Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus or Malware


  • This topic is locked This topic is locked
51 replies to this topic

#1 kymberly

kymberly

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 03 March 2010 - 07:20 PM

My computer is very slow not too mention that I get a black window at start up with files loading like $msconfig, then it states 1489/1489 what these files loading are not familiar to me. I can't move from one screen to the next because it takes me at least 5-10 minutes for the screen I click or type to appear. Please I have been in the forum before. I have gotten techs that don't take the time and tell me that nothing is on my computer. I have a firewall Commdo but its worthless to me or I just don't know how to set it to keep from getting infected. I don't do porn sites or games so I confused to why I keep getting infected. I have used Combofix but everytime I instructed to use it it never deletes anything. I believe there are certain codes that keeps me from downloading certain programs on this computer. I have used the disk that came with this over 20 times but same thing happens. I have been plagued with trojan after trojan and just don't know what to do. Programs that I have used are Combofix, Norton (aint worth 2 cents), Dr.Web(finds it everytime), ESET(finds nothing), Kasperskery(can't download). RootRepeal does not work on my system. What every I download the trojan installs itself in that program.

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by hell nawl at 18:25:43.53 on Wed 03/03/2010
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.501.154 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\hell nawl\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.att.net/
uLocal Page = hxxp://www.att.net
uSearch Page = hxxp://www.att.net
mStart Page = hxxp://www.att.net
mDefault_Page_URL = hxxp://www.att.net
mDefault_Search_URL = hxxp://www.att.net
mSearch Page = hxxp://www.att.net
mLocal Page = hxxp://www.att.net
mCustomizeSearch = hxxp://www.att.net
mSearchAssistant = hxxp://www.att.net
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
StartupFolder: c:\users\hellna~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {1F9F0BB6-4FC7-4150-9016-5A2A785E4C10} = 156.154.70.22,156.154.71.22
TCP: {9EDF7608-C171-40B2-BB6D-40EF62583E78} = 156.154.70.22,156.154.71.22
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-15 64288]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-1-28 29520]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-1-20 18816]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-8 11608]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-1-28 130960]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-8 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-8 185089]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-8 56816]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\96D5.tmp [2010-1-20 6144]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S4 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-6-25 1858144]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]

=============== Created Last 30 ================

2010-03-04 00:23:19 0 ----a-w- c:\users\hell nawl\defogger_reenable
2010-02-28 19:26:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-28 19:25:36 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-28 19:25:36 472576 ----a-w- c:\windows\system32\secproc.dll
2010-02-28 19:25:35 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-28 19:25:34 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-28 19:25:34 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-28 19:25:34 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-28 19:25:33 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-02-28 19:25:33 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-28 19:25:33 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-10 04:02:49 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 04:02:49 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

==================== Find3M ====================

2010-02-11 04:54:47 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-11 04:54:43 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-31 21:20:07 15 ----a-w- c:\users\hell nawl\settings.dat
2010-01-30 08:27:17 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-28 10:09:43 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-01-28 10:09:43 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-28 10:09:42 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 09:51:36 82 ----a-w- c:\users\hellna~1\appdata\roaming\wklnhst.dat
2010-01-11 05:22:59 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 00:32:13 46375 ----a-w- c:\windows\Junction1.zip
2010-01-02 16:44:48 95616 ----a-w- C:\junction.exe
2010-01-02 16:44:23 46375 ----a-w- c:\windows\Junction.zip
2009-12-28 12:36:21 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35:48 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34:31 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34:29 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34:29 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34:24 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33:24 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32:52 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30:47 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30:47 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-18 12:52:36 832512 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 12:48:23 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:46:10 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18:14 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45:07 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-12-16 20:52:46 81984 ----a-w- c:\windows\system32\bdod.bin
2009-12-10 04:54:07 261632 ----a-w- c:\windows\PEV.exe
2009-12-08 20:54:53 3502168 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:54:53 3467848 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 20:19:40 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-12-08 17:57:22 22016 ----a-w- c:\windows\system32\netiougc.exe
2009-06-13 09:05:00 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-13 09:02:14 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:26:13.28 ===============

Edited by kymberly, 03 March 2010 - 07:35 PM.


BC AdBot (Login to Remove)

 


#2 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 03 March 2010 - 07:38 PM


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 5/5/2009 8:57:30 PM
System Uptime: 3/3/2010 6:02:06 PM (0 hours ago)

Motherboard: Quanta | | 30BB
Processor: Genuine Intel® CPU T2250 @ 1.73GHz | U2E1 | 1729/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 50.021 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.787 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

a-squared Free 4.5
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.2.0
ASL_HS_Installer32
AutoUpdate
Avira AntiVir Personal - Free Antivirus
COMODO Internet Security
Conexant HD Audio
DivX
ESET Online Scanner v3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Connections (remove only)
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Help and Support
HP QuickPlay 3.0
HP Total Care Advisor
HP User Guide 0048
HPAsset component for HP Active Support Library
HPNetworkAssistant
Intel® Graphics Media Accelerator Driver
Java™ SE Runtime Environment 6
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Secunia PSI
Soft Data Fax Modem with SmartCP
Sonic Activation Module
Sophos Anti-Rootkit 1.5.0
SpywareBlaster 4.2
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

==== Event Viewer Messages From Past Week ========

3/3/2010 6:04:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb cmdGuard spldr ssmdrv Wanarpv6
3/3/2010 6:04:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/3/2010 6:03:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/3/2010 6:03:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/3/2010 6:02:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
3/3/2010 6:02:59 PM, Error: LSM [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
3/3/2010 6:02:51 PM, Error: EventLog [6008] - The previous system shutdown at 5:57:19 PM on 3/3/2010 was unexpected.
3/3/2010 5:44:15 PM, Error: EventLog [6008] - The previous system shutdown at 2:36:52 PM on 3/2/2010 was unexpected.
3/2/2010 1:07:08 PM, Error: EventLog [6008] - The previous system shutdown at 2:21:42 PM on 2/28/2010 was unexpected.
2/28/2010 1:14:30 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}. The error: "5" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe -Embedding
2/28/2010 1:11:18 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/28/2010 1:09:50 PM, Error: EventLog [6008] - The previous system shutdown at 2:24:39 AM on 2/23/2010 was unexpected.

==== End Of File ===========================


ok, i have used the defrogger and will post results of that.
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:23 on 03/03/2010 (hell nawl)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Waiting on GMER to finish.

#3 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 03 March 2010 - 08:06 PM

Files that help describe the problem:
C:\Windows\Minidump\Mini030310-02.dmp
C:\Users\hell nawl\AppData\Local\temp\WER-53929-0.sysdata.xml
C:\Users\hell nawl\AppData\Local\temp\WER5EE1.tmp.version.txt

Ok, what I posted above was the blue screen of death it happens everytime I try to run GMER.Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6000.2.0.0.768.2
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: 9F138038
BCP2: 00000000
BCP3: 90420D3D
BCP4: 00000000
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini030310-02.dmp
C:\Users\hell nawl\AppData\Local\temp\WER-53929-0.sysdata.xml
C:\Users\hell nawl\AppData\Local\temp\WER5EE1.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409


Sorry for the post but there was not other way to describe what happen but to post what happens. I cant run most things on my system.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:35 PM

Posted 07 March 2010 - 08:39 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 07 March 2010 - 03:18 PM

