Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issue With Ie - Web Page Redirection To Adserver.com


  • Please log in to reply
9 replies to this topic

#1 Black Vinyl

Black Vinyl

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 14 February 2008 - 07:48 AM

G'day from down-under ppl.
This is my first time posting on this site and asking for assistance.

The problem started about a month ago when I DL a trial version of Dreamweaver.
It seemed to instal ok, but everytime I rebooted avast picks a virus/malware in A.bat and another one or 2 files.
Even when I suggest to have them deleted at next reboot, they would re-appear.

Now, after reading of some similar issues on this site and following the advice, I managed to overcome that problem.
The only problem I have now is that after browsing for a few minutes, any page I try to load (new, history or favs), the page comes up blank with the following information in the address field...

http://www.adserver.com/feed/65000000/65000000/00000000

The only way to continue browsing is to reboot my pc. It's getting anoying so if anybody can help, that would be greatly appreciated.

Cheers,
BV


Mod Edit: Topic moved to more appropriate forum and modified title~ TMacK

Edited by TMacK, 18 February 2008 - 01:02 PM.


BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 14 February 2008 - 04:18 PM

this is where I wish I could do an Aussie accent on a forum :flowers:

Hi and welcom from t'other side of this gorgeous world of ours :trumpet: not knowing your windows version , assuming you are on a version that has System Restore, have you yet tried that tool ?

from a link I have just found it is highly possible you are infected; to avoid duplication of scans run can you kindly let us know what your antivirus program is , what other protection you have on board, when last updated and when last run :thumbsup:

Edited by ruby1, 14 February 2008 - 04:23 PM.


#3 Black Vinyl

Black Vinyl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 15 February 2008 - 04:09 AM

Hi there ruby1,
Thanks for your reply.
I'm sorry, how naive of me to not include the basic info. It was very late in my neck of the woods and I was tired and frustrated with the pc.

Nevertheless, here goes with the info you requested.

I am running XP SP2 and no I have not tried restoring to a previous date. Mainly because I can't remember the exact date of when I first became affected, and because I don't believe a system restore will actually remove an infection...if that's what I have.

AV I use is avast! home and I believe it is up to date as it updates everytime I go online.
I also have SUPER anti spyware and the last scan done was 13 Feb 08 as was the definitions update.
I have also run SDfix 1.141 and the results were...

SDFix: Version 1.141

Run on Wed 13/02/2008 at 12:26 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: D:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found


Removing Temp Files...

ADS Check:

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 00:33:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"E:\\Program Files\\Nero 8\\Nero Home\\NeroHome.exe"="E:\\Program Files\\Nero 8\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home"
"E:\\Program Files\\Skype\\Phone\\Skype.exe"="E:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"E:\\Program Files\\LimeWire\\LimeWire.exe"="E:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\WINDOWS\\system32\\windows_update.exe"="D:\\WINDOWS\\system32\\windows_update.exe:*:Disabled:windows_update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

Files with Hidden Attributes:

Wed 16 Jan 2008 24 ..SH. --- "D:\WINDOWS\S92701FBA.tmp"
Mon 14 Jan 2008 13,380 ..SH. --- "D:\Documents and Settings\Pix & Mix Memories\desktop.exe"
Wed 4 Aug 2004 1,503,232 ..SHR --- "D:\WINDOWS\system32\windows_update.exe"
Sat 2 Feb 2008 1,409 ...H. --- "D:\Documents and Settings\Anna\Local Settings\Temp\FOR18.tmp"
Sat 2 Feb 2008 1,409 ...H. --- "D:\Documents and Settings\Anna\Local Settings\Temp\FORE.tmp"
Sat 2 Feb 2008 21,084 ...H. --- "D:\Documents and Settings\Anna\Local Settings\Temp\ZTR17.tmp"
Sat 2 Feb 2008 18,908 ...H. --- "D:\Documents and Settings\Anna\Local Settings\Temp\ZTRD.tmp"

Finished!

Other than the above, I have the windows firewall enabled.

I hope that has answered your questions for now and shed a bit more light on my pc, and I hope you can help.

Cheers,
BV :thumbsup:

#4 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 15 February 2008 - 01:42 PM

Hi; try an on line scan from trend; as you are in Aussie you need to ensure you select the appropriate site for download

http://housecall.trendmicro.com/
also try adaware 2007 and asquared ; fully update, reboot and run on a full deep scan
http://www.lavasoft.com/products/ad_aware_free.php


http://www.emsisoft.com/en/software/free/

your FREE exe for a squared is

http://download6.emsisoft.com/a2FreeSetup.exe

these MAY take a wee while to run so be patient

#5 Black Vinyl

Black Vinyl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 18 February 2008 - 01:26 AM

Hi again,
Thanks for your advice.
Hmmm... you're right. They will take a WEE while to complete.
I will be patient provided you don't think I have abandoned your assistance.

I'm in the process of completing everything you suggested, before I get back to you.

Speak soon.

BV :thumbsup:

#6 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 18 February 2008 - 03:33 AM

this stand- alone tool

http://vil.nai.com/vil/stinger/

its exe is
http://download.nai.com/products/mcafee-avert/stinger.exe

might also come in handy

lets see where we are at once that lot is run

as far as Stinger is concerned, due to the nature of the infection on it ,on one computer I ran it on I found it useful to delete ALL temporary internet files and reduce the Temp internet files folder to virtually NIL in size to help locate and stop the infection; you might wish to do likewise;
see ya when the scanning is done :thumbsup:

#7 Black Vinyl

Black Vinyl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 17 March 2008 - 02:53 AM

Hi ruby1,
Its been a while, but I have had good cause for the delay.

When I last posted on this site I was with a different ISP who had slowed me down to 28.8 because of speed limiting on their ADSL accounts.
Lightning fast speeds enabled me to be foolish enough to download those files you suggested and try to run them. :flowers:

Anyway, once connected to a new mob, I started.

Trendmicro gave me issues that everytime I ran it, it reached 5 or so minutes remaining of the scan and the pc would lock up.
Everytime I tried again, it did the same but with more time remaining. (23mins, then 38mins etc)

Adaware and a-squared seem to run but I don't think they found anything.

Stinger I can't remember if I used it.

Now I have other issues.
The adserver thingy doesn't appear in the address bar of IE anymore, but now my PC hangs intermittently.
Sometimes while browsing the pc will freeze for about 3 mins then start again.
Actually, when booting up, it gets to the point where it says 'Windows is starting up...' but it won't proceed beyond that to get to the log in screen.
While rebooting, it can literally hang there for hours (yes, I have waited for hours in case it decided to get better). :thumbsup:

The same thing happens in SAFE mode.

On the subject of booting up, my PC used to take around 2 mins to boot up, now it takes around 7 mins.
I don't know what's happening, but something is pushing me to the formatting edge. :trumpet:

Hope you can help, coz I'm pulling my hair out.

Cheers,

BV

#8 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 17 March 2008 - 01:33 PM

welcom back from 'wherever' :thumbsup:
we have not yet run superantispyware have we?
if it will let you, try this one

http://www.superantispyware.com/superantis...efreevspro.html
its exe is
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

fully update it , reboot and run a FULL deep scan ( I gather safe mode is unavailable?)

also please rerun asquared once you have updated the definitions

please post the logs produced by each program for the Team to examine ?


of interest, is system restore still accessible?

I notice you appear to have both Utorrent and limewire P2P Programs on there? are they both being used? and are you aware of the risks to your computer's safety and your private information from the use of such programs ?

Edited by ruby1, 17 March 2008 - 01:39 PM.


#9 Black Vinyl

Black Vinyl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 18 March 2008 - 04:07 AM

Hi again,
OK I will run those and post the reports for you/the team.
I may have safe mode now, I will try to do the scans in safe mode.

As for system restore, let me see . . . . . . . . . . . .well, it opens up and asks me to either create a restore point or restore my system to a previous date.
So I guess it works.

I don't use limewire anymore, haven't for about 12mths.
I use utorrent sometimes....when I am not browsing at 28.8kb/s.

I realise they are risky programs to run, so if and when I use them, I am quite careful of what I D/L considering half the files available include viruses and other nasties which are renamed to look as legit attachments.

I guess it's a bit of once bitten twice shy syndrome, but these days I think I prefer to try progs downloaded from the manufacturers site.
I feel less uneasy doing it this way.

I will get back to you soon with those reports.

Thanks again.
BV

#10 Black Vinyl

Black Vinyl
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 21 March 2008 - 02:38 AM

Hi Ruby1,
As requested the results of the scans are listed below.
FYI, Adaware kept producing a 'unhandled exception error' everytime I ran it (safe mode or normal), and each time it failed when scanning the following file/folder...
E:\WINDOWS\$ntservicepackuninstall$\
Current Object: reg00180
...and at the time 59 infections were detected. But when I closed the exception error box, the program just showed 0 infections.
This is probably because it didn't complete.

Here is the exception error report in case it helps...

Adaware

An unhandled exception occured at 0x1004EA61 in aawservice.exe

Exception Code : 0xc0000006
Client version : 0.726
Attached Debugger : 0

Windows Information :
---------------------
Windows Version : Windows XP (5.1)
Build Number : 2600
Service Pack : 2.0

CPU Information:
----------------
CPU Name : AMD Athlon™ XP 2600+
Type : 0
Vendor : AuthenticAMD
Family : 7
Extended Family : 0
Model : 8
Extended Model : 0
Stepping : 1

Registry Content:
-----------------
EAX : 0xffffffff
ECX : 0x00cf0000
EDX : 0x00000600
EBX : 0x03a7e0f4
ESP : 0x03a7dfa0
EBP : 0x03a7ef28
ESI : 0x03a7e130
EDI : 0x00000000
EIP : 0x1004ea61

Memory Usage:
-------------
Physical Memory in use : 27%
Total Physical Memory : 2096624 kb
Free Physical Memory : 1519424 kb
Total Virtual Memory : 2097024 kb
Free Virtual Memory : 1884664 kb
Max Page file size : 4038588 kb
Current Page file size : 3693872 kb
Free Extended memory : 0kb

