proceed that and check what happens. What Dr.Web found goes to HP game products or online games. It maybe a false positive since you have restored your system. but if it really concerns you. You can uninstall it via control panel > programs and features >right click HP Games and select uninstall. After that, please show hidden files and delete those folders manually. C:\Program Files\HP Games C:\Program Files\Online Services D:\hp\apps\APP04310 Step1
In your next reply, please post back: 1.ComboFix log Tell me the remaining issues you're still experiencing now. |
|
|
|
|
Dec 31 2009, 12:27 AM
Post
#14
|
|
|
Forum Regular Group: Members Posts: 341 Joined: 22-July 08 Member No.: 224,432 |
ComboFix 09-12-30.01 - Go to Hell 12/30/2009 21:07:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1293 [GMT -8:00] Running from: c:\users\Go to Hell\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-3855407397-716935182-3364912696-500 . ((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 ))))))))))))))))))))))))))))))) . 2009-12-31 05:13 . 2009-12-31 05:14 -------- d-----w- c:\users\Go to Hell\AppData\Local\temp 2009-12-31 05:13 . 2009-12-31 05:13 -------- d-----w- c:\users\Orange and Blue\AppData\Local\temp 2009-12-31 05:13 . 2009-12-31 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-26 02:59 . 2009-12-26 02:59 -------- d-----w- c:\users\Go to Hell\AppData\Roaming\Malwarebytes 2009-12-26 02:58 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-26 02:58 . 2009-12-26 02:58 -------- d-----w- c:\programdata\Malwarebytes 2009-12-26 02:58 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-26 02:58 . 2009-12-26 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-26 02:45 . 2009-12-26 02:45 -------- d-----w- c:\program files\trend micro 2009-12-26 02:45 . 2009-12-26 02:45 -------- d-----w- C:\rsit 2009-12-26 01:01 . 2009-12-26 01:01 93056 ----a-w- C:\uxrirkog.sys 2009-12-26 00:56 . 2009-12-26 00:56 274432 ----a-w- c:\windows\system32\raschap.dll 2009-12-26 00:56 . 2009-12-26 00:56 232960 ----a-w- c:\windows\system32\rastls.dll 2009-12-24 01:18 . 2009-12-24 01:51 -------- d-----w- c:\users\Go to Hell\DoctorWeb 2009-12-09 19:00 . 2009-12-09 19:00 0 ----a-w- c:\users\Go to Hell\settings.dat 2009-12-09 18:57 . 2009-12-09 18:57 123904 ----a-w- c:\windows\system32\L2SecHC.dll 2009-12-09 18:57 . 2009-12-09 18:57 67584 ----a-w- c:\windows\system32\wlanhlp.dll 2009-12-09 18:57 . 2009-12-09 18:57 47104 ----a-w- c:\windows\system32\wlanapi.dll 2009-12-09 18:57 . 2009-12-09 18:57 290816 ----a-w- c:\windows\system32\wlanmsm.dll 2009-12-09 18:57 . 2009-12-09 18:57 502272 ----a-w- c:\windows\system32\wlansvc.dll 2009-12-09 18:57 . 2009-12-09 18:57 297984 ----a-w- c:\windows\system32\wlansec.dll 2009-12-09 18:56 . 2009-12-09 18:56 2923520 ----a-w- c:\windows\explorer.exe 2009-12-09 18:45 . 2009-12-09 18:45 441856 ----a-w- c:\windows\system32\win32spl.dll 2009-12-09 18:45 . 2009-12-09 18:45 37376 ----a-w- c:\windows\system32\printcom.dll 2009-12-09 18:44 . 2009-12-09 18:44 2031104 ----a-w- c:\windows\system32\win32k.sys 2009-12-09 18:44 . 2009-12-09 18:44 14848 ----a-w- c:\windows\system32\wshrm.dll 2009-12-09 18:44 . 2009-12-09 18:44 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2009-12-09 18:44 . 2009-12-09 18:44 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-12-09 18:43 . 2009-12-09 18:43 11776 ----a-w- c:\windows\system32\sbunattend.exe 2009-12-09 18:43 . 2009-12-09 18:43 558080 ----a-w- c:\windows\system32\oleaut32.dll 2009-12-09 18:42 . 2009-12-09 18:42 290304 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-09 18:42 . 2009-12-09 18:42 84480 ----a-w- c:\windows\system32\dnsrslvr.dll 2009-12-09 18:42 . 2009-12-09 18:42 24576 ----a-w- c:\windows\system32\dnscacheugc.exe 2009-12-09 18:42 . 2009-12-09 18:42 269824 ----a-w- c:\windows\system32\schannel.dll 2009-12-09 18:41 . 2009-12-09 18:41 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-12-09 18:41 . 2009-12-09 18:41 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-12-09 18:41 . 