Just a note here: I ran Dr.Web in safe mode but got the blue screen it found a backdoor trojan located in msint-I believe that is in my Mcafee. Maybe that's why its not finding anything. I could not move or delete the trojan believeing that Dr. Web had been compromised by the trojan. It would not let me doing anything to it. I forgot to mention this when I started the thread. Also I was in safe mode with networking trying to run OTL but the weirdest thgin happen. I went to backspace an error I made in typing and it erased the whole OTL report I pasted here. I tried to exit the program but ot wouldn't allow me to do that. What is HPQWARE??
OTL logfile created on: 3/7/2010 12:02:29 PM - Run 2
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Orange and Blue\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.30 Gb Total Space | 261.21 Gb Free Space | 90.29% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 1.65 Gb Free Space | 18.81% Space Free | Partition Type: NTFS
Drive E: | 317.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOTOHELL-PC
Current User Name: Go to Hell
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/07 11:32:20 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Orange and Blue\Desktop\OTL.exe
PRC - [2009/12/09 10:56:01 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/06/25 06:34:56 | 000,082,608 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3400 Series\ezprint.exe
PRC - [2007/06/25 06:34:55 | 000,291,504 | ---- | M] () -- C:\Program Files\Lexmark 3400 Series\lxcymon.exe
PRC - [2007/06/20 02:28:55 | 000,537,264 | ---- | M] ( ) -- C:\Windows\System32\lxcycoms.exe
PRC - [2006/11/09 14:46:26 | 000,190,072 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil9b.exe


========== Modules (SafeList) ==========

MOD - [2010/03/07 11:32:20 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Orange and Blue\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2006/11/02 01:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2007/06/20 02:28:55 | 000,537,264 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcycoms.exe -- (lxcy_device)
SRV - [2007/01/16 19:02:28 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/06/18 12:55:41 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/05/24 07:36:42 | 000,501,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/03/19 05:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/01 08:21:10 | 001,744,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/10 16:18:00 | 007,409,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3855407397-716935182-3364912696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKU\S-1-5-21-3855407397-716935182-3364912696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3855407397-716935182-3364912696-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3855407397-716935182-3364912696-1000\S-1-5-21-3855407397-716935182-3364912696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3855407397-716935182-3364912696-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net/
IE - HKU\S-1-5-21-3855407397-716935182-3364912696-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3855407397-716935182-3364912696-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3855407397-716935182-3364912696-1001\S-1-5-21-3855407397-716935182-3364912696-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/23 15:56:15 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-3855407397-716935182-3364912696-1000\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O3 - HKU\S-1-5-21-3855407397-716935182-3364912696-1001\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LXCYCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcymon.exe] C:\Program Files\Lexmark 3400 Series\lxcymon.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKU\.DEFAULT..\Run: [DelayShred] c:\Program Files\McAfee\MSHR\ShrCL.exe ()
O4 - HKU\S-1-5-18..\Run: [DelayShred] c:\Program Files\McAfee\MSHR\ShrCL.exe ()
O4 - HKU\S-1-5-21-3855407397-716935182-3364912696-1000..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Orange and Blue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3855407397-716935182-3364912696-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3855407397-716935182-3364912696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3855407397-716935182-3364912696-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3855407397-716935182-3364912696-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3855407397-716935182-3364912696-1001_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3855407397-716935182-3364912696-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3855407397-716935182-3364912696-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\aflow_q.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\aflow_q.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/04 15:13:27 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/10/27 21:28:27 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006/11/02 03:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk - C:\PROGRA~1\SNAPFI~1\SNAPFI~1.EXE - File not found
MsConfig - StartUpFolder: C:^Users^Go to Hell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: hpsysdrv - hkey= - key= - c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\KbdStub.exe ()
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: NvSvc - hkey= - key= - File not found
MsConfig - StartUpReg: OsdMaestro - hkey= - key= - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/05 19:17:46 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys
[2010/03/01 11:58:06 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.ZZ.Z..ZZ..ZZ
[2010/02/27 15:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Family Toolbar
[2010/02/23 19:19:29 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/23 16:26:54 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 16:26:54 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 16:26:53 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 16:26:53 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 16:26:53 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 16:26:53 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 16:26:53 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 16:26:53 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 16:26:53 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/23 16:26:42 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 16:26:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 16:11:25 | 000,000,000 | ---D | C] -- C:\Users\Go to Hell\AppData\Local\temp
[2010/02/23 16:10:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/16 19:39:34 | 000,000,000 | ---D | C] -- C:\Users\Go to Hell\Documents\antivir_rootkit[1]
[2010/02/16 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\Go to Hell\{eba97661-537c-4399-8719-d256b232a587}
[2010/02/16 18:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Fax Solutions
[2010/02/16 18:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 3400 Series
[2010/02/16 18:43:51 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcyhcp.dll
[2010/02/16 18:43:50 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcyinpa.dll
[2010/02/16 18:43:50 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcyiesc.dll
[2010/02/16 18:43:49 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcyusb1.dll
[2010/02/16 18:43:49 | 000,462,848 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcyutil.dll
[2010/02/16 18:43:48 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcyserv.dll
[2010/02/16 18:43:48 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcyprox.dll
[2010/02/16 18:43:47 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcypmui.dll
[2010/02/16 18:43:47 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcypplc.dll
[2010/02/16 18:43:46 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcylmpm.dll
[2010/02/16 18:43:45 | 000,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcyinsb.dll
[2010/02/16 18:43:45 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcyjswr.dll
[2010/02/16 18:43:45 | 000,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcyinsr.dll
[2010/02/16 18:43:44 | 000,385,712 | ---- | C] ( ) -- C:\Windows\System32\lxcyih.exe
[2010/02/16 18:43:44 | 000,176,128 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcyins.dll
[2010/02/16 18:43:42 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcyhbn3.dll
[2010/02/16 18:43:41 | 000,983,107 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lxcygf.dll
[2010/02/16 18:43:41 | 000,086,016 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcycub.dll
[2010/02/16 18:43:40 | 000,537,264 | ---- | C] ( ) -- C:\Windows\System32\lxcycoms.exe
[2010/02/16 18:43:40 | 000,077,824 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcycu.dll
[2010/02/16 18:43:40 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxcycur.dll
[2010/02/16 18:43:39 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcycomc.dll
[2010/02/16 18:43:39 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcycomm.dll
[2010/02/16 18:43:38 | 000,381,616 | ---- | C] ( ) -- C:\Windows\System32\lxcycfg.exe
[2010/02/16 18:43:38 | 000,077,824 | ---- | C] (Lexmark International) -- C:\Windows\System32\lxcycfg.dll
[2010/02/16 18:12:16 | 000,000,000 | ---D | C] -- C:\Users\Go to Hell\AppData\Roaming\FaxCtr
[2010/02/15 16:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\lx_cats
[2010/02/15 16:11:21 | 000,098,345 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IMHOST32.DLL
[2010/02/15 16:11:21 | 000,098,304 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31XPNG.DEL
[2010/02/15 16:11:21 | 000,069,632 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31XTIF.DEL
[2010/02/15 16:11:21 | 000,049,152 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IM31IMG.DIL
[2010/02/15 16:11:21 | 000,012,288 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXPMONRC.DLL
[2010/02/15 16:11:20 | 000,339,968 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\IMGMAN32.DLL
[2010/02/15 16:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\FaxCtr
[2010/02/15 16:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2010/02/15 16:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2010/02/15 15:06:57 | 000,000,000 | ---D | C] -- C:\Users\Go to Hell\Citrix
[2010/02/15 14:40:55 | 000,000,000 | ---D | C] -- C:\Users\Go to Hell\Documents\OneNote Notebooks
[2010/02/15 14:26:10 | 000,000,000 | ---D | C] -- C:\Users\Go to Hell\Documents\Updater5
[2010/02/11 16:47:31 | 000,000,000 | ---D | C] -- C:\Users\Go to Hell\AppData\Roaming\Template
[2010/02/11 15:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/02/09 14:22:22 | 003,467,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 14:22:20 | 003,502,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 14:22:04 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/02/09 14:22:04 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/02/09 14:21:49 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 14:21:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 14:21:48 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 14:21:48 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/09 14:21:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll

========== Files - Modified Within 30 Days ==========

[2010/03/07 12:02:28 | 001,048,576 | -HS- | M] () -- C:\Users\Go to Hell\NTUSER.DAT
[2010/03/07 12:00:51 | 000,011,320 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/03/07 11:57:46 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/07 11:57:46 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/07 11:57:45 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/03/07 11:57:45 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/03/07 11:57:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/07 11:57:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/01 14:53:02 | 000,325,760 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/01 14:53:02 | 000,300,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/01 14:53:02 | 000,035,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/01 12:33:20 | 001,501,136 | -H-- | M] () -- C:\Users\Go to Hell\AppData\Local\IconCache.db
[2010/03/01 12:33:13 | 000,029,696 | ---- | M] () -- C:\Users\Go to Hell\Desktop\kim calendar events.wps
[2010/03/01 12:33:13 | 000,000,350 | ---- | M] () -- C:\Users\Go to Hell\AppData\Roaming\wklnhst.dat
[2010/03/01 10:50:25 | 000,000,958 | ---- | M] () -- C:\Users\Go to Hell\Desktop\Ericka Johnson - Shortcut.lnk
[2010/02/28 18:21:32 | 000,012,800 | ---- | M] () -- C:\Users\Go to Hell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/28 17:19:40 | 000,092,584 | ---- | M] () -- C:\Users\Go to Hell\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 15:51:54 | 000,357,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/23 19:57:55 | 000,000,052 | ---- | M] () -- C:\Windows\System32\tmp.files0
[2010/02/23 19:22:58 | 031,907,168 | ---- | M] () -- C:\Users\Go to Hell\Desktop\drweb-cureit.exe
[2010/02/23 18:27:32 | 000,030,208 | ---- | M] () -- C:\Users\Go to Hell\Desktop\Memphis city school resume 2004.doc
[2010/02/23 18:24:49 | 000,001,432 | ---- | M] () -- C:\Users\Go to Hell\Desktop\kim resume - Shortcut.lnk
[2010/02/23 18:22:40 | 000,025,600 | ---- | M] () -- C:\Users\Go to Hell\Desktop\old resume.doc
[2010/02/23 16:29:27 | 000,013,206 | ---- | M] () -- C:\Users\Go to Hell\Desktop\old resume.docx
[2010/02/23 16:08:46 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/16 19:03:05 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3400 Series.LNK
[2010/02/16 19:00:54 | 000,033,016 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2010/02/16 18:33:25 | 000,000,048 | ---- | M] () -- C:\Windows\WinInit.Ini
[2010/02/15 15:07:04 | 000,000,081 | ---- | M] () -- C:\Users\Go to Hell\CTX.DAT
[2010/02/11 17:20:39 | 000,005,990 | ---- | M] () -- C:\Users\Go to Hell\Desktop\Memphis City Schools.rtf
[2010/02/11 17:15:24 | 000,010,752 | ---- | M] () -- C:\Users\Go to Hell\Desktop\Memphis City Schools.wps
[2010/02/11 16:46:49 | 000,000,942 | ---- | M] () -- C:\Users\Go to Hell\Desktop\Microsoft Works.LNK

========== Files Created - No Company Name ==========

[2010/03/01 12:31:25 | 000,029,696 | ---- | C] () -- C:\Users\Go to Hell\Desktop\kim calendar events.wps
[2010/02/28 18:11:04 | 000,012,800 | ---- | C] () -- C:\Users\Go to Hell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 19:57:55 | 000,000,052 | ---- | C] () -- C:\Windows\System32\tmp.files0
[2010/02/23 19:22:47 | 031,907,168 | ---- | C] () -- C:\Users\Go to Hell\Desktop\drweb-cureit.exe
[2010/02/23 18:27:31 | 000,030,208 | ---- | C] () -- C:\Users\Go to Hell\Desktop\Memphis city school resume 2004.doc
[2010/02/23 18:22:39 | 000,025,600 | ---- | C] () -- C:\Users\Go to Hell\Desktop\old resume.doc
[2010/02/23 16:29:37 | 000,001,432 | ---- | C] () -- C:\Users\Go to Hell\Desktop\kim resume - Shortcut.lnk
[2010/02/23 16:29:26 | 000,013,206 | ---- | C] () -- C:\Users\Go to Hell\Desktop\old resume.docx
[2010/02/16 19:09:43 | 000,000,958 | ---- | C] () -- C:\Users\Go to Hell\Desktop\Ericka Johnson - Shortcut.lnk
[2010/02/16 19:03:05 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Imaging Studio - 3400 Series.LNK
[2010/02/16 18:56:11 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcycoin.dll
[2010/02/16 18:52:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXPRMON.DLL
[2010/02/16 18:52:39 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXPMONUI.DLL
[2010/02/16 18:43:51 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcyinst.dll
[2010/02/16 18:43:43 | 000,581,173 | ---- | C] () -- C:\Windows\System32\lxcyhelp.chm
[2010/02/16 18:43:38 | 000,033,016 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2010/02/16 18:43:38 | 000,001,834 | ---- | C] () -- C:\Windows\System32\lxcy.loc
[2010/02/16 18:33:25 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini
[2010/02/15 15:07:04 | 000,000,081 | ---- | C] () -- C:\Users\Go to Hell\CTX.DAT
[2010/02/11 17:20:39 | 000,005,990 | ---- | C] () -- C:\Users\Go to Hell\Desktop\Memphis City Schools.rtf
[2010/02/11 16:49:38 | 000,010,752 | ---- | C] () -- C:\Users\Go to Hell\Desktop\Memphis City Schools.wps
[2010/02/11 16:46:51 | 000,000,350 | ---- | C] () -- C:\Users\Go to Hell\AppData\Roaming\wklnhst.dat
[2010/02/11 16:46:49 | 000,000,942 | ---- | C] () -- C:\Users\Go to Hell\Desktop\Microsoft Works.LNK
[2009/12/04 15:02:17 | 000,001,312 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/12/04 14:40:37 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2009/12/04 14:40:37 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 00:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 07:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 07:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 13:07:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcycaps.dll
[2006/08/08 11:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcydrs.dll
[2006/03/23 00:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcyvs.dll
[2006/01/25 14:11:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcycnv4.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 03:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 03:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/01/01 22:32:32 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2006/11/02 01:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007/06/20 18:15:28 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/18 21:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/18 21:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/18 21:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/18 21:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/01/18 20:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/18 23:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 01:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\ERDNT\cache\netlogon.dll
[2006/11/02 01:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 01:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/18 23:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007/03/19 05:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\hp\DRIVERS\NVIDIA_Serial_ATA\nvstor32.sys
[2007/03/19 05:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\Windows\System32\drivers\nvstor32.sys
[2007/03/19 05:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_1306af02\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 01:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\ERDNT\cache\scecli.dll
[2006/11/02 01:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 01:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 448 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06Z.Z.ZZ.Z..ZZ..ZZ:1
< End of report >