Stack Information:
------------------
Total stack size : 8252

Stack Content:
--------------
00000000 03a7e130 1002aadf 00cf0000 00000600 c3d47dd8
00000008 00000000 03a7e18c 03a7ef28 03a7e1b8 00000000
00000000 03a7e18c 03a7e0f4 00000000 1005063e 03a7e1b8
00000008 c3d47d90 00000008 c3d47da8 03a7e180 10088d0e
ffffffff 1002b59d 03a7e130 03a7e0f4 00000000 00000000
00000001 c3d443ec 00000008 03a7ef28 03a7ef01 7c90ee18
7c9106f0 ffffffff 7c9106eb 7c9119e6 7c911a24 7c97c080
7c9119fa 00196a5c 00196a48 00000000 7ffd4000 7ffda000
043940f0 03a7dfb8 00000000 03a7e420 7c90ee18 7c911b10
ffffffff 7c911ad6 7c97c0a0 00196a48 00000000 00000000
7c90ee18 00000038 7c00ee18 00150000 03a7de98 7c9140bb
03a7e420 7c90ee18 03a7e0c0 7c911b3c 00196a5c 00000000
03a7e0d4 7c80f0cc 03a7e0fc 03a7e100 003f0000 7c910732
0000000b 003f0898 003f0000 08f1ee48 03a7e0d8 03a7e318
00000000 7c90ee18 08f684f8 005c002e 7c910000 7c9106ab
0000002c 0000003a 00000000 00000000 03f82180 00000000
00000000 00000000 ffffffff 08f684f8 0000025c 00000258
00cf0000 00002000 00000000 0407cfd0 003d8c90 00000000
08f60000 00370038 01c80000 3c110a1c 00000000 00000007
00000081 03f82180 01c83eb3 03a7ef28 00000000 03a7e01c
03a7e59c 10088e7c 00000014 00000820 6b942c40 01c83eb3
6b968e9a 01c83eb3 6b968e9a 01c83eb3 00000000 00002000
00000000 00000000 00650072 00300067 00310030 00370038
00000000 00000073 00000000 006d0068 00000000 006d0074
006d0000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 04368970
00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00cb0000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 03a7e270 00000000 7c9105c8 08393990
03a7e33c 7c910551 003f0778 7c91056d 03a7e40c 08393998
0000000b 03a7e29c 00000000 7c9105c8 08393990 03a7e368
7c910551 003f0778 7c91056d 03a7e568 08393998 0000000b
00000000 00000000 03a7e2d0 00000005 0000000b 08393990
03a7e39c 7c910551 003f0778 00000028 00000008 08393998
00000000 00000000 00000005 00000000 00000000 08f1ee48
00000000 003f0000 00000058 00000000 003f0000 03a7e10c
03a7e3a0 0001e3a4 00000005 03a7e280 ffffffff 03a7e36c
7c90ee18 7c910570 ffffffff 7c91056d 10069222 003f0000
00000000 10069241 c3d4411c 03a7e40c 00000027 0000000b
08393998 03a7e350 03a7e40c 03a7e3a4 1006d9e0 d0798650
fffffffe 10069241 1000cd44 00000002 00000000 03a7e3a8
1006843e 08f1ee8e 1008f7c0 00000002 00000024 03a7e40c
1008f7c0 10015bc3 08f1ee8e 00000008 1008f7c0 00000002
00500000 004e0045 00490046 0031007e 0045002e 00450058
00000000 043897b8 00000008 08f1ef70 03a7e5a8 03a7ef01
00000001 00000024 00000027 1008b400 c3d443ec 03a7e5a8
1002b812 03a7ef01 08f1ee48 03a7e400 03a7e5a8 03a7e59c
00000025 00000027 06b75b01 00000000 00000000 00000000
c3d447c8 00000008 03a7ef28 03a7ef01 03a7e678 7c912270
7c911596 7c9106eb 03a7e744 03f86f58 00000000 ffffffff
7c910732 7c9106ab 7c9106eb 00000038 00000000 7c9105d4
00000000 00000000 00000000 00000000 00000000 00150000
00000081 001bd298 03a7e6d0 7c912270 7c911596 7c9106eb
08f71c01 03a7e74c 00000000 04368970 000032b1 03a7e4e8
7c911bff 00150000 0020cae8 0020cae8 00150000 00150640
00150640 00cb0000 03a7e51c 003f0000 7c910732 00000005
003f0778 003f0000 06b7b090 03a7e4f4 00000070 03a7e738
7c90ee18 006c006c 005c0024 7c910000 7c9106ab 00000004
00000007 00000000 7c9105d4 7c910eca 03a7e764 7c90ee18
7c910738 ffffffff 08f1ee48 7c9106ab 7c9106eb 00000020
00000024 00000027 00000000 00000000 00030385 08f1ee48
005c0024 04390000 00000140 00000024 00000027 03a7e40c
04383208 00000201 03a7ef28 00000000 03a7e438 03a7e9b8
10088e7c 00000002 00000812 410dfb04 01c83eb3 91963dce
01c88a36 6a62ff40 01c83eb3 00000000 00000000 04383208
00000000 006e0024 00730074 00720065 00690076 00650063
00610070 006b0063 006e0075 006e0069 00740073 006c0061
0024006c 03f80000 03a7e6d4 7c910551 003d0808 7c91056d
00000012 03f86f38 00000000 04383208 00150178 03a7e6f8
7c910e91 00150608 7c91056d 00000012 03a7e74c 00000000
00cb0000 00001000 001bd298 00150178 00001000 001bd2a0
00000000 001bd2a0 03a7e710 00001008 00001000 00000040
7c9106eb 03a7e68c 00000000 7c9105c8 06b7b088 03a7e758
7c910551 003f0778 7c91056d 03a7e828 06b7b090 0000000f
03a7e6b8 00000000 7c9105c8 06b7b088 03a7e784 7c910551
003f0778 7c91056d 03a7e984 06b7b090 0000000f 03a7e814
003d46a0 00cb0000 00000000 00000005 00150178 00000012
0436f778 00000000 00000028 00000040 001d1018 03a7e794
001e56c8 c02c9dd9 00000005 00000000 06b7b090 03f86f38
003f0000 00000028 000056d0 003f0000 03a7e528 7c9105c8
03a7e7c0 7c90ee18 7c9106f0 ffffffff 7c9106eb 1006878f
003f0000 00000000 00000020 03a7e828 0000000f 00000007
00000006 00000000 03a7e78c 1006843e 06b7b090 03a7e82c
00000006 03a7e828 0000000f 03a7e7cc 1000cd32 06b7b090
00000020 03a7e82c 00000002 00000000 03a7e7c4 1006843e
06b7b0a4 1008f7c0 00000002 0000000b 03a7e828 1008f7c0
10015bc3 06b7b0a4 0000000a 1008f7c0 00000002 004e0024
00530054 00520045 0031007e 10050000 1008f7c0 00000001
00196a48 00000008 06b7b470 03a7e9c4 03a7ef01 00000001
0000000b 0000000f 1008b400 c3d447c8 03a7e9c4 1002b812
03a7ef01 06b7b090 0000005c 03a7e9c4 03a7e9b8 0000000c
0000000f 06b75b01 00000000 00000000 00000000 c3d44ba4
03a7ef28 08f7174c 03a7eec0 7c911962 7c911993 7c97c080
7c911970 001770f8 001770d8 0016556c 000000d8 00150000
7c91056d 03a7e8d0 7c90ee18 7c911978 ffffffff 00011970
7c9118f1 03a7e800 00150000 03a7ed48 7c90ee18 7c910570
ffffffff 7c91056d 000162f9 0000001b 03a7e824 00000000
03a7ed48 7c90ee18 7c910570 03a7e910 003d0000 7c910732
0000002a 00001be0 03a7eb20 7c911538 7c911596 7c9106eb
03a7ec60 003d4864 00000000 03a7eb3c 7c911538 7c911596
7c9106eb 00000148 00000000 7c9105d4 7c911538 7c911596
0057004f 005c0053 00000000 7c9105d4 00000004 00000007
00000000 00000000 003d0718 003d0000 00000000 00000000
03a7eb2c 06b7b090 0000005c 004d0045 00000050 0000000b
0000000f 7c9106eb 00000010 00000000 06b7b090 0000005c
004d0000 00000050 0000000b 0000000f 03a7e828 03a7e9d8
01150000 03a7ef28 00000000 03a7e854 03a7eca8 10088e7c
00000002 00000010 238a7eea 01c83eb3 3c110a1c 01c88a2e
2ae13bf2 01c83eb3 00000000 00000000 03a7ec8c 00000000
00490057 0044004e 0057004f 00000053 00650074 0070006d
00200000 00390031 00310030 00380030 0070002e 00680073
00000000 006c002e 0067006f 00000000 00178108 03a7ec60
7c90ee18 7c910738 ffffffff 7c910732 7c9106ab 7c9106eb
003d4908 003d48a8 00000000 03a7ea90 003d0000 7c910732
00000002 003d06e8 003d0000 00000000 03a7ea68 003d0000
03a7ecac 7c90ee18 000000cc 03a7ecbc 7c911538 7c911596
7c9106eb 00000004 00000000 7c9105d4 00000020 00000000
7c9105d4 03a7eaa4 003d0000 03a7ece8 7c90ee18 000000dc
03a7ecf8 7c911538 03a7eb04 003f0000 7c910732 00000003
003f0718 003f0000 08f73340 03a7eadc 03a7ebbc 03a7ed20
7c90ee18 7c910738 ffffffff 7c910732 7c9106ab 7c9106eb
00000010 00000000 7c9105d4 03a7ed48 7c90ee18 7c910738
00000000 7c910732 7c9106ab 003d0640 0000001c 00000000
7c9105d4 7c910738 ffffffff 7c910732 003d0178 7c9106eb
0000000c 00000000 00000000 00000000 7c9105c8 00000000
003d0640 7c910551 003d49a0 7c91056d 00000014 003d4990
00000200 003d0178 03a7ec10 7c90ee18 0000000c 00000000
00000002 00000008 003d0178 00000000 003d4998 003d0178
00000018 003d4970 03a7ebd8 003d0178 00000000 003d49a8
003d0178 00000008 003d4998 003d0178 003d0000 003d0178
00000006 00000000 03a7ec0c 1006843e 00530000 004b0042
00590045 0031007e 00500000 00480053 10000000 04340f60
0000000e 003a0045 0000005c 03a70000 08f7174c 00000003
00000007 1002b900 c3d44ba4 03a7ecb4 1002b9de 0000000e
003a0045 002a005c 03a70000 08f7174c 00000004 00000007
06b75b01 00000a00 06ba0c00 00080000 c3d44ed4 00da9ec2
003f3dd0 00000007 00000000 003a0045 0000005c 003d4998
ffffffff 00000003 00000007 00000a00 03a7ec44 03a7ec70
03a7f158 10088eb0 00000000 c3d5b27d 003d4998 00000001
00000001 003d4998 003d4998 03a7ecb4 c3d5b259 003d4998
003d48e8 00000001 004a3af7 003d499c 03a7ecd0 03a7ed3c
005a2571 00000000 03a7ed48 004a572e 00000000 00000000
003d499c 003d48e8 00000001 004a587e c3d5b3e9 00000000
003d48e8 00000000 003d4998 ffffff00 003d48e8 003d499c
03a7ed18 03a7edb4 005a2968 ffffffff 003d48e8 004a6055
003d48e8 00000000 00000001 06b7b248 00000000 003d48e8
003d4908 ffffffff 003d48e8 004a610a 03a7ed90 003d48e8
003d4998 03a7edc4 003d48a8 06b7b248 003d48e8 003d4998
004a62ab 003d4908 c3d5b305 06b7b248 03a7ef28 02d90e70
003d4908 03a7ee1c 005a2b50 00000000 1002a380 06b7b248
c3d44fac 00da9ec2 03a7ef28 00000000 06b7b248 7c9106f0
ffffffff 7c9106eb 1006878f 003f0000 00000000 00000010
00da9ec2 03a7ef28 00000000 03a7ee1c 10067f67 00000010
00000000 c3d44fc4 02d90e70 03a7ee3c 10088c00 ffffffff
1002a652 c3d44c50 003f3dd0 00000007 03a7ef28 03a7f158
10088c62 c3d44ed4 02d90e70 10011cba 03a7eec0 06b75b01
08393900 06ba0c00 00080000 c3d44c08 00000003 00000008
00daa2e8 00da6468 0000000b 06ba0c18 00000003 02ddab18
06b75b01 00080000 06b75bc0 08393900 00000001 00daa2e8
0808be70 06ba0c00 10000001 03a7f204 00008000 00800000
00010000 02d90e70 0070006f 08f71730 08f71784 08f71784
00720061 00000000 00000007 0067006f 003a0046 0000005c
7c910732 00000003 00000003 00000007 00400000 00200000
00000000 03a7f130 7c90ee18 7c910738 ffffffff 7c910732
7c9106ab 7c9106eb 0000000a 00000000 003f3e18 ffffffff
00421000 0696e950 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 08080000 00000000
00000000 00000007 08f73298 00000001 40000000 00030d40
00039396 004210c0 0696e950 00000001 00030d40 003d46a0