2009-12-09 18:41 1686528 ----a-w- c:\windows\system32\gameux.dll 2009-12-09 18:41 . 2009-12-09 18:41 98816 ----a-w- c:\windows\system32\mfps.dll 2009-12-09 18:41 . 2009-12-09 18:41 52736 ----a-w- c:\windows\system32\rrinstaller.exe 2009-12-09 18:41 . 2009-12-09 18:41 2855424 ----a-w- c:\windows\system32\mf.dll 2009-12-09 18:41 . 2009-12-09 18:41 24576 ----a-w- c:\windows\system32\mfpmp.exe 2009-12-09 18:41 . 2009-12-09 18:41 2048 ----a-w- c:\windows\system32\mferror.dll 2009-12-09 18:41 . 2009-12-09 18:41 996352 ----a-w- c:\windows\system32\WMNetMgr.dll 2009-12-09 18:41 . 2009-12-09 18:41 94720 ----a-w- c:\windows\system32\logagent.exe 2009-12-09 18:40 . 2009-12-09 18:40 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-12-09 18:40 . 2009-12-09 18:40 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2009-12-09 18:40 . 2009-12-09 18:40 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-09 18:39 . 2009-12-09 18:39 84480 ----a-w- c:\windows\system32\INETRES.dll 2009-12-09 18:39 . 2009-12-09 18:39 737792 ----a-w- c:\windows\system32\inetcomm.dll 2009-12-09 18:39 . 2009-12-09 18:39 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-12-09 18:39 . 2009-12-09 18:39 1645568 ----a-w- c:\windows\system32\connect.dll 2009-12-09 18:38 . 2009-12-09 18:38 5120 ----a-w- c:\windows\system32\wmi.dll 2009-12-09 18:38 . 2009-12-09 18:38 152576 ----a-w- c:\windows\system32\imagehlp.dll 2009-12-09 18:38 . 2009-12-09 18:38 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2009-12-09 18:38 . 2009-12-09 18:38 788992 ----a-w- c:\windows\system32\rpcrt4.dll 2009-12-09 18:37 . 2009-12-09 18:37 1327104 ----a-w- c:\windows\system32\quartz.dll 2009-12-09 18:36 . 2009-12-09 18:36 130048 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-12-09 18:35 . 2009-12-09 18:35 321536 ----a-w- c:\windows\system32\WSDApi.dll 2009-12-09 18:35 . 2009-12-09 18:35 -------- d-----w- c:\program files\MSXML 4.0 2009-12-09 18:34 . 2009-12-09 18:34 633856 ----a-w- c:\windows\system32\user32.dll 2009-12-09 18:34 . 2009-12-09 18:34 2048 ----a-w- c:\windows\system32\msxml6r.dll 2009-12-09 18:34 . 2009-12-09 18:34 1341440 ----a-w- c:\windows\system32\msxml6.dll 2009-12-09 18:33 . 2009-12-09 18:33 750080 ----a-w- c:\windows\system32\qmgr.dll 2009-12-09 18:33 . 2009-12-09 18:33 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-12-09 18:32 . 2009-12-09 18:32 8147968 ----a-w- c:\windows\system32\wmploc.DLL 2009-12-09 18:32 . 2009-12-09 18:32 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-12-09 18:32 . 2009-12-09 18:32 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-12-09 18:32 . 2009-12-09 18:32 311296 ----a-w- c:\windows\system32\unregmp2.exe 2009-12-08 03:23 . 2009-12-08 04:46 -------- d-----w- c:\users\Orange and Blue\DoctorWeb 2009-12-08 02:16 . 2009-12-08 02:16 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-12-08 02:16 . 2009-12-08 02:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-12-08 02:16 . 2009-12-08 02:16 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-12-08 02:16 . 2009-12-08 02:16 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-12-08 02:15 . 2009-12-08 02:15 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-12-08 02:15 . 2009-12-08 02:15 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-12-05 05:01 . 2009-12-05 05:01 -------- d-----w- c:\programdata\SiteAdvisor 2009-12-05 04:59 . 2009-11-05 00:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-12-05 04:59 . 2009-11-05 00:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-12-05 04:59 . 2009-11-05 00:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-12-05 04:59 . 2009-07-16 20:32 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys 2009-12-05 04:59 . 2009-12-05 04:59 -------- d-----w- c:\program files\Common Files\McAfee 2009-12-05 04:59 . 2009-12-05 04:59 -------- d-----w- c:\program files\McAfee.com 2009-12-05 04:59 . 2009-12-08 02:10 -------- d-----w- c:\program files\McAfee 2009-12-05 04:55 . 2009-11-05 00:53 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-12-05 04:42 . 