OTL Extras logfile created on: 3/7/2010 11:33:29 AM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Orange and Blue\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.30 Gb Total Space | 261.22 Gb Free Space | 90.29% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 1.65 Gb Free Space | 18.81% Space Free | Partition Type: NTFS
Drive E: | 317.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOTOHELL-PC
Current User Name: Go to Hell
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14661F20-3AAE-4AA7-81CB-340175D78DED}" = lport=139 | protocol=6 | dir=in | app=system |
"{388FA468-A9BF-48F5-BEBB-2E7276CD5BB1}" = rport=138 | protocol=17 | dir=out | app=system |
"{4E96079D-8E70-4AE8-AF39-880FA4DC497A}" = rport=137 | protocol=17 | dir=out | app=system |
"{6224DDD4-3A2C-456D-9101-83CC4D47DC24}" = rport=445 | protocol=6 | dir=out | app=system |
"{67F3100C-52B7-428E-9462-24C5E9AC113C}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AA6D0B6-45D8-470D-A606-553D1C18D6A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7586C2ED-C543-439C-BB1E-FB4504281EC7}" = lport=138 | protocol=17 | dir=in | app=system |
"{91E97992-69C3-4793-BDB3-4AB9BEBC6B8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CC2716B8-9F4A-458F-9FA3-9A2A7DF876FE}" = rport=139 | protocol=6 | dir=out | app=system |
"{E53139DA-76F3-4D66-A111-AA647066E89E}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081FCAB4-00AD-496A-A6EA-9FB2F8BB5FA4}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{0BAC1F92-C2CF-4809-8291-904879E059F6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0ED701CD-11F3-42B1-B1B8-01EC8B864004}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{28372671-047C-4EE0-8BA9-F5C70D10D256}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{3204A18B-B797-481D-8541-8B968509EDEB}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{391903A5-18C6-4645-BECF-294681814C5E}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{45206878-9C8B-4B10-AECF-1DFDA2488806}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{552FE3BA-F65F-41A7-A27E-AC41006F506D}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{62D534E3-E423-4A3C-9607-99DF1F6D4441}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{704F99B0-D6B6-4114-AA08-03D025C7F8D1}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{8215D73A-8803-4E1D-9DED-5E1342B77943}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8A95CAA6-6C9F-42A7-9391-97DF2DD9DD21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B01A6D6-AFDC-4BC4-8FF0-94306145C19F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8B9605AE-C459-42BC-BA62-9C8688636760}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A9E7F75F-610A-4C67-B3F4-314B7BD2B077}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B860F770-9FE7-434D-B038-B303845F7608}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{D2B21649-37F4-4651-AC31-218306A9D4A0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D6EED7C9-48EF-4E5D-8A44-4CF9A68FC072}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EB481801-E2E6-4465-BA2D-C11D09CB54D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java™ SE Development Kit 6 Update 17
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lexmark 3400 Series" = Lexmark 3400 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"WildTangent hpdesktop Master Uninstall" = My HP Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2010 6:13:07 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0x788, application
start time 0x01cab01e380325c4.

Error - 2/17/2010 6:33:49 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0x1c0, application
start time 0x01cab01e652eaf64.

Error - 2/17/2010 6:49:50 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0xcdc, application
start time 0x01cab02148ec76e4.

Error - 2/17/2010 6:54:32 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0x5d8, application
start time 0x01cab023858ee2c4.

Error - 2/17/2010 7:02:24 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0x560, application
start time 0x01cab0242de1cc34.

Error - 2/17/2010 7:11:48 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0xdbc, application
start time 0x01cab02548041db4.

Error - 2/19/2010 5:28:03 PM | Computer Name = GotoHell-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Go to Hell\Documents\antivir_rootkit[1]\avirarkd.exe".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/27/2010 7:14:20 PM | Computer Name = GotoHell-PC | Source = VSS | ID = 8194
Description =

Error - 3/1/2010 1:52:55 PM | Computer Name = GotoHell-PC | Source = EventSystem | ID = 4609
Description =

Error - 3/6/2010 11:06:04 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0xbd8, application
start time 0x01cabda05844c64b.

[ System Events ]
Error - 1/4/2010 1:52:03 AM | Computer Name = GotoHell-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 1/4/2010 1:52:08 AM | Computer Name = GotoHell-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 1/4/2010 8:10:36 PM | Computer Name = GotoHell-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:16:59 AM on 1/4/2010 was unexpected.

Error - 1/4/2010 8:16:27 PM | Computer Name = GotoHell-PC | Source = DCOM | ID = 10010
Description =

Error - 1/4/2010 8:17:53 PM | Computer Name = GotoHell-PC | Source = DCOM | ID = 10000
Description =

Error - 1/4/2010 8:19:19 PM | Computer Name = GotoHell-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 1/4/2010 8:19:19 PM | Computer Name = GotoHell-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.

Error - 1/4/2010 8:19:19 PM | Computer Name = GotoHell-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
12, function 0. Please contact your system vendor for technical assistance.

Error - 1/4/2010 8:34:16 PM | Computer Name = GotoHell-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:31:42 PM on 1/4/2010 was unexpected.

Error - 1/4/2010 9:16:11 PM | Computer Name = GotoHell-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:12:42 PM on 1/4/2010 was unexpected.


< End of report >



OTL Extras logfile created on: 3/7/2010 11:33:29 AM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Orange and Blue\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.30 Gb Total Space | 261.22 Gb Free Space | 90.29% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 1.65 Gb Free Space | 18.81% Space Free | Partition Type: NTFS
Drive E: | 317.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GOTOHELL-PC
Current User Name: Go to Hell
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14661F20-3AAE-4AA7-81CB-340175D78DED}" = lport=139 | protocol=6 | dir=in | app=system |
"{388FA468-A9BF-48F5-BEBB-2E7276CD5BB1}" = rport=138 | protocol=17 | dir=out | app=system |
"{4E96079D-8E70-4AE8-AF39-880FA4DC497A}" = rport=137 | protocol=17 | dir=out | app=system |
"{6224DDD4-3A2C-456D-9101-83CC4D47DC24}" = rport=445 | protocol=6 | dir=out | app=system |
"{67F3100C-52B7-428E-9462-24C5E9AC113C}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AA6D0B6-45D8-470D-A606-553D1C18D6A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7586C2ED-C543-439C-BB1E-FB4504281EC7}" = lport=138 | protocol=17 | dir=in | app=system |
"{91E97992-69C3-4793-BDB3-4AB9BEBC6B8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CC2716B8-9F4A-458F-9FA3-9A2A7DF876FE}" = rport=139 | protocol=6 | dir=out | app=system |
"{E53139DA-76F3-4D66-A111-AA647066E89E}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081FCAB4-00AD-496A-A6EA-9FB2F8BB5FA4}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{0BAC1F92-C2CF-4809-8291-904879E059F6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0ED701CD-11F3-42B1-B1B8-01EC8B864004}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{28372671-047C-4EE0-8BA9-F5C70D10D256}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{3204A18B-B797-481D-8541-8B968509EDEB}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{391903A5-18C6-4645-BECF-294681814C5E}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{45206878-9C8B-4B10-AECF-1DFDA2488806}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{552FE3BA-F65F-41A7-A27E-AC41006F506D}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{62D534E3-E423-4A3C-9607-99DF1F6D4441}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{704F99B0-D6B6-4114-AA08-03D025C7F8D1}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{8215D73A-8803-4E1D-9DED-5E1342B77943}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8A95CAA6-6C9F-42A7-9391-97DF2DD9DD21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B01A6D6-AFDC-4BC4-8FF0-94306145C19F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8B9605AE-C459-42BC-BA62-9C8688636760}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A9E7F75F-610A-4C67-B3F4-314B7BD2B077}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B860F770-9FE7-434D-B038-B303845F7608}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{D2B21649-37F4-4651-AC31-218306A9D4A0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D6EED7C9-48EF-4E5D-8A44-4CF9A68FC072}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EB481801-E2E6-4465-BA2D-C11D09CB54D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}" = HP Total Care Advisor
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java™ SE Development Kit 6 Update 17
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lexmark 3400 Series" = Lexmark 3400 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"WildTangent hpdesktop Master Uninstall" = My HP Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2010 6:13:07 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0x788, application
start time 0x01cab01e380325c4.