003d48a8 08f73358 06b7b248 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 03a7effc
00000000 7c9105c8 00152098 00da9ec8 7c910551 00151378
7c91056d 00100001 c000000f 00000000 00000000 00000008
00000000 00000000 00da01c0 00000000 00da9ed0 00000000
00000001 00000000 00da01c0 00000008 00000000 00da01d0
00000000 00000000 00000000 00000000 00000000 00000000
00000001 00000000 00000002 00000000 00000000 00000000
0000006e 00000000 c000000f 00100001 03a7f0c0 00000009
7c90fb71 00100001 c000000f 00000000 00da01d0 00000045
03a7f47c 7c90ee18 00100001 00000002 03a7f0d0 7c809392
00000002 c000000f 03a7f3b4 7c80f100 c000000f 00000003
004780c4 00000800 00000018 00000000 00da9f10 00000040
00da9eb8 00da015c 00000000 00000000 00da9eb8 00000000
00daa2e8 00454d77 03a7f130 00000018 00000000 00000008
00000000 03a7f148 00452eb2 03a7f1d0 00da6780 00000008
00000004 03a7f1cc 03a7f1d0 00407cac 03a7f1d0 c3d44c18
03a7f6a0 10085f00 0000000f 00427e9e 03a7f204 00000003
00100000 10ebd997 00000003 03a7f6f8 00daa2e8 c3d26a2c
00000000 03a7fb30 00dab6a0 00dab730 01000000 0000001a
10ebd997 00000003 03a7f6f8 00000ff9 00000000 006f0000
006e0068 00000000 00000000 00000000 00000007 00000000
006f0000 006e0068 00000000 00000000 00000000 00000007
00000000 006f004a 006e0068 00000000 00000000 00000004
00000007 00dae660 00daf548 00da9ec0 00000000 00000000
03c80000 00000000 7c9105c8 00152098 03a7f2f4 7c910551
00151378 00da8078 00000000 7c91043d 00000000 00000002
00000000 00000000 00000000 00000000 00000000 03c804b8
00000000 00000000 03a7f278 00000000 7c9105c8 00daa6e0
03a7f344 7c910551 00da0898 7c91056d 03a7f43c 00daa6e8
00000027 03c80268 00000000 00000000 00000000 00000000
00da0178 00000000 03c804c0 0000159d 00da8070 03a7f2cc
00000000 7c9105c8 00dafd18 03a7f398 7c910551 00da07a8
7c91056d 03a7f3f4 00dafd20 00dafd20 7c90ee18 7c910570
ffffffff 00000169 00da9078 03a7f318 7c910f46 00000000
00dabb08 00da0000 00da8078 00000080 0300f3ec 00da0000
03a7f118 00010006 0000000b 03a7f288 7c9106f0 03a7f374
00000030 7c910570 ffffffff 7c91056d 004541d0 00da0000
00000000 004541ef c3d26820 03a7f43c 00da0000 00000027
00daa6e8 03a7f358 03a7f43c 03a7f3a8 0001ffff 00000006
03a7f2dc 00dafd20 03a7f3c8 7c90ee18 7c910570 ffffffff
7c91056d 004541d0 00da0000 00000000 004541ef c3d2687c
03a7f3f4 03a7f3f4 00dafd20 00dafd20 03a7f3ac 03a7f47c
03a7f47c 0045a430 c03de294 fffffffe 004541ef 00408a76
00dafd20 c3d2684c 00da51a0 00000000 00408a99 00453d4b
00dafd20 00000000 03a7f3f4 00dafd20 00dafd20 00000000
03a7f3f8 ffffffff 00000000 03c80268 00da51a0 00000001
c03de314 fffffffe 00453d42 0045304d 00000003 0045bebd
00da0000 03a7f488 00459b84 00000013 00000000 00000007
004530c1 c3d26f2c 00da51a0 00000000 0000000e 00000000
03a7f45c c3d26850 03a7f4c4 03a7f4c4 0046e696 ffffffff
004530c1 03a7f4d4 00409184 c3d26f3c 00dab6a0 00409237
00000003 00dab6a0 0000000e 00000001 03a7f49c 00000037
03a7f69c c3d26f04 c03de3f4 03a7f69c 0046f428 ffffffff
0048f3a0 00000037 004216b2 c3d26f44 00000000 03a7fb30
00dab6a0 004216d3 7c90ee18 47e1e04e 00000000 0000003a
03a7fb30 00dab6a0 00000000 00daa6e8 03a7f308 0000000f
03a7f598 00000026 00000027 0000003a 00000037 0000000e
00000014 00000002 0000006c 00000004 0000004f 00000001
0000003a 00000037 0000000e 00000014 00000002 0000006c
00000004 0000004f 00000001 0000003a 00000037 0000000e
00000014 00000002 0000006c 00000004 0000004f 03a7f59c
00000000 7c9105c8 00daf508 03a7f668 7c910551 00da07d8
7c91056d 00000000 00daf510 00dab730 00000037 0000000e
00000014 00000002 0000006c 00000004 0000004f 00000001
0000003a 00000037 0000000e 00000014 00000002 0000006c
00000004 0000004f 00000001 03a7f67c 00daec30 7c9106f0
00000038 7c9106eb 00000037 003a004c 00300000 003a0046
0000005c 00300032 00310020 002d0034 00da0000 0035002d
00200038 0020003a 00450000 03a7f688 00017b92 00000007
03a7f5ac 00000004 03a7f698 7c90ee18 7c910570 ffffffff
7c91056d 004541d0 00da0000 00000000 004541ef c3d26d0c
00000000 03a7fb30 00dab730 00daf510 03a7f67c 0047d340
03a7fbf0 c3d26a3c 03a7fbf0 0046efc1 00000002 00426504
03a7f6f8 c3d26d1c 00dab6a0 00000002 03a7ffb0 00492518
7ffda000 03a7f6b0 03a7fb4c 00380031 00360037 001a0000
7ffdac00 00000004 00000007 02080000 00dafd20 00dafdb8
00000001 00000754 00000000 001a0018 7ffdac00 02080000
03a7f930 02080000 03a7f728 00000000 00000000 7c800000
7ffdac00 02080000 03a7f950 00000006 00000000 03a7f758
00452eb2 00da44b0 00da4434 00000006 00000006 00da44ac
00000003 00406970 00da44b0 0000000e 00da4434 00000006
00000020 00000002 00000010 00444ae2 00480ff8 0000000a
00000000 00da449c 00dab730 00444e2c 00000000 00000000
00da4482 03a7f7d8 00da0000 7c910732 00000035 00da1078
00da0000 00000000 03a7f7b0 00da0778 03a7f9f4 7c90ee18
00000423 03a7fa04 7c911538 7c911596 7c9106eb 000001a0
00000000 7c9105d4 7c9106eb 00000020 00000000 7c9105d4
00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 03a7f854 00da0000 7c910732 00000023
00da0d18 03a7f868 00da0000 7c910732 00000005 00da0778
00da0000 00dab900 03a7f840 7c910732 03a7fa84 7c90ee18
03a7f894 00da0000 7c910732 00000005 03a7f8a4 00da0000
7c910732 00000003 00da0718 00da0000 00dafe30 03a7f87c
00da0808 03a7fac0 7c90ee18 7c910738 ffffffff 7c910732
7c9106ab 7c9106eb 0000000c 00000000 7c9105d4 7c9106eb
00000034 00000000 7c9105d4 0045bebd 00491530 03a7f910
0045e6ae 0000000d 0045e645 c3d262b4 03a7fbf8 03a7f94c
0047fff8 00da3c70 00000000 0045eacc 03a7f94c 00da6858
00da3c70 03a7fb9b 0045c200 03a7f9b0 0045c610 0000000a
0045c63d 00000000 00000000 0045cc2a 00a7f98c 03a7f98c
00000000 00000000 7c97c0d8 7c919aeb 00000000 00da6858
00da3c70 03c80048 00a7f901 00000000 00000000 00000000
00480009 00000000 00000000 00000000 03a7f990 00000010
0048f360 03a7fbfc 00000001 03a7fb9b ffffffff 0065446c
00000040 746e696f 03007265 03a7f9b8 00000000 00009a40
00251f18 7c91393d 74520000 6365446c 5065646f 746e696f
00007265 00dadd40 0000159d 03a7f948 00da6940 03a7faf8
7c90ee18 7c919af0 ffffffff 7c919aeb 7c919d27 7c900000
03a7fa30 00006c7b 03a7faa8 00000000 00000000 00000001
03a7faac 00000000 0045bb83 c3d261e0 00000000 03a7fb3c
00492500 03a7fb3c 78b9c6c2 00452dc4 78b9c6c2 002ad85f
00989680 00000000 00492500 00000000 00452dd8 0cc40a6b
00000000 4df846c2 01c88a3e ffff7360 03c80048 0000011c
7ffda000 00253088 03a7fad0 00000008 7c919b3f 00253098
03a7fb58 7c800000 7c800000 03a7faac 03a7faac 00000000
00dafe30 00251fc0 7c91393d 00000018 0000fd78 00da0000
03a7f8b0 00000000 7ffda000 03a7fb24 7c80262a 03a7fae0
7c802600 00dadd10 00000034 00492500 00000014 00000001
00000000 00000000 00000010 00452e18 0000000c 7ffd4000
7ffda000 00000000 00000000 03a7fad4 0000000c 03a7ffa4
7c8399f3 7c802608 ffffffff 7c802600 7c802542 7c90e2f1
7c8024b7 00daf510 00000000 00000034 0043a9e8 00000012
00000017 7c809c38 00750046 006c006c 03a70000 00425360
00000004 00000007 00425375 7c800000 00000134 00000002
00000034 00000020 00000004 0000001b 00000064 00000002
00000068 00000002 00000000 00000000 00000000 00000000
00459bae 00000011 00452bf7 00000001 0048f360 00452be6
c3d26048 0049251c 00000002 00492518 00000010 03a7fbc0
00000002 03a7ffa4 0045a430 c03dec2c c3d26d6c 00452be6
03a7ffa4 004732e0 00000000 00428a8b 00dab6a0 c3d267ac
7c901005 c099586c 00dab6a0 00000001 00dab6a0 00000002
00000000 00dab730 00dab6ac 00252e00 03a7fca4 00000100
000000fc 7c918e94 03a7fc54 7c918f87 7ffda000 7ffd4000
00000000 00000014 00000001 00000000 001531a8 00000000
00000000 00000000 00000000 00000000 00000000 00000000
7ffd4000 763912c0 00251ea4 03a7fc48 00000000 03a7fd0c
7c90ee18 7c918ed0 ffffffff 7c918e74 7c90e8c4 7c918dfa
03a7fd30 c099586c 00dab6a0 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 7ffda000 00000000 00000000
00000000 00000000 00000000 03a7fcb0 00000000 ffffffff
7c90ee18 7c918e00 ffffffff 7c918dfa 7c90d625 7c90eacf
03a7fd30 00000001 00010017 00000000 00000000 00000000
00000000 00000000 00000000 c0300004 c000197c 0000071c
00000000 00000000 00000000 00000000 00000381 ba822b10
804ec10e c0300004 ba822b10 804ebf86 0065f000 00000000
00000000 0065ffff 8a331620 88b9d001 00000000 c000197c
0075ffff 8a3959e0 88b5bc01 00000000 c0001d7c 00e8ffff
8a3cdbc0 00000000 00000038 00000023 00000023 7c901005
c099586c 00dab6a0 00dab900 10078fef 00448e00 00000028
7c810856 0000001b 00000200 03a7fffc 00000023 7c810856
0000001b 00000200 0065fffc ba822b2c 8a839300 8054b038
00040000 8a331620 88b9d098 c0001980 00000000 0066004f
00000066 00000000 00047cf1 00000003 00000007 c050369c
8a331818 00000729 ba822b64 804ebe3d 00000729 8a331818
7ffde000 c03007fc c01fff78 00000729 00000000 00000000
00000000 00000000 00000000 ba822c28 804ec10e c03007fc
00000000 00000007 7ffde000 00000000 00000000 88ab8728
8a331620 8a331601 00000000 c01fff78 00000000 8a3959e0
0061ffff 00040000 0000061f 8a3316ec 8a331620 0071ffff
00000000 00620000 ba822b3c 8a838da8 ffffffff 804e2af1
7ffde000 ffffffff 8056921f 804df06b ffffffff ba822cb8
ba822cbc 00008000 ba822d14 88eee964 ba822c24 804dc862
804dc86a 88eee934 88eee7c8 88eee7fc 88ab8728 8057f687
8a33d630 88eee7c8 7ffda000 ba822c84 804fa839 00000000
00000005 00000000 00000000 00000000 804f1dd8 00000000
00000000 804e58e8 806ee2e7 88eee7c8 ba822d50 804f9e1e
8a331620 88b80c01 00000000 8a33d630 804fa841 00000000
00000000 c3d267b0 804fa821 03a7ffdc 0047341a 00000001
03a7ffec 00448e14 7c80b50b 00dab6a0 7c901005 c099586c
00dab6a0 7ffda000 c0000006 03a7ffc0 03a7dbc0