2009-12-08 02:20 -------- d-----w- c:\programdata\McAfee 2009-12-05 03:37 . 2009-12-05 03:37 92472 ----a-w- c:\users\Orange and Blue\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-05 03:37 . 2009-12-05 03:37 -------- d-----w- c:\users\Orange and Blue\AppData\Roaming\Snapfish 2009-12-05 03:17 . 2009-12-09 18:53 92472 ----a-w- c:\users\Go to Hell\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-05 03:17 . 2009-12-05 03:17 -------- d-----w- c:\users\Go to Hell\AppData\Roaming\Snapfish 2009-12-04 23:36 . 2009-12-04 23:36 -------- d-----w- c:\programdata\Hewlett-Packard 2009-12-04 23:32 . 2009-12-31 05:05 -------- d-----w- c:\windows\SMINST 2009-12-04 23:27 . 2009-12-05 06:19 -------- d-----w- c:\programdata\Symantec 2009-12-04 23:27 . 2009-12-05 05:02 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-04 23:25 . 2009-12-05 03:33 -------- d-----w- c:\program files\Yahoo! 2009-12-04 23:24 . 2009-12-04 23:24 -------- d-----w- c:\program files\earthlink totalaccess 2009-12-04 23:21 . 2009-12-04 23:21 -------- d-----w- c:\programdata\PC-Doctor 2009-12-04 23:21 . 2009-12-04 23:35 -------- d-----w- c:\program files\PC-Doctor 5 for Windows 2009-12-04 23:19 . 2009-12-04 23:19 -------- d-----w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1} 2009-12-04 23:19 . 2006-11-29 20:33 321108 ----a-w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\mia.dll 2009-12-04 23:19 . 2006-11-29 20:33 2538535 ----a-w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe 2009-12-04 23:19 . 2009-12-04 23:19 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites 2009-12-04 23:18 . 2006-10-27 03:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll 2009-12-04 23:18 . 2006-10-27 03:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2009-12-04 23:17 . 2009-12-04 23:17 -------- d-----w- c:\windows\PCHEALTH 2009-12-04 23:17 . 2009-12-04 23:17 -------- d-----w- c:\program files\Microsoft.NET 2009-12-04 23:16 . 2009-12-04 23:18 -------- d-----w- c:\programdata\Microsoft Help 2009-12-04 23:16 . 2009-12-04 23:16 -------- d-----r- C:\MSOCache 2009-12-04 23:16 . 2009-12-04 23:18 -------- d-----w- c:\program files\Microsoft Works 2009-12-04 23:14 . 2009-12-04 23:14 -------- d-----w- c:\program files\Snapfish Media Detector 2009-12-04 23:14 . 2009-12-04 23:14 -------- d-----w- c:\program files\Common Files\Adobe 2009-12-04 23:13 . 2009-12-04 23:13 -------- d-----w- c:\program files\muvee Technologies 2009-12-04 23:13 . 2009-12-04 23:13 -------- d-----w- c:\program files\Common Files\muvee Technologies 2009-12-04 23:13 . 2009-12-04 23:13 -------- d-----w- c:\programdata\muvee Technologies 2009-12-04 23:12 . 2009-12-04 23:12 -------- d-----w- c:\program files\Common Files\xing shared 2009-12-04 23:12 . 2009-12-04 23:12 -------- d-----w- c:\program files\Common Files\Real 2009-12-04 23:12 . 2009-12-04 23:12 -------- d-----w- c:\program files\Real 2009-12-04 23:11 . 2009-12-04 23:12 -------- d-----w- c:\program files\Rhapsody 2009-12-04 23:11 . 2009-12-04 23:11 -------- d---a-w- c:\program files\Common Files\LightScribe 2009-12-04 23:11 . 2009-12-04 23:11 -------- d---a-w- c:\program files\Common Files\LS Getting Started 2009-12-04 23:10 . 2009-12-04 23:10 -------- d-----w- c:\program files\Common Files\SureThing Shared 2009-12-04 23:09 . 2009-12-04 23:09 -------- d-----w- c:\programdata\Sonic 2009-12-04 23:09 . 2009-12-04 23:09 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2009-12-04 23:08 . 2009-12-04 23:08 -------- d-----w- c:\programdata\Roxio 2009-12-04 23:08 . 2009-12-04 23:10 -------- d-----w- c:\program files\Common Files\Sonic Shared 2009-12-04 23:08 . 2009-12-04 23:10 -------- d-----w- c:\program files\Roxio . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-26 01:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-12-09 18:51 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-12-09 18:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-12-09 18:41 . 2009-12-09 18:41 2560 ----a-w- c:\windows\AppPatch\AcRes.dll 2009-12-09 18:41 . 