Error - 2/17/2010 6:33:49 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0x1c0, application
start time 0x01cab01e652eaf64.

Error - 2/17/2010 6:49:50 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0xcdc, application
start time 0x01cab02148ec76e4.

Error - 2/17/2010 6:54:32 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0x5d8, application
start time 0x01cab023858ee2c4.

Error - 2/17/2010 7:02:24 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0x560, application
start time 0x01cab0242de1cc34.

Error - 2/17/2010 7:11:48 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0xdbc, application
start time 0x01cab02548041db4.

Error - 2/19/2010 5:28:03 PM | Computer Name = GotoHell-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Go to Hell\Documents\antivir_rootkit[1]\avirarkd.exe".
Dependent
Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/27/2010 7:14:20 PM | Computer Name = GotoHell-PC | Source = VSS | ID = 8194
Description =

Error - 3/1/2010 1:52:55 PM | Computer Name = GotoHell-PC | Source = EventSystem | ID = 4609
Description =

Error - 3/6/2010 11:06:04 PM | Computer Name = GotoHell-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18882, time stamp
0x4b3ed243, faulting module Flash9b.ocx, version 9.0.28.0, time stamp 0x4553afb6,
exception code 0xc0000005, fault offset 0x000704c0, process id 0xbd8, application
start time 0x01cabda05844c64b.

[ System Events ]
Error - 1/4/2010 1:52:03 AM | Computer Name = GotoHell-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 1/4/2010 1:52:08 AM | Computer Name = GotoHell-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 1/4/2010 8:10:36 PM | Computer Name = GotoHell-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:16:59 AM on 1/4/2010 was unexpected.

Error - 1/4/2010 8:16:27 PM | Computer Name = GotoHell-PC | Source = DCOM | ID = 10010
Description =

Error - 1/4/2010 8:17:53 PM | Computer Name = GotoHell-PC | Source = DCOM | ID = 10000
Description =

Error - 1/4/2010 8:19:19 PM | Computer Name = GotoHell-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 1/4/2010 8:19:19 PM | Computer Name = GotoHell-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.

Error - 1/4/2010 8:19:19 PM | Computer Name = GotoHell-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
12, function 0. Please contact your system vendor for technical assistance.

Error - 1/4/2010 8:34:16 PM | Computer Name = GotoHell-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:31:42 PM on 1/4/2010 was unexpected.

Error - 1/4/2010 9:16:11 PM | Computer Name = GotoHell-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:12:42 PM on 1/4/2010 was unexpected.


< End of report >
Does it mean anything when NT AUTHORITY has control over the system?

Edited by kymberly, 07 March 2010 - 03:21 PM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:35 PM

Posted 07 March 2010 - 04:08 PM

Hi,

the NT-Authority messages are normal for Windows. I did not see any reference to Hpqware? Could you provide an example?

Can you please try to run gmer once more:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 10 March 2010 - 07:09 PM

I am having problem running this gmer, I will post what I think is the complete report. I will also go in safe mode to try and run this.