System Activity:
----------------
Process 00000000: [System Process]
Module at 0x00400000: aawservice.exe
Module at 0x7c900000: ntdll.dll
Module at 0x7c800000: kernel32.dll
Module at 0x10000000: CEAPI.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll
Module at 0x77f60000: SHLWAPI.dll
Module at 0x77f10000: GDI32.dll
Module at 0x77d40000: USER32.dll
Module at 0x77c10000: msvcrt.dll
Module at 0x71ab0000: WS2_32.dll
Module at 0x71aa0000: WS2HELP.dll
Module at 0x004a0000: PKArchive85u.dll
Module at 0x7c9c0000: SHELL32.dll
Module at 0x774e0000: ole32.dll
Module at 0x77a80000: CRYPT32.dll
Module at 0x77b20000: MSASN1.dll
Module at 0x76f60000: WLDAP32.dll
Module at 0x76bf0000: PSAPI.DLL
Module at 0x77c00000: VERSION.dll
Module at 0x771b0000: WININET.dll
Module at 0x00350000: Normaliz.dll
Module at 0x5dca0000: iertutil.dll
Module at 0x769c0000: USERENV.dll
Module at 0x76390000: IMM32.DLL
Module at 0x773d0000: comctl32.dll
Module at 0x5d090000: comctl32.dll
Module at 0x0ffd0000: rsaenh.dll

Process 00000004: System
Current Memory usage : 208 kb
Memory usage peak : 2004 kb
Current Paged Pool usage : 0 kb
Paged Pool usage peak : 0 kb
Current Non-Paged Pool usage : 0 kb
Non-Paged Pool usage peak : 0 kb
Current Page file usage : 0 kb
Page file usage peak : 0 kb
Page Faults : 2014

Module list
Module at 0x00000000:

Process 0000009c: smss.exe
Current Memory usage : 892 kb
Memory usage peak : 892 kb
Current Paged Pool usage : 5 kb
Paged Pool usage peak : 12 kb
Current Non-Paged Pool usage : 0 kb
Non-Paged Pool usage peak : 1 kb
Current Page file usage : 164 kb
Page file usage peak : 1672 kb
Page Faults : 347

Module list
Module at 0x48580000: smss.exe
Module at 0x7c900000: ntdll.dll

Process 000000d4: csrss.exe
Current Memory usage : 6448 kb
Memory usage peak : 6500 kb
Current Paged Pool usage : 32 kb
Paged Pool usage peak : 48 kb
Current Non-Paged Pool usage : 4 kb
Non-Paged Pool usage peak : 4 kb
Current Page file usage : 1320 kb
Page file usage peak : 1336 kb
Page Faults : 2435

Module list
Module at 0x4a680000: csrss.exe
Module at 0x7c900000: ntdll.dll
Module at 0x75b40000: CSRSRV.dll
Module at 0x75b50000: basesrv.dll
Module at 0x75b60000: winsrv.dll
Module at 0x77d40000: USER32.dll
Module at 0x7c800000: KERNEL32.dll
Module at 0x77f10000: GDI32.dll
Module at 0x75e90000: sxs.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll

Process 000000ec: winlogon.exe
Current Memory usage : 27912 kb
Memory usage peak : 27912 kb
Current Paged Pool usage : 47 kb
Paged Pool usage peak : 50 kb
Current Non-Paged Pool usage : 6 kb
Non-Paged Pool usage peak : 9 kb
Current Page file usage : 3064 kb
Page file usage peak : 4300 kb
Page Faults : 9982

Module list
Module at 0x01000000: winlogon.exe
Module at 0x7c900000: ntdll.dll
Module at 0x7c800000: kernel32.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll
Module at 0x776c0000: AUTHZ.dll
Module at 0x77c10000: msvcrt.dll
Module at 0x77a80000: CRYPT32.dll
Module at 0x77d40000: USER32.dll
Module at 0x77f10000: GDI32.dll
Module at 0x77b20000: MSASN1.dll
Module at 0x75940000: NDdeApi.dll
Module at 0x75930000: PROFMAP.dll
Module at 0x5b860000: NETAPI32.dll
Module at 0x769c0000: USERENV.dll
Module at 0x76bf0000: PSAPI.DLL
Module at 0x76bc0000: REGAPI.dll
Module at 0x77fe0000: Secur32.dll
Module at 0x77920000: SETUPAPI.dll
Module at 0x77c00000: VERSION.dll
Module at 0x76360000: WINSTA.dll
Module at 0x76c30000: WINTRUST.dll
Module at 0x76c90000: IMAGEHLP.dll
Module at 0x71ab0000: WS2_32.dll
Module at 0x71aa0000: WS2HELP.dll
Module at 0x76390000: IMM32.DLL
Module at 0x75970000: MSGINA.dll
Module at 0x7c9c0000: SHELL32.dll
Module at 0x77f60000: SHLWAPI.dll
Module at 0x5d090000: COMCTL32.dll
Module at 0x74320000: ODBC32.dll
Module at 0x763b0000: comdlg32.dll
Module at 0x773d0000: comctl32.dll
Module at 0x20000000: odbcint.dll
Module at 0x776e0000: SHSVCS.dll
Module at 0x76bb0000: sfc.dll
Module at 0x76c60000: sfc_os.dll
Module at 0x774e0000: ole32.dll
Module at 0x77b40000: Apphelp.dll
Module at 0x755c0000: msctfime.ime
Module at 0x76b40000: WINMM.dll
Module at 0x10000000: SASWINLO.dll
Module at 0x77120000: OLEAUT32.dll
Module at 0x771b0000: WININET.dll
Module at 0x00bf0000: Normaliz.dll
Module at 0x5dca0000: iertutil.dll
Module at 0x0ffd0000: rsaenh.dll
Module at 0x76600000: cscdll.dll
Module at 0x75950000: WlNotify.dll
Module at 0x723d0000: WinSCard.dll
Module at 0x76f50000: WTSAPI32.dll
Module at 0x73000000: WINSPOOL.DRV
Module at 0x71b20000: MPR.dll
Module at 0x5ad70000: UxTheme.dll
Module at 0x71bf0000: SAMLIB.dll
Module at 0x77a20000: cscui.dll
Module at 0x77690000: NTMARTA.DLL
Module at 0x76f60000: WLDAP32.dll
Module at 0x77c70000: msv1_0.dll
Module at 0x76d60000: iphlpapi.dll
Module at 0x77050000: COMRes.dll
Module at 0x76fd0000: CLBCATQ.DLL
Module at 0x01180000: xpsp2res.dll