2009-12-09 18:41 537600 ----a-w- c:\windows\AppPatch\AcLayers.dll 2009-12-09 18:41 . 2009-12-09 18:41 449024 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2009-12-09 18:41 . 2009-12-09 18:41 2143744 ----a-w- c:\windows\AppPatch\AcGenral.dll 2009-12-09 18:41 . 2009-12-09 18:41 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2009-12-04 23:23 . 2009-12-04 22:52 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-04 23:03 . 2009-12-04 22:52 -------- d-----w- c:\program files\Common Files\InstallShield 2009-12-04 22:52 . 2009-12-04 22:52 319456 ----a-w- c:\windows\DIFxAPI.dll 2009-12-04 22:52 . 2009-12-04 22:52 315392 ----a-w- c:\windows\HideWin.exe 2009-12-04 22:52 . 2009-12-04 22:52 -------- d-----w- c:\program files\Realtek 2009-12-04 22:46 . 2006-11-02 08:30 134760 ----a-w- c:\windows\system32\halacpi.dll 2009-12-04 22:46 . 2006-11-02 08:30 160872 ----a-w- c:\windows\system32\halmacpi.dll 2009-11-05 00:54 . 2009-11-05 00:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-11 90192] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-11 8429568] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-11 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912] "SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 73728] "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish Media Detector.lnk - c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-3-2 1441792] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/4/2009 9:01 PM 203280] S3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\System32\drivers\netr73.sys [5/24/2009 7:36 AM 501248] . Contents of the 'Scheduled Tasks' folder 2009-12-05 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-05 20:22] 2009-12-05 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-05 20:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.att.net/ mStart Page = hxxp://www.yahoo.com . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-30 21:14 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(3852) c:\program files\McAfee\SiteAdvisor\saHook.dll . Completion time: 2009-12-30 21:16:32 ComboFix-quarantined-files.txt 2009-12-31 05:16 Pre-Run: 282,088,501,248 bytes free Post-Run: 282,141,290,496 bytes free - - End Of File - - 0E53927D0FF64FB3EB06891E9089EF8A Once I ran this I got a pitch black screen after signing on. THen i ctrl alt delete and notice that something called LogonUI.exe was hogging and when i tried to end process it disappeared. Just wanted you to know. I also notice on Mcafee scan log results dated 12/4/2009 It detected a Trojan. Detection Name: Generic Start Page! File: C:\Program Files\Online Services\Alous\AOL90\comps\ACS\ACSSETUP.EXE--cannot be deleted. |
|
|
|
|
Dec 31 2009, 02:24 AM
Post
#15
|
|
|
Forum Addict Group: Malware Response Team Posts: 2,095 Joined: 11-August 07 Member No.: 149,370 |
Hi kymberly,
What McAfee alerts is the same as those in Dr.Web log as described in my previous post. You may uninstall and delete those folders if you feel comfortable. Let's check your system with Kas Online Scanner one more time. If nothing outstanding out there, you should be good to go. Be patient, it will take some time to run the full course. Please go to Here to download Java Runtime Environment (JRE) 6 Update 17 and install the newest version. After that, please do the following: Step1 Let's clean some temp files. Please do the following: Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main "Select Files to Delete" choose: Select All. Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Step2 Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.--->Right click on your browser and select Run As Administrator to run.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. Please post back the logs in your next reply. 1.Kas Online Scan Report 2.Fresh HJT log Tell me if you have any concerns on your pc now. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 6th September 2010 - 04:13 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.