#8 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 10 March 2010 - 11:04 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-10 17:05:55
Windows 6.0.6000
Running: g6bbuj2s.exe; Driver: C:\Users\GOTOHE~1\AppData\Local\Temp\uxrirkog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x81DBE075]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x81C659DE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x81E4A76F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x81C65A17]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x81E4A7AE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x81C65A52]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x81E4A7F7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x81E4A840]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x81E89013]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x81E8B0C0]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddDriverEntry [0x81E8C34E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x81E3EF53]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x81E3EB39]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlertResumeThread [0x81E1D3D7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlertThread [0x81E1D37F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x81E8945E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x81DE7433]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x81E88B40]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateVirtualMemory [0x81DD52FF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcAcceptConnectPort [0x81DC0B57]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCancelMessage [0x81DC62C3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcConnectPort [0x81DBFE5B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreatePort [0x81DBF56F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreatePortSection [0x81DC8397]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateResourceReserve [0x81DC9CBF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateSectionView [0x81DC8633]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateSecurityContext [0x81DCA27B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeletePortSection [0x81DC8536]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteResourceReserve [0x81DC9DF6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteSectionView [0x81DC8869]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteSecurityContext [0x81DCA573]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDisconnectPort [0x81DCC397]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcImpersonateClientOfPort [0x81DCA7FF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcOpenSenderProcess [0x81DCE0E7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcOpenSenderThread [0x81DCE697]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcQueryInformation [0x81DCD933]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcQueryInformationMessage [0x81DC70D1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcRevokeSecurityContext [0x81DCA42C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcSendWaitReceivePort [0x81DC6157]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcSetInformation [0x81DCD46B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwApphelpCacheControl [0x81E9F3BB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x81DD21AB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x81E1F66B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x81C8050C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x81E0DC3B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x81D8BD5C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x81C794DC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x81E87169]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x81DF1890]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x81E4AD31]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x81D3CD23]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x81E4E131]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x81DBE0FB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x81D3CFAD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwConnectPort [0x81DBE041]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x81C90588]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x81D752E6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x81DED9D3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x81E871BC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x81E8FB53]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x81D8EC4E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x81D8B288]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x81E1F3E9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x81E221BF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x81D3756A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyTransacted [0x81D375CD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x81D8ED7F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMutant [0x81E8FFCE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x81D8EC91]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePrivateNamespace [0x81DFA0AA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x81DE37D4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x81DBDB3F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x81E12452]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x81E1249D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x81E904C7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x81DD76E3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x81E881CF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x81DEFC5F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThread [0x81E11FD1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x81E8F7B3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x81E4CD57]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTransaction [0x81E53B78]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTransaction [0x81E53E8B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationTransaction [0x81E54083]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationTransactionManager [0x81E56522]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrePrepareEnlistment [0x81E54F16]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrepareEnlistment [0x81E54E55]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCommitEnlistment [0x81E54FD7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadOnlyEnlistment [0x81E5545B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackComplete [0x81E5551A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackEnlistment [0x81E55098]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCommitTransaction [0x81E54581]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackTransaction [0x81E545EA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrePrepareComplete [0x81E5521A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrepareComplete [0x81E55159]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCommitComplete [0x81E552DB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSinglePhaseReject [0x81E5539C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationTransaction [0x81E54667]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationTransactionManager [0x81E56929]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationResourceManager [0x81E55DE8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTransactionManager [0x81E55F82]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTransactionManager [0x81E56197]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollforwardTransactionManager [0x81E56406]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverEnlistment [0x81E54A75]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverResourceManager [0x81E55A4B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverTransactionManager [0x81E564C7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateResourceManager [0x81E555D9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenResourceManager [0x81E5589F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetNotificationResourceManager [0x81E55AA4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationResourceManager [0x81E55BB9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEnlistment [0x81E547BF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEnlistment [0x81E548AC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationEnlistment [0x81E54CB8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationEnlistment [0x81E54AD1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStartTm [0x81E89451]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x81DBDBAB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDebugActiveProcess [0x81D760AA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x81D766FE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x81E90B6B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x81E892CB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteBootEntry [0x81E8B0F1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteDriverEntry [0x81E8C37F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x81D8C177]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x81D3799B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeletePrivateNamespace [0x81DFA69E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x81E4AE13]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x81D37C2E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x81D8EE53]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x81E7A157]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateObject [0x81DF1FA7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x81E3F8F9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateBootEntries [0x81E8B2F4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateDriverEntries [0x81E8C57E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x81D37F06]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x81E8AEC7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateTransactionObject [0x81C69177]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x81D38165]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwExtendSection [0x81DE136F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFilterToken [0x81E40386]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFindAtom [0x81E8916F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushBuffersFile [0x81D8C289]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstructionCache [0x81DE84A7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushKey [0x81D383E4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushProcessWriteBuffers [0x81CCE11E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushVirtualMemory [0x81DDA8C1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushWriteBuffer [0x81DE8494]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x81DE7B62]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreeVirtualMemory [0x81CBEC63]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreezeRegistry [0x81CD082B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreezeTransactions [0x81C6937F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFsControlFile [0x81D8EE8F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetContextThread [0x81E1AA6F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetDevicePowerState [0x81E0DC69]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetNlsSectionPtr [0x81E861B3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetPlugPlayEvent [0x81DB9D92]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetWriteWatch [0x81CE4A24]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x81E4DF37]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateClientOfPort [0x81DBE3A3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateThread [0x81E22505]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeNlsFiles [0x81E84E59]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeRegistry [0x81D38601]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwInitiatePowerAction [0x81E0DA46]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwIsProcessInJob [0x81E22013]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x81E0DC4F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwListenPort [0x81DBE3D3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadDriver [0x81D98374]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey [0x81D3A40C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey2 [0x81D3A433]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKeyEx [0x81D3A45F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockFile [0x81D8EECB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockProductActivationKeys [0x81E7A41C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockRegistryKey [0x81D3D084]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockVirtualMemory [0x81C1ADE2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMakePermanentObject [0x81DEF3AD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMakeTemporaryObject [0x81DF18BF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPages [0x81DE67D6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x81DE6D3F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapViewOfSection [0x81DD01E6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwModifyBootEntry [0x81E8B2C3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwModifyDriverEntry [0x81E8C54F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x81D8FD66]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeKey [0x81D3870A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x81D38745]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenDirectoryObject [0x81DEDAD7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEvent [0x81E872E5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEventPair [0x81E8FC8B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenFile [0x81D900BB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenIoCompletion [0x81D8B395]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenJobObject [0x81E1F5A7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x81D3921F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyTransacted [0x81D3927B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenMutant [0x81E900D3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenPrivateNamespace [0x81DFA329]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x81E4A88B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcess [0x81E138FD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessToken [0x81E40DAA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessTokenEx [0x81E40DCF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSection [0x81DDA56B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSemaphore [0x81E882F9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSession [0x81DE46B7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x81DEFE89]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThread [0x81E13C5F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadToken [0x81E40F97]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadTokenEx [0x81E40FBF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTimer [0x81E8F902]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPlugPlayControl [0x81DB9F17]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPowerInformation [0x81E07A50]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeCheck [0x81E4FD9A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x81E498D3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x81E49B34]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwProtectVirtualMemory [0x81DE875B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPulseEvent [0x81E873B8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryAttributesFile [0x81D8C4A5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryBootEntryOrder [0x81E8B79F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryBootOptions [0x81E8BBF3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDebugFilterState [0x81C7C5CB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultLocale [0x81E7ECDE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x81E7F065]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryFile [0x81D8FCFD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryObject [0x81DEDB96]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDriverEntryOrder [0x81E8C107]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEaFile [0x81D900F7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEvent [0x81E8749B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryFullAttributesFile [0x81D8C647]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationAtom [0x81E892F8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationFile [0x81D90CE6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationJobObject [0x81E1FFEF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationPort [0x81DBE44B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationProcess [0x81E14231]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationThread [0x81E177FB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationToken [0x81E41204]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInstallUILanguage [0x81E7EFE3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIntervalProfile [0x81E909BB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIoCompletion [0x81D8B46C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x81D39549]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMultipleValueKey [0x81D3BE69]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMutant [0x81E901A6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryObject [0x81DF7C11]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeys [0x81D3C4DF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeysEx [0x81D3C763]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPerformanceCounter [0x81E90A74]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x81D920D7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySection [0x81DE34DA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityObject [0x81DF46FF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySemaphore [0x81E883CC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x81DEFF48]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x81E8A2F3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x81E8A8FF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformation [0x81E8002F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemTime [0x81E7ACC6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimer [0x81E8F9D5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimerResolution [0x81E7AFAB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x81D3984C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVirtualMemory [0x81DE9267]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x81D9273E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThread [0x81E1A705]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseException [0x81C905D0]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseHardError [0x81E87D87]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadFile [0x81D9301B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadFileScatter [0x81D936A7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadRequestData [0x81DBE50B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadVirtualMemory [0x81DD6ECE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x81E1C475]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseMutant [0x81E90353]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseSemaphore [0x81E88517]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletion [0x81D8B60B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveProcessDebug [0x81D761F5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRenameKey [0x81D3CAA3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplaceKey [0x81D3BD3E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyPort [0x81DBE5E5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePort [0x81DBE6EA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x81DBE711]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReplyPort [0x81DBE951]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestPort [0x81DBE273]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWaitReplyPort [0x81DBE33C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWakeupLatency [0x81E0D9E9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResetEvent [0x81E875CB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x81CE52E7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRestoreKey [0x81D39BA2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResumeProcess [0x81E1D321]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResumeThread [0x81E1D1E0]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKey [0x81D39CC3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKeyEx [0x81D39DCA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveMergedKeys [0x81D39F17]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClearSavepointTransaction [0x81E57A65]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSavepointTransaction [0x81E54653]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSecureConnectPort [0x81DBDC17]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetBootEntryOrder [0x81E8B9E6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetBootOptions [0x81E8BEE8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetContextThread [0x81E1ACFB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDebugFilterState [0x81E9A941]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x81E88115]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultLocale [0x81E7ED65]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultUILanguage [0x81E7FA4D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDriverEntryOrder [0x81E8C989]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEaFile [0x81D906FD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEvent [0x81E876AA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEventBoostPriority [0x81E8778D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighEventPair [0x81E8FF6B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x81E8FE9D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationDebugObject [0x81D7685F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationFile [0x81D91545]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationJobObject [0x81E20813]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationKey [0x81D3B8DB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationObject [0x81DF82DB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationProcess [0x81E15D15]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationThread [0x81E18477]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationToken [0x81E505D3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetIntervalProfile [0x81E90996]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletion [0x81D8B5A4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLdtEntries [0x81E1F0A7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowEventPair [0x81E8FF08]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x81E8FE32]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetQuotaInformationFile [0x81D92729]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSecurityObject [0x81DF44E4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x81E8A5FD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValueEx [0x81E8AC25]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemInformation [0x81E82AAF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemPowerState [0x81EC7CC8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemTime [0x81E7AD6A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetThreadExecutionState [0x81E0D8BD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimer [0x81C79683]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerResolution [0x81E7B08A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetUuidSeed [0x81E889BB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetValueKey [0x81D3A083]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetVolumeInformationFile [0x81D92C1F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownSystem [0x81E7A115]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x81C47B65]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStartProfile [0x81E90706]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStopProfile [0x81E908D5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendProcess [0x81E1D2C3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendThread [0x81E1D0F7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSystemDebugControl [0x81E90C15]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateJobObject [0x81E21720]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateProcess [0x81E1B0F3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateThread [0x81E1B547]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTestAlert [0x81E1D4DE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwThawRegistry [0x81CD088F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwThawTransactions [0x81C69466]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTraceEvent [0x81C6EB07]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTraceControl [0x81E6DC1F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTranslateFilePath [0x81E8CB95]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadDriver [0x81D98542]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey [0x81D3ABCC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey2 [0x81D3ABEB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKeyEx [0x81D3B211]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockFile [0x81D8F33F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockVirtualMemory [0x81C15D83]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnmapViewOfSection [0x81DE0BD8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwVdmControl [0x81E5C820]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForDebugEvent [0x81D76441]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects [0x81DF5140]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForSingleObject [0x81DF501B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitHighEventPair [0x81E8FDC9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitLowEventPair [0x81E8FD60]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFile [0x81D93C23]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFileGather [0x81D9435B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteRequestData [0x81DBE578]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteVirtualMemory [0x81DD6FFB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwYieldExecution [0x81CB5AC6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyedEvent [0x81E91007]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyedEvent [0x81E91137]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseKeyedEvent [0x81E91211]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForKeyedEvent [0x81E914F8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPortInformationProcess [0x81E159B2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetCurrentProcessorNumber [0x81E18F9E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects32 [0x81DF524F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetNextProcess [0x81E1DA14]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetNextThread [0x81E1DC81]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFileEx [0x81D8BF17]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelSynchronousIoFile [0x81D8C054]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletionEx [0x81D8B7A4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterProtocolAddressInformation [0x81C69879]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPullTransaction [0x81C69888]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMarshallTransaction [0x81C698C3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPropagationComplete [0x81C6989B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPropagationFailed [0x81C698AF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWorkerFactory [0x81E917DF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseWorkerFactoryWorker [0x81C79DF3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForWorkViaWorkerFactory [0x81C79EAA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationWorkerFactory [0x81C7A19D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationWorkerFactory [0x81C7A66F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWorkerFactoryWorkerReady [0x81C7A8F7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownWorkerFactory [0x81E91A82]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThreadEx [0x81E23E3C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateUserProcess [0x81E2261F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryLicenseValue [0x81E7C813]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapCMFModule [0x81E92C3B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwIsUILanguageComitted [0x81E93613]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstallUILanguage [0x81E93633]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetMUIRegistryInfo [0x81E93243]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAcquireCMFViewOwnership [0x81E91C4A]

SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseCMFViewOwnership [0x81E91E13]

INT 0x00 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D7F0
INT 0x01 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D970
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DDC4
INT 0x04 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DF4C
INT 0x05 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8E0AC
INT 0x06 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8E220
INT 0x07 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8E890
INT 0x09 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8ECB8
INT 0x0A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8EDDC
INT 0x0B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8EF1C
INT 0x0C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8F17C
INT 0x0D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8F464
INT 0x0E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FB68
INT 0x0F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x10 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C9001C
INT 0x11 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C9015C
INT 0x12 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x13 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C902C8
INT 0x14 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x15 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x16 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x17 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x18 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x19 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x1A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x1B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x1C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x1D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x1E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x1F \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB5AC4
INT 0x2A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8CF5A
INT 0x2B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D0E0
INT 0x2C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D21C
INT 0x2D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DC9C
INT 0x2E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C91E
INT 0x2F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x30 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFE0
INT 0x31 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFEA
INT 0x32 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFF4
INT 0x33 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFFE
INT 0x34 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C008
INT 0x35 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C012
INT 0x36 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C01C
INT 0x37 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB50E8
INT 0x38 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C030
INT 0x39 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C03A
INT 0x3A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C044
INT 0x3B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C04E
INT 0x3C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C058
INT 0x3D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C062
INT 0x3E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C06C
INT 0x3F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C076
INT 0x40 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C080
INT 0x41 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C08A
INT 0x42 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C094
INT 0x43 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C09E
INT 0x44 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0A8
INT 0x45 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0B2
INT 0x46 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0BC
INT 0x47 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0C6
INT 0x48 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0D0
INT 0x49 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0DA
INT 0x4A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0E4
INT 0x4B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0EE
INT 0x4C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0F8
INT 0x4D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C102
INT 0x4E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C10C
INT 0x4F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C116
INT 0x50 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C120
INT 0x51 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C12A
INT 0x52 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 88260E1B
INT 0x53 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C13E
INT 0x54 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C148
INT 0x55 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C152
INT 0x56 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C15C
INT 0x57 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C166
INT 0x58 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C170
INT 0x59 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C17A
INT 0x5A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C184
INT 0x5B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C18E
INT 0x5C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C198
INT 0x5D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1A2
INT 0x5E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1AC
INT 0x5F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1B6
INT 0x60 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1C0
INT 0x61 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1CA
INT 0x62 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 88260E1B
INT 0x63 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1DE
INT 0x64 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1E8
INT 0x65 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1F2
INT 0x66 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1FC
INT 0x67 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C206
INT 0x68 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C210
INT 0x69 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C21A
INT 0x6A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C224
INT 0x6B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C22E
INT 0x6C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C238
INT 0x6D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C242
INT 0x6E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C24C
INT 0x6F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C256
INT 0x70 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C260
INT 0x71 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) 87E0415C
INT 0x72 \SystemRoot\system32\drivers\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 8078EED0
INT 0x73 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C27E
INT 0x74 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C288
INT 0x75 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C292
INT 0x76 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C29C
INT 0x77 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2A6
INT 0x78 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2B0
INT 0x79 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2BA
INT 0x7A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2C4
INT 0x7B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2CE
INT 0x7C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2D8
INT 0x7D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2E2
INT 0x7E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2EC
INT 0x7F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2F6
INT 0x80 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C300
INT 0x81 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C30A
INT 0x82 \SystemRoot\system32\drivers\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 8078EED0
INT 0x83 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C31E
INT 0x84 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C328
INT 0x85 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C332
INT 0x86 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C33C
INT 0x87 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C346
INT 0x88 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C350
INT 0x89 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C35A
INT 0x8A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C364
INT 0x8B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C36E
INT 0x8C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C378
INT 0x8D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C382
INT 0x8E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C38C
INT 0x8F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C396
INT 0x90 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3A0
INT 0x91 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3AA
INT 0x92 \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 807E9E48
INT 0x93 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3BE
INT 0x94 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3C8
INT 0x95 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3D2
INT 0x96 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3DC
INT 0x97 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3E6
INT 0x98 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3F0
INT 0x99 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3FA
INT 0x9A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C404
INT 0x9B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C40E
INT 0x9C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C418
INT 0x9D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C422
INT 0x9E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C42C
INT 0x9F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C436
INT 0xA0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C440
INT 0xA1 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C44A
INT 0xA2 \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 807E9E48
INT 0xA3 \SystemRoot\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) 883B6354
INT 0xA4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C468
INT 0xA5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C472
INT 0xA6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C47C
INT 0xA7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C486
INT 0xA8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C490
INT 0xA9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C49A
INT 0xAA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4A4
INT 0xAB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4AE
INT 0xAC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4B8
INT 0xAD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4C2
INT 0xAE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4CC
INT 0xAF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4D6
INT 0xB0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4E0
INT 0xB1 \SystemRoot\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) 8023768C
INT 0xB2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4F4
INT 0xB3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4FE
INT 0xB4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C508
INT 0xB5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C512
INT 0xB6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C51C
INT 0xB7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C526
INT 0xB8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C530
INT 0xB9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C53A
INT 0xBA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C544
INT 0xBB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C54E
INT 0xBC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C558
INT 0xBD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C562
INT 0xBE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C56C
INT 0xBF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C576
INT 0xC0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C580
INT 0xC1 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB53D8
INT 0xC2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C594
INT 0xC3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C59E
INT 0xC4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5A8
INT 0xC5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5B2
INT 0xC6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5BC
INT 0xC7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5C6
INT 0xC8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5D0
INT 0xC9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5DA
INT 0xCA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5E4
INT 0xCB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5EE
INT 0xCC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5F8
INT 0xCD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C602
INT 0xCE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C60C
INT 0xCF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C616
INT 0xD0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C620
INT 0xD1 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FA3C64
INT 0xD2 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FA3F08
INT 0xD3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C63E
INT 0xD4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C648
INT 0xD5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C652
INT 0xD6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C65C
INT 0xD7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C666
INT 0xD8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C670
INT 0xD9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C67A
INT 0xDA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C684
INT 0xDB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C68E
INT 0xDC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C698
INT 0xDD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6A2
INT 0xDE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6AC
INT 0xDF \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB51C0
INT 0xE0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6C0
INT 0xE1 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB5934
INT 0xE2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6D4
INT 0xE3 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB56D4
INT 0xE4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6E8
INT 0xE5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6F2
INT 0xE6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6FC
INT 0xE7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C706
INT 0xE8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C710
INT 0xE9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C71A
INT 0xEA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C724
INT 0xEB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C72E
INT 0xEC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C738
INT 0xED \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C742
INT 0xEE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C749
INT 0xEF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C750
INT 0xF0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C757
INT 0xF1 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C75E
INT 0xF2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C765
INT 0xF3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C76C
INT 0xF4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C773
INT 0xF5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C77A
INT 0xF6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C781
INT 0xF7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C788
INT 0xF8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C78F
INT 0xF9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C796
INT 0xFA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C79D
INT 0xFB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C7A4
INT 0xFC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C7AB
INT 0xFD \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB5EDC
INT 0xFE \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB6148
INT 0xFF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