Process 00000118: services.exe
Current Memory usage : 6400 kb
Memory usage peak : 6400 kb
Current Paged Pool usage : 34 kb
Paged Pool usage peak : 36 kb
Current Non-Paged Pool usage : 5 kb
Non-Paged Pool usage peak : 6 kb
Current Page file usage : 1844 kb
Page file usage peak : 1844 kb
Page Faults : 1735

Module list
Module at 0x01000000: services.exe
Module at 0x7c900000: ntdll.dll
Module at 0x7c800000: kernel32.dll
Module at 0x77c10000: msvcrt.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll
Module at 0x77d40000: USER32.dll
Module at 0x77f10000: GDI32.dll
Module at 0x769c0000: USERENV.dll
Module at 0x758e0000: SCESRV.dll
Module at 0x776c0000: AUTHZ.dll
Module at 0x758c0000: umpnpmgr.dll
Module at 0x76360000: WINSTA.dll
Module at 0x5b860000: NETAPI32.dll
Module at 0x5f770000: NCObjAPI.DLL
Module at 0x76080000: MSVCP60.dll
Module at 0x5cb70000: ShimEng.dll
Module at 0x6f880000: AcGenral.DLL
Module at 0x76b40000: WINMM.dll
Module at 0x774e0000: ole32.dll
Module at 0x77120000: OLEAUT32.dll
Module at 0x77be0000: MSACM32.dll
Module at 0x77c00000: VERSION.dll
Module at 0x7c9c0000: SHELL32.dll
Module at 0x77f60000: SHLWAPI.dll
Module at 0x5ad70000: UxTheme.dll
Module at 0x76390000: IMM32.DLL
Module at 0x773d0000: comctl32.dll
Module at 0x5d090000: comctl32.dll
Module at 0x77fe0000: secur32.dll
Module at 0x77b40000: Apphelp.dll
Module at 0x77b70000: eventlog.dll
Module at 0x71ab0000: WS2_32.dll
Module at 0x71aa0000: WS2HELP.dll
Module at 0x76bf0000: PSAPI.DLL
Module at 0x76f50000: wtsapi32.dll

Process 00000124: lsass.exe
Current Memory usage : 860 kb
Memory usage peak : 4544 kb
Current Paged Pool usage : 35 kb
Paged Pool usage peak : 37 kb
Current Non-Paged Pool usage : 5 kb
Non-Paged Pool usage peak : 7 kb
Current Page file usage : 1796 kb
Page file usage peak : 2120 kb
Page Faults : 3949

Module list
Module at 0x01000000: lsass.exe
Module at 0x7c900000: ntdll.dll
Module at 0x7c800000: kernel32.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll
Module at 0x75730000: LSASRV.dll
Module at 0x77c10000: msvcrt.dll
Module at 0x77fe0000: Secur32.dll
Module at 0x77d40000: USER32.dll
Module at 0x77f10000: GDI32.dll
Module at 0x74440000: SAMSRV.dll
Module at 0x76790000: cryptdll.dll
Module at 0x76f20000: DNSAPI.dll
Module at 0x71ab0000: WS2_32.dll
Module at 0x71aa0000: WS2HELP.dll
Module at 0x77b20000: MSASN1.dll
Module at 0x5b860000: NETAPI32.dll
Module at 0x71bf0000: SAMLIB.dll
Module at 0x71b20000: MPR.dll
Module at 0x767a0000: NTDSAPI.dll
Module at 0x76f60000: WLDAP32.dll
Module at 0x5cb70000: ShimEng.dll
Module at 0x6f880000: AcGenral.DLL
Module at 0x76b40000: WINMM.dll
Module at 0x774e0000: ole32.dll
Module at 0x77120000: OLEAUT32.dll
Module at 0x77be0000: MSACM32.dll
Module at 0x77c00000: VERSION.dll
Module at 0x7c9c0000: SHELL32.dll
Module at 0x77f60000: SHLWAPI.dll
Module at 0x769c0000: USERENV.dll
Module at 0x5ad70000: UxTheme.dll
Module at 0x76390000: IMM32.DLL
Module at 0x773d0000: comctl32.dll
Module at 0x5d090000: comctl32.dll
Module at 0x20000000: msprivs.dll
Module at 0x71cf0000: kerberos.dll
Module at 0x77c70000: msv1_0.dll
Module at 0x76d60000: iphlpapi.dll
Module at 0x744b0000: netlogon.dll
Module at 0x767c0000: w32time.dll
Module at 0x76080000: MSVCP60.dll
Module at 0x767f0000: schannel.dll
Module at 0x77a80000: CRYPT32.dll
Module at 0x74380000: wdigest.dll
Module at 0x0ffd0000: rsaenh.dll
Module at 0x74410000: scecli.dll
Module at 0x77920000: SETUPAPI.dll

Process 000001bc: svchost.exe
Current Memory usage : 3472 kb
Memory usage peak : 3484 kb
Current Paged Pool usage : 34 kb
Paged Pool usage peak : 35 kb
Current Non-Paged Pool usage : 3 kb
Non-Paged Pool usage peak : 4 kb
Current Page file usage : 1224 kb
Page file usage peak : 1252 kb
Page Faults : 917

Module list
Module at 0x01000000: svchost.exe
Module at 0x7c900000: ntdll.dll
Module at 0x7c800000: kernel32.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll
Module at 0x5cb70000: ShimEng.dll
Module at 0x6f880000: AcGenral.DLL
Module at 0x77d40000: USER32.dll
Module at 0x77f10000: GDI32.dll
Module at 0x76b40000: WINMM.dll
Module at 0x774e0000: ole32.dll
Module at 0x77c10000: msvcrt.dll
Module at 0x77120000: OLEAUT32.dll
Module at 0x77be0000: MSACM32.dll
Module at 0x77c00000: VERSION.dll
Module at 0x7c9c0000: SHELL32.dll
Module at 0x77f60000: SHLWAPI.dll
Module at 0x769c0000: USERENV.dll
Module at 0x5ad70000: UxTheme.dll
Module at 0x76390000: IMM32.DLL
Module at 0x773d0000: comctl32.dll
Module at 0x5d090000: comctl32.dll
Module at 0x77690000: NTMARTA.DLL
Module at 0x76f60000: WLDAP32.dll
Module at 0x71bf0000: SAMLIB.dll
Module at 0x76a80000: rpcss.dll
Module at 0x71ab0000: WS2_32.dll
Module at 0x71aa0000: WS2HELP.dll
Module at 0x77fe0000: Secur32.dll
Module at 0x20000000: xpsp2res.dll
Module at 0x76f50000: WTSAPI32.dll
Module at 0x76360000: WINSTA.dll
Module at 0x5b860000: NETAPI32.dll
Module at 0x77c70000: msv1_0.dll
Module at 0x76d60000: iphlpapi.dll
Module at 0x76fd0000: CLBCATQ.DLL
Module at 0x77050000: COMRes.dll

Process 000001f8: svchost.exe
Current Memory usage : 4108 kb
Memory usage peak : 4144 kb
Current Paged Pool usage : 35 kb
Paged Pool usage peak : 35 kb
Current Non-Paged Pool usage : 3 kb
Non-Paged Pool usage peak : 4 kb
Current Page file usage : 1380 kb
Page file usage peak : 1448 kb
Page Faults : 1167

Module list
Module at 0x01000000: svchost.exe
Module at 0x7c900000: ntdll.dll
Module at 0x7c800000: kernel32.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll
Module at 0x5cb70000: ShimEng.dll
Module at 0x6f880000: AcGenral.DLL
Module at 0x77d40000: USER32.dll
Module at 0x77f10000: GDI32.dll
Module at 0x76b40000: WINMM.dll
Module at 0x774e0000: ole32.dll
Module at 0x77c10000: msvcrt.dll
Module at 0x77120000: OLEAUT32.dll
Module at 0x77be0000: MSACM32.dll
Module at 0x77c00000: VERSION.dll
Module at 0x7c9c0000: SHELL32.dll
Module at 0x77f60000: SHLWAPI.dll
Module at 0x769c0000: USERENV.dll
Module at 0x5ad70000: UxTheme.dll
Module at 0x76390000: IMM32.DLL
Module at 0x773d0000: comctl32.dll
Module at 0x5d090000: comctl32.dll
Module at 0x76a80000: rpcss.dll
Module at 0x71ab0000: WS2_32.dll
Module at 0x71aa0000: WS2HELP.dll
Module at 0x77fe0000: Secur32.dll
Module at 0x20000000: xpsp2res.dll
Module at 0x0ffd0000: rsaenh.dll
Module at 0x71a50000: mswsock.dll
Module at 0x662b0000: hnetcfg.dll
Module at 0x71a90000: wshtcpip.dll
Module at 0x76f20000: DNSAPI.dll
Module at 0x76d60000: iphlpapi.dll
Module at 0x76fb0000: winrnr.dll
Module at 0x76f60000: WLDAP32.dll
Module at 0x76fc0000: rasadhlp.dll
Module at 0x76fd0000: CLBCATQ.DLL
Module at 0x77050000: COMRes.dll

Process 00000278: svchost.exe
Current Memory usage : 13532 kb
Memory usage peak : 13588 kb
Current Paged Pool usage : 64 kb
Paged Pool usage peak : 64 kb
Current Non-Paged Pool usage : 10 kb
Non-Paged Pool usage peak : 11 kb
Current Page file usage : 7284 kb
Page file usage peak : 7368 kb
Page Faults : 5215

Module list
Module at 0x01000000: svchost.exe
Module at 0x7c900000: ntdll.dll
Module at 0x7c800000: kernel32.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll
Module at 0x5cb70000: ShimEng.dll
Module at 0x6f880000: AcGenral.DLL
Module at 0x77d40000: USER32.dll
Module at 0x77f10000: GDI32.dll
Module at 0x76b40000: WINMM.dll
Module at 0x774e0000: ole32.dll
Module at 0x77c10000: msvcrt.dll
Module at 0x77120000: OLEAUT32.dll
Module at 0x77be0000: MSACM32.dll
Module at 0x77c00000: VERSION.dll
Module at 0x7c9c0000: SHELL32.dll
Module at 0x77f60000: SHLWAPI.dll
Module at 0x769c0000: USERENV.dll
Module at 0x5ad70000: UxTheme.dll
Module at 0x76390000: IMM32.DLL
Module at 0x773d0000: comctl32.dll
Module at 0x5d090000: comctl32.dll
Module at 0x77690000: NTMARTA.DLL
Module at 0x76f60000: WLDAP32.dll
Module at 0x71bf0000: SAMLIB.dll
Module at 0x20000000: xpsp2res.dll
Module at 0x76ce0000: cryptsvc.dll
Module at 0x76c30000: WINTRUST.dll
Module at 0x77a80000: CRYPT32.dll
Module at 0x77b20000: MSASN1.dll
Module at 0x76c90000: IMAGEHLP.dll
Module at 0x77b90000: certcli.dll
Module at 0x76b20000: ATL.DLL
Module at 0x77fe0000: Secur32.dll
Module at 0x5b860000: NETAPI32.dll
Module at 0x754d0000: CRYPTUI.dll
Module at 0x771b0000: WININET.dll
Module at 0x00760000: Normaliz.dll
Module at 0x5dca0000: iertutil.dll
Module at 0x606b0000: ESENT.dll
Module at 0x59490000: wmisvc.dll
Module at 0x753e0000: VSSAPI.DLL
Module at 0x751a0000: srsvc.dll
Module at 0x74ad0000: POWRPROF.dll
Module at 0x74f40000: pchsvc.dll
Module at 0x76360000: WINSTA.dll
Module at 0x76fd0000: CLBCATQ.DLL
Module at 0x77050000: COMRes.dll
Module at 0x74f90000: dmserver.dll
Module at 0x77920000: SETUPAPI.dll
Module at 0x762c0000: wbemcore.dll
Module at 0x76080000: MSVCP60.dll
Module at 0x75310000: esscli.dll
Module at 0x75290000: wbemcomn.dll
Module at 0x75690000: FastProx.dll
Module at 0x767a0000: NTDSAPI.dll
Module at 0x76f20000: DNSAPI.dll
Module at 0x71ab0000: WS2_32.dll
Module at 0x71aa0000: WS2HELP.dll
Module at 0x75020000: wmiutils.dll
Module at 0x75200000: repdrvfs.dll
Module at 0x597f0000: wmiprvsd.dll
Module at 0x5f770000: NCObjAPI.DLL
Module at 0x75390000: wbemess.dll
Module at 0x0ffd0000: rsaenh.dll
Module at 0x5f740000: ncprov.dll

Process 000003ec: explorer.exe
Current Memory usage : 35628 kb
Memory usage peak : 37272 kb
Current Paged Pool usage : 99 kb
Paged Pool usage peak : 141 kb
Current Non-Paged Pool usage : 13 kb
Non-Paged Pool usage peak : 16 kb
Current Page file usage : 15460 kb
Page file usage peak : 19644 kb
Page Faults : 75063

Module list
Module at 0x01000000: Explorer.EXE
Module at 0x7c900000: ntdll.dll
Module at 0x7c800000: kernel32.dll
Module at 0x77c10000: msvcrt.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll
Module at 0x77f10000: GDI32.dll
Module at 0x77d40000: USER32.dll
Module at 0x77f60000: SHLWAPI.dll
Module at 0x7c9c0000: SHELL32.dll
Module at 0x774e0000: ole32.dll
Module at 0x77120000: OLEAUT32.dll
Module at 0x75f80000: BROWSEUI.dll
Module at 0x77760000: SHDOCVW.dll
Module at 0x77a80000: CRYPT32.dll
Module at 0x77b20000: MSASN1.dll
Module at 0x754d0000: CRYPTUI.dll
Module at 0x76c30000: WINTRUST.dll
Module at 0x76c90000: IMAGEHLP.dll
Module at 0x5b860000: NETAPI32.dll
Module at 0x771b0000: WININET.dll
Module at 0x00400000: Normaliz.dll
Module at 0x5dca0000: iertutil.dll
Module at 0x76f60000: WLDAP32.dll
Module at 0x77c00000: VERSION.dll
Module at 0x5ad70000: UxTheme.dll
Module at 0x5cb70000: ShimEng.dll
Module at 0x6f880000: AcGenral.DLL
Module at 0x76b40000: WINMM.dll
Module at 0x77be0000: MSACM32.dll
Module at 0x769c0000: USERENV.dll
Module at 0x76390000: IMM32.DLL
Module at 0x773d0000: comctl32.dll
Module at 0x5d090000: comctl32.dll
Module at 0x755c0000: msctfime.ime
Module at 0x77b40000: appHelp.dll
Module at 0x76fd0000: CLBCATQ.DLL
Module at 0x77050000: COMRes.dll
Module at 0x661c0000: GRA8E1~1.DLL
Module at 0x68ef0000: GrooveUtil.DLL
Module at 0x78130000: MSVCR80.dll
Module at 0x68ff0000: GrooveNew.DLL
Module at 0x7c630000: ATL80.DLL
Module at 0x0ffd0000: rsaenh.dll
Module at 0x76380000: MSImg32.dll
Module at 0x77a20000: cscui.dll
Module at 0x76600000: CSCDLL.dll
Module at 0x5ba60000: themeui.dll
Module at 0x77fe0000: Secur32.dll
Module at 0x20000000: xpsp2res.dll
Module at 0x5fc10000: msutb.dll
Module at 0x74720000: MSCTF.dll
Module at 0x71bf0000: SAMLIB.dll
Module at 0x61410000: urlmon.dll
Module at 0x4d4f0000: WINHTTP.dll
Module at 0x76980000: LINKINFO.dll
Module at 0x76990000: ntshrui.dll
Module at 0x76b20000: ATL.DLL
Module at 0x77920000: SETUPAPI.dll
Module at 0x7e1e0000: ieframe.dll
Module at 0x76bf0000: PSAPI.DLL
Module at 0x76360000: WINSTA.dll
Module at 0x7d1e0000: msi.dll
Module at 0x75cf0000: MLANG.dll
Module at 0x71b20000: MPR.dll
Module at 0x75f60000: drprov.dll
Module at 0x71c10000: ntlanman.dll
Module at 0x71cd0000: NETUI0.dll
Module at 0x71c90000: NETUI1.dll
Module at 0x71c80000: NETRAP.dll
Module at 0x75f70000: davclnt.dll
Module at 0x65e30000: GR99D3~1.DLL
Module at 0x66b40000: GR326C~1.DLL
Module at 0x74980000: msxml3.dll
Module at 0x75e90000: SXS.DLL
Module at 0x019e0000: browselc.dll
Module at 0x71ab0000: ws2_32.dll
Module at 0x71aa0000: WS2HELP.dll
Module at 0x76ee0000: RASAPI32.dll
Module at 0x76e90000: rasman.dll
Module at 0x76eb0000: TAPI32.dll
Module at 0x76e80000: rtutils.dll
Module at 0x71a50000: mswsock.dll
Module at 0x76f20000: DNSAPI.dll
Module at 0x76d60000: iphlpapi.dll
Module at 0x76fc0000: rasadhlp.dll
Module at 0x63380000: jscript.dll
Module at 0x75970000: MSGINA.dll
Module at 0x74320000: ODBC32.dll
Module at 0x763b0000: comdlg32.dll
Module at 0x02f20000: odbcint.dll
Module at 0x60510000: dfshim.dll
Module at 0x79000000: mscoree.dll
Module at 0x72cf0000: msadp32.acm
Module at 0x641f0000: Shfusion.dll
Module at 0x60610000: Fusion.dll
Module at 0x60340000: culture.dll
Module at 0x64220000: ShFusRes.dll
Module at 0x4ec50000: gdiplus.dll
Module at 0x77690000: NTMARTA.DLL
Module at 0x026f0000: GrooveIntlResource.dll

Process 00000500: aawservice.exe
Current Memory usage : 79048 kb
Memory usage peak : 84684 kb
Current Paged Pool usage : 65 kb
Paged Pool usage peak : 81 kb
Current Non-Paged Pool usage : 3 kb
Non-Paged Pool usage peak : 4 kb
Current Page file usage : 75984 kb
Page file usage peak : 108792 kb
Page Faults : 305888

Module list
Module at 0x00400000: aawservice.exe
Module at 0x7c900000: ntdll.dll
Module at 0x7c800000: kernel32.dll
Module at 0x10000000: CEAPI.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll
Module at 0x77f60000: SHLWAPI.dll
Module at 0x77f10000: GDI32.dll
Module at 0x77d40000: USER32.dll
Module at 0x77c10000: msvcrt.dll
Module at 0x71ab0000: WS2_32.dll
Module at 0x71aa0000: WS2HELP.dll
Module at 0x004a0000: PKArchive85u.dll
Module at 0x7c9c0000: SHELL32.dll
Module at 0x774e0000: ole32.dll
Module at 0x77a80000: CRYPT32.dll
Module at 0x77b20000: MSASN1.dll
Module at 0x76f60000: WLDAP32.dll
Module at 0x76bf0000: PSAPI.DLL
Module at 0x77c00000: VERSION.dll
Module at 0x771b0000: WININET.dll
Module at 0x00350000: Normaliz.dll
Module at 0x5dca0000: iertutil.dll
Module at 0x769c0000: USERENV.dll
Module at 0x76390000: IMM32.DLL
Module at 0x773d0000: comctl32.dll
Module at 0x5d090000: comctl32.dll
Module at 0x0ffd0000: rsaenh.dll

Process 00000534: SUPERANTISPYWARE.EXE
Current Memory usage : 536 kb
Memory usage peak : 102788 kb
Current Paged Pool usage : 78 kb
Paged Pool usage peak : 85 kb
Current Non-Paged Pool usage : 7 kb
Non-Paged Pool usage peak : 9 kb
Current Page file usage : 50224 kb
Page file usage peak : 107088 kb
Page Faults : 1969422

Module list
Module at 0x00400000: SUPERAntiSpyware.exe
Module at 0x7c900000: ntdll.dll
Module at 0x7c800000: kernel32.dll
Module at 0x77d40000: USER32.dll
Module at 0x77f10000: GDI32.dll
Module at 0x7c9c0000: SHELL32.dll
Module at 0x77c10000: msvcrt.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll
Module at 0x77f60000: SHLWAPI.dll
Module at 0x774e0000: ole32.dll
Module at 0x77120000: OLEAUT32.dll
Module at 0x76b40000: WINMM.dll
Module at 0x77c00000: VERSION.dll
Module at 0x76c90000: imagehlp.dll
Module at 0x10000000: deupx.dll
Module at 0x76d60000: iphlpapi.dll
Module at 0x71ab0000: WS2_32.dll
Module at 0x71aa0000: WS2HELP.dll
Module at 0x773d0000: COMCTL32.dll
Module at 0x771b0000: WININET.dll
Module at 0x00330000: Normaliz.dll
Module at 0x5dca0000: iertutil.dll
Module at 0x763b0000: comdlg32.dll
Module at 0x76390000: IMM32.DLL
Module at 0x5d300000: hhctrl.ocx
Module at 0x77920000: SETUPAPI.dll
Module at 0x755c0000: msctfime.ime
Module at 0x76bf0000: PSAPI.DLL
Module at 0x76fd0000: CLBCATQ.DLL
Module at 0x77050000: COMRes.dll
Module at 0x7e1e0000: ieframe.dll
Module at 0x5ad70000: UxTheme.dll
Module at 0x77fe0000: Secur32.dll
Module at 0x61410000: urlmon.dll
Module at 0x77b40000: appHelp.dll
Module at 0x7e830000: mshtml.dll
Module at 0x746c0000: msls31.dll
Module at 0x746f0000: msimtf.dll
Module at 0x74720000: MSCTF.dll
Module at 0x75cf0000: MLANG.dll
Module at 0x5b860000: netapi32.dll
Module at 0x661c0000: GRA8E1~1.DLL
Module at 0x68ef0000: GrooveUtil.DLL
Module at 0x77a80000: CRYPT32.dll
Module at 0x77b20000: MSASN1.dll
Module at 0x78130000: MSVCR80.dll
Module at 0x68ff0000: GrooveNew.DLL
Module at 0x7c630000: ATL80.DLL
Module at 0x0ffd0000: rsaenh.dll
Module at 0x76380000: MSImg32.dll
Module at 0x65e30000: GR99D3~1.DLL
Module at 0x74980000: msxml3.dll
Module at 0x4d4f0000: WINHTTP.dll
Module at 0x05470000: SASSEH.DLL
Module at 0x20000000: xpsp2res.dll
Module at 0x769c0000: USERENV.dll
Module at 0x76980000: LINKINFO.dll
Module at 0x76990000: ntshrui.dll
Module at 0x76b20000: ATL.DLL
Module at 0x71b20000: MPR.dll

Process 00000550: ctfmon.exe
Current Memory usage : 2896 kb
Memory usage peak : 2896 kb
Current Paged Pool usage : 32 kb
Paged Pool usage peak : 37 kb
Current Non-Paged Pool usage : 3 kb
Non-Paged Pool usage peak : 3 kb
Current Page file usage : 804 kb
Page file usage peak : 816 kb
Page Faults : 829

Module list
Module at 0x00400000: ctfmon.exe
Module at 0x7c900000: ntdll.dll
Module at 0x7c800000: kernel32.dll
Module at 0x77c10000: msvcrt.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll
Module at 0x77d40000: USER32.dll
Module at 0x77f10000: GDI32.dll
Module at 0x74720000: MSCTF.dll
Module at 0x5fc10000: MSUTB.dll
Module at 0x5cb70000: ShimEng.dll
Module at 0x6f880000: AcGenral.DLL
Module at 0x76b40000: WINMM.dll
Module at 0x774e0000: ole32.dll
Module at 0x77120000: OLEAUT32.dll
Module at 0x77be0000: MSACM32.dll
Module at 0x77c00000: VERSION.dll
Module at 0x7c9c0000: SHELL32.dll
Module at 0x77f60000: SHLWAPI.dll
Module at 0x769c0000: USERENV.dll
Module at 0x5ad70000: UxTheme.dll
Module at 0x76390000: IMM32.DLL
Module at 0x773d0000: comctl32.dll
Module at 0x755c0000: msctfime.ime

Process 00000754: Ad-Aware2007.exe
Current Memory usage : 35072 kb
Memory usage peak : 35144 kb
Current Paged Pool usage : 63 kb
Paged Pool usage peak : 64 kb
Current Non-Paged Pool usage : 43 kb
Non-Paged Pool usage peak : 44 kb
Current Page file usage : 32448 kb
Page file usage peak : 33304 kb
Page Faults : 190069

Module list
Module at 0x00400000: Ad-Aware2007.exe
Module at 0x7c900000: ntdll.dll
Module at 0x7c800000: kernel32.dll
Module at 0x77120000: oleaut32.dll
Module at 0x77c10000: msvcrt.dll
Module at 0x77d40000: USER32.dll
Module at 0x77f10000: GDI32.dll
Module at 0x77dd0000: ADVAPI32.dll
Module at 0x77e70000: RPCRT4.dll
Module at 0x774e0000: ole32.dll
Module at 0x77c00000: version.dll
Module at 0x71b20000: mpr.dll
Module at 0x5d090000: comctl32.dll
Module at 0x76390000: imm32.dll
Module at 0x7c9c0000: shell32.dll
Module at 0x77f60000: SHLWAPI.dll
Module at 0x763b0000: comdlg32.dll
Module at 0x76b40000: winmm.dll
Module at 0x76780000: SHFolder.dll
Module at 0x10000000: lavalicense.dll
Module at 0x773d0000: comctl32.dll
Module at 0x71ab0000: ws2_32.dll
Module at 0x71aa0000: WS2HELP.dll
Module at 0x666f0000: inetmib1.dll
Module at 0x76d60000: iphlpapi.dll
Module at 0x71f60000: snmpapi.dll
Module at 0x71ad0000: WSOCK32.dll
Module at 0x76d40000: MPRAPI.dll
Module at 0x77cc0000: ACTIVEDS.dll
Module at 0x76e10000: adsldpc.dll
Module at 0x5b860000: NETAPI32.dll
Module at 0x76f60000: WLDAP32.dll
Module at 0x76b20000: ATL.DLL
Module at 0x76e80000: rtutils.dll
Module at 0x71bf0000: SAMLIB.dll
Module at 0x77920000: SETUPAPI.dll
Module at 0x77690000: NTMARTA.DLL
Module at 0x74720000: MSCTF.dll
Module at 0x755c0000: msctfime.ime
Module at 0x5ad70000: uxtheme.dll
Module at 0x77b40000: appHelp.dll
Module at 0x76fd0000: CLBCATQ.DLL
Module at 0x77050000: COMRes.dll
Module at 0x661c0000: GRA8E1~1.DLL
Module at 0x68ef0000: GrooveUtil.DLL
Module at 0x771b0000: WININET.dll
Module at 0x01530000: Normaliz.dll
Module at 0x5dca0000: iertutil.dll
Module at 0x77a80000: CRYPT32.dll
Module at 0x77b20000: MSASN1.dll
Module at 0x78130000: MSVCR80.dll
Module at 0x68ff0000: GrooveNew.DLL
Module at 0x7c630000: ATL80.DLL
Module at 0x0ffd0000: rsaenh.dll
Module at 0x76380000: MSImg32.dll
Module at 0x769c0000: USERENV.dll
Module at 0x5edd0000: olepro32.dll
Module at 0x77fe0000: Secur32.dll
Module at 0x074a0000: lavamessage.dll

Here is the rest of what you wanted...

Super Anti Spyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/13/2008 at 06:59 PM

Application Version : 3.9.1008

Core Rules Database Version : 3400
Trace Rules Database Version: 1392

Scan type : Complete Scan
Total Scan Time : 18:01:47

Memory items scanned : 420
Memory threats detected : 0
Registry items scanned : 6103
Registry threats detected : 0
File items scanned : 28460
File threats detected : 118

Adware.Tracking Cookie
D:\Documents and Settings\John\Cookies\john@mediaplex[1].txt
D:\Documents and Settings\John\Cookies\john@revsci[1].txt
D:\Documents and Settings\John\Cookies\john@thomsoneducationdirect.122.2o7[1].txt
D:\Documents and Settings\John\Cookies\john@media.adrevolver[1].txt
D:\Documents and Settings\John\Cookies\john@xiti[1].txt
D:\Documents and Settings\John\Cookies\john@ads.soft32[2].txt
D:\Documents and Settings\John\Cookies\john@mediaonenetwork[1].txt
D:\Documents and Settings\John\Cookies\john@anad.tacoda[1].txt
D:\Documents and Settings\John\Cookies\john@specificclick[2].txt
D:\Documents and Settings\John\Cookies\john@richmedia.yahoo[1].txt
D:\Documents and Settings\John\Cookies\john@toplist[1].txt
D:\Documents and Settings\John\Cookies\john@statse.webtrendslive[1].txt
D:\Documents and Settings\John\Cookies\john@ehg-newsinteractive.hitbox[2].txt
D:\Documents and Settings\John\Cookies\john@doubleclick[1].txt
D:\Documents and Settings\John\Cookies\john@cassava[1].txt
D:\Documents and Settings\John\Cookies\john@adserver.hellasnet[1].txt
D:\Documents and Settings\John\Cookies\john@dealtime[1].txt
D:\Documents and Settings\John\Cookies\john@partypoker[2].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wflocidzcbo.stats.esomniture[2].txt
D:\Documents and Settings\John\Cookies\john@ringcentral.112.2o7[1].txt
D:\Documents and Settings\John\Cookies\john@server.iad.liveperson[2].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wclycpc5afp.stats.esomniture[2].txt
D:\Documents and Settings\John\Cookies\john@hitbox[1].txt
D:\Documents and Settings\John\Cookies\john@optus.112.2o7[1].txt
D:\Documents and Settings\John\Cookies\john@tacoda[2].txt
D:\Documents and Settings\John\Cookies\john@tribalfusion[1].txt
D:\Documents and Settings\John\Cookies\john@zedo[1].txt
D:\Documents and Settings\John\Cookies\john@burstnet[2].txt
D:\Documents and Settings\John\Cookies\john@fastclick[1].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wcloskdpcdp.stats.esomniture[2].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wbmyuoajkko.stats.esomniture[1].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wgkicpczgdo.stats.esomniture[2].txt
D:\Documents and Settings\John\Cookies\john@chicagosuntimes.122.2o7[1].txt
D:\Documents and Settings\John\Cookies\john@casalemedia[2].txt
D:\Documents and Settings\John\Cookies\john@tracker.mediatracker.co[1].txt
D:\Documents and Settings\John\Cookies\john@cgi-bin[2].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wgmyqgdzkdo.stats.esomniture[2].txt
D:\Documents and Settings\John\Cookies\john@bs.serving-sys[2].txt
D:\Documents and Settings\John\Cookies\john@yadro[1].txt
D:\Documents and Settings\John\Cookies\john@msnportal.112.2o7[1].txt
D:\Documents and Settings\John\Cookies\john@rotator.adjuggler[1].txt
D:\Documents and Settings\John\Cookies\john@888[2].txt
D:\Documents and Settings\John\Cookies\john@ehg-acreisaustralia.hitbox[1].txt
D:\Documents and Settings\John\Cookies\john@adtech[1].txt
D:\Documents and Settings\John\Cookies\john@atdmt[2].txt
D:\Documents and Settings\John\Cookies\john@ads.techguy[2].txt
D:\Documents and Settings\John\Cookies\john@stat.onestat[2].txt
D:\Documents and Settings\John\Cookies\john@partygaming.122.2o7[1].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wckoqjdjweo.stats.esomniture[2].txt
D:\Documents and Settings\John\Cookies\john@virginmobile.122.2o7[1].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wgmywhdpgkp.stats.esomniture[2].txt
D:\Documents and Settings\John\Cookies\john@serving-sys[1].txt
D:\Documents and Settings\John\Cookies\john@adbrite[1].txt
D:\Documents and Settings\John\Cookies\john@statcounter[2].txt
D:\Documents and Settings\John\Cookies\john@stat.dealtime[2].txt
D:\Documents and Settings\John\Cookies\john@mediaservices.myspace[2].txt
D:\Documents and Settings\John\Cookies\john@247realmedia[1].txt
D:\Documents and Settings\John\Cookies\john@try.starware[2].txt
D:\Documents and Settings\John\Cookies\john@apmebf[1].txt
D:\Documents and Settings\John\Cookies\john@005.free-counter.co[1].txt
D:\Documents and Settings\John\Cookies\john@webstats[2].txt
D:\Documents and Settings\John\Cookies\john@clicksor[1].txt
D:\Documents and Settings\John\Cookies\john@interclick[2].txt
D:\Documents and Settings\John\Cookies\john@adopt.euroclick[2].txt
D:\Documents and Settings\John\Cookies\john@clicktorrent[1].txt
D:\Documents and Settings\John\Cookies\john@fdau.adbureau[1].txt
D:\Documents and Settings\John\Cookies\john@ad1.clickhype[1].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wfkygmc5oep.stats.esomniture[2].txt
D:\Documents and Settings\John\Cookies\john@adserver[1].txt
D:\Documents and Settings\John\Cookies\john@pcbannerhost[1].txt
D:\Documents and Settings\John\Cookies\john@ads.adbrite[2].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wbkikkdjgko.stats.esomniture[2].txt
D:\Documents and Settings\John\Cookies\john@1066177036[1].txt
D:\Documents and Settings\John\Cookies\john@perf.overture[1].txt
D:\Documents and Settings\John\Cookies\john@media.sensis.com[2].txt
D:\Documents and Settings\John\Cookies\john@overture[2].txt
D:\Documents and Settings\John\Cookies\john@3.adbrite[1].txt
D:\Documents and Settings\John\Cookies\john@www.burstnet[1].txt
D:\Documents and Settings\John\Cookies\john@cnetaustralia.122.2o7[1].txt
D:\Documents and Settings\John\Cookies\john@h.starware[2].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wbmigpdzgeq.stats.esomniture[2].txt
D:\Documents and Settings\John\Cookies\john@ad.yieldmanager[2].txt
D:\Documents and Settings\John\Cookies\john@clickaider[2].txt
D:\Documents and Settings\John\Cookies\john@stats.cdrinfo[1].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wfmiqpdjgco.stats.esomniture[2].txt
D:\Documents and Settings\John\Cookies\john@apnonline.112.2o7[1].txt
D:\Documents and Settings\John\Cookies\john@incutrack.getprice.com[1].txt
D:\Documents and Settings\John\Cookies\john@ads.addynamix[1].txt
D:\Documents and Settings\John\Cookies\john@windowsmedia[1].txt
D:\Documents and Settings\John\Cookies\john@adinterax[1].txt
D:\Documents and Settings\John\Cookies\john@ads.boozle.com[2].txt
D:\Documents and Settings\John\Cookies\john@webstat[2].txt
D:\Documents and Settings\John\Cookies\john@adserver.easyad[1].txt
D:\Documents and Settings\John\Cookies\john@indextools[2].txt
D:\Documents and Settings\John\Cookies\john@findmysuper.com[2].txt
D:\Documents and Settings\John\Cookies\john@usenext[1].txt
D:\Documents and Settings\John\Cookies\john@e-2dj6wckisgcjcco.stats.esomniture[2].txt
D:\Documents and Settings\John\Cookies\john@snapfish.112.2o7[1].txt
D:\Documents and Settings\Anna\Cookies\anna@005.free-counter.co[1].txt
D:\Documents and Settings\Anna\Cookies\anna@247realmedia[1].txt
D:\Documents and Settings\Anna\Cookies\anna@ads.pointroll[1].txt
D:\Documents and Settings\Anna\Cookies\anna@advertising[1].txt
D:\Documents and Settings\Anna\Cookies\anna@atdmt[1].txt
D:\Documents and Settings\Anna\Cookies\anna@casalemedia[1].txt
D:\Documents and Settings\Anna\Cookies\anna@counter.hitslink[1].txt
D:\Documents and Settings\Anna\Cookies\anna@doubleclick[1].txt
D:\Documents and Settings\Anna\Cookies\anna@e-2dj6wfk4aidpsdo.stats.esomniture[2].txt
D:\Documents and Settings\Anna\Cookies\anna@e-2dj6wflowidzekp.stats.esomniture[2].txt
D:\Documents and Settings\Anna\Cookies\anna@e-2dj6wfmiwicjkeo.stats.esomniture[2].txt
D:\Documents and Settings\Anna\Cookies\anna@e-2dj6wjmywodzeep.stats.esomniture[2].txt
D:\Documents and Settings\Anna\Cookies\anna@mediaplex[1].txt
D:\Documents and Settings\Anna\Cookies\anna@msnportal.112.2o7[2].txt
D:\Documents and Settings\Anna\Cookies\anna@overture[1].txt
D:\Documents and Settings\Anna\Cookies\anna@pcbannerhost[1].txt
D:\Documents and Settings\Anna\Cookies\anna@questionmarket[2].txt
D:\Documents and Settings\Anna\Cookies\anna@specificclick[2].txt
D:\Documents and Settings\Anna\Cookies\anna@statcounter[1].txt
D:\Documents and Settings\Pix & Mix Memories\Cookies\pix & mix memories@atdmt[1].txt


a-squared

a-squared Free - Version 3.1
Last update: 21/03/2008 2:54:56 PM

Scan settings:

Objects: Memory, Traces, Cookies, D:\, E:\, F:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 21/03/2008 3:16:32 PM

d:\documents and settings\john\start menu\programs\advanced rar password recovery detected: Trace.Directory.Advanced RAR Password Recovery
d:\documents and settings\john\start menu\programs\advanced rar password recovery\advanced rar password recovery help.lnk detected: Trace.File.Advanced RAR Password Recovery
d:\documents and settings\john\start menu\programs\advanced rar password recovery\advanced rar password recovery.lnk detected: Trace.File.Advanced RAR Password Recovery
d:\documents and settings\john\start menu\programs\advanced rar password recovery\end-user license agreement.lnk detected: Trace.File.Advanced RAR Password Recovery
d:\documents and settings\john\start menu\programs\advanced rar password recovery\how to order.lnk detected: Trace.File.Advanced RAR Password Recovery
d:\documents and settings\john\start menu\programs\advanced rar password recovery\readme.lnk detected: Trace.File.Advanced RAR Password Recovery
Value: HKEY_USERS\S-1-5-21-1935655697-1454471165-725345543-1003\Software\Elcom\Advanced RAR Password Recovery --> Installer Language detected: Trace.Registry.Advanced RAR Password Recovery
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced RAR Password Recovery --> InstallDir detected: Trace.Registry.Advanced RAR Password Recovery
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced RAR Password Recovery --> Stat param #1 detected: Trace.Registry.Advanced RAR Password Recovery
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Elcom\Advanced RAR Password Recovery --> Stat param #2 detected: Trace.Registry.Advanced RAR Password Recovery
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced RAR Password Recovery --> DisplayName detected: Trace.Registry.Advanced RAR Password Recovery
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced RAR Password Recovery --> UninstallString detected: Trace.Registry.Advanced RAR Password Recovery
D:\SDFix\apps\Process.exe detected: Riskware.RiskTool.Win32.Processor.20
E:\APPS\Working Appz\Antivirus Apps\SDFix.exe/Process.exe detected: Riskware.RiskTool.Win32.Processor.20

Scanned

Files: 133446
Traces: 392788
Cookies: 8
Processes: 42

Found

Files: 2
Traces: 12
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 21/03/2008 5:10:31 PM
Scan time: 1:53:59

Now the only other thing I want to tell you is that I can now boot up, but the problems I have are:
- it still takes a very long time to do so and the PC is very slow and lethargic
- on occasions, I have opened up IE and after taking some time to open the browser, it eventually opens to my home page, as do the other 500 pages it opens up. So there is a long pause before anything happens, then all of a sudden in an instance, heaps of pages open up.
- other times when I open up 4 or 5 web pages (or tabs) IE just shuts down and I have to open IE again.
- Finally, I also noticed when I run adaware and the error occurs, I notice a balloon indicating a Windows Delayed Write Failed on F:\$Mft
Not sure what this means but I don't have this file or folder on my F drive.

As I said in my previous post, I haven't noticed the 'Adserver' info in the address bar of IE anymore. Not sure if this has gone since running those programs you suggested.

Anyway, I hope you and the team can make heads or tails of this and provide a prompt solution.
It's driving me batty.

Cheers,
BV

PS. Happy Easter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users