SYSENTER \SystemRoot\system32\ntkrnlpa.exe 81C8C9F0

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \
Device \Driver\NDIS \Device\Ndis ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000032
Device \Device\00000025
Device \Device\00000019
Device \Device\00000033
Device \Device\00000026
Device \Driver\PnpManager \Device\00000040 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000040 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Device\00000034
Device \Device\00000027
Device \Driver\kbdclass \Device\KeyboardClass0 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\kbdclass \Device\KeyboardClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video0
Device \Driver\PnpManager \Device\00000041 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000041 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\Wdf01000 \Device\KMDF0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\Wdf01000 \Device\KMDF0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIAdminDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIAdminDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000035
Device \Device\00000028
Device \Driver\kbdclass \Device\KeyboardClass1 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\kbdclass \Device\KeyboardClass1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000042
Device \Device\00000036
Device \Device\00000029
Device \Driver\mouclass \Device\PointerClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\mouclass \Device\PointerClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000043 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000043 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Device\00000050
Device \Device\00000037
Device \Device\0000000a
Device \Device\PointerClass1
Device \Driver\usbohci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000044 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000044 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000051
Device \Device\00000038
Device \Device\0000000b
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Device\00000052
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000045 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000045 hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Device\00000039
Device \Device\0000000c
Device \Driver\usbhub \Device\USBPDO-2 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000053
Device \Device\NTPNP_PCI0000
Device \Device\00000046
Device \Device\0000001a
Device \Device\0000000d
Device \Driver\usbhub \Device\USBPDO-3 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000060 usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000060 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000054
Device \Driver\pci \Device\NTPNP_PCI0001 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0001 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\00000047
Device \Device\0000001b
Device \Device\0000000e
Device \Driver\usbhub \Device\USBPDO-4 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000061
Device \Driver\ACPI \Device\00000055 acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\NTPNP_PCI0002
Device \Driver\ACPI \Device\00000048 acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\0000001c
Device \Device\0000000f
Device \Device\00000062
Device \Driver\pci \Device\NTPNP_PCI0010 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0010 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\00000056
Device \Device\NTPNP_PCI0003
Device \Device\00000049
Device \Device\0000001d
Device \Device\00000063
Device \Driver\USBSTOR \Device\00000070 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000070 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0004 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0004 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0011 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0011 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\00000057
Device \Device\0000002a
Device \Device\0000001e
Device \Driver\volmgr \Device\HarddiskVolume1 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000064 HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000064 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000058 acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000071 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000071 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0005 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0005 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\NTPNP_PCI0012
Device \Device\0000002b
Device \Device\0000001f
Device \Driver\volmgr \Device\HarddiskVolume2 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000065 HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000065 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000072 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000072 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\Termdd termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Driver\nvstor32 \Device\00000059 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation)
Device \Driver\nvstor32 \Device\00000059 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ecache \Device\ECacheControl ecache.sys (Special Memory Device Cache/Microsoft Corporation)
Device \Device\NTPNP_PCI0013
Device \Device\NTPNP_PCI0006
Device \Device\0000002c
Device \Driver\volmgr \Device\HarddiskVolume3 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000073 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000073 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000066 usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000066 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\_HID00000000
Device \Driver\atapi \Device\Ide\IdePort0 ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pciide \Device\Ide\PciIde0Channel0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pciide \Device\Ide\PciIde0Channel0 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Driver\pciide \Device\Ide\PciIde0Channel1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pciide \Device\Ide\PciIde0Channel1 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Device\Ide\PciIde0
Device \Device\i
Device \Driver\pci \Device\NTPNP_PCI0007 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0007 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume4 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0021 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0021 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume5 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume5 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000068 usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000068 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume6 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume6 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000069 usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000069 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume7 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume7 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004b acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004c acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\nvstor32 \Device\0000005a storport.sys (Microsoft Storage Port Driver/Microsoft Corporation)
Device \Driver\nvstor32 \Device\0000005a ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004d acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager mountmgr.sys (Mount Point Manager/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\nvstor32 \Device\RaidPort0 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation)
Device \Driver\nvstor32 \Device\RaidPort0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Mup \Device\Mup mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005c usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005d usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ps2 \Device\Ps2 PS2.sys (PS2 SYS/Hewlett-Packard Company)
Device \Driver\nvstor32 \Device\RaidPort1 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation)
Device \Driver\nvstor32 \Device\RaidPort1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk0\DR0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk0\DR0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\iScsiPrt \Device\RaidPort2 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation)
Device \Driver\iScsiPrt \Device\RaidPort2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk1\DR1 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk1\DR1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000006b USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000006b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk2\DR2 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk2\DR2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ohci1394 \Device\1394BUS0 1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation)
Device \Driver\ohci1394 \Device\1394BUS0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ohci1394 \Device\1394BUS0 ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk3\DR3 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk3\DR3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000006d USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000006d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\HidUsb \Device\0000006e HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\0000006e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk4\DR4 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk4\DR4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk5\DR5 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk5\DR5 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000006f USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000006f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\uxrirkog \Device\uxrirkog uxrirkog.sys
Device \Driver\uxrirkog \Device\uxrirkog ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\FileInfo \Device\FileInfo fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation)
Device \FileSystem\FileInfo \Device\FileInfo ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000009 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000009 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs

#9 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 10 March 2010 - 11:06 PM

---- Modules - GMER 1.0.15 ----

Module \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C00000-81FA1000 (3805184 bytes)
Module \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FA1000-81FD5000 (212992 bytes)
Module \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation) 802C6000-802CE000 (32768 bytes)
Module \SystemRoot\system32\PSHED.dll (Platform Specific Hardware Error Driver/Microsoft Corporation) 802BD000-802C6000 (36864 bytes)
Module \SystemRoot\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) 802B5000-802BD000 (32768 bytes)
Module \SystemRoot\system32\CLFS.SYS (Common Log File System Driver/Microsoft Corporation) 8027A000-802B5000 (241664 bytes)
Module \SystemRoot\system32\CI.dll (Code Integrity Module/Microsoft Corporation) 8051F000-80600000 (921600 bytes)
Module \SystemRoot\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) 804A4000-8051F000 (503808 bytes)
Module \SystemRoot\system32\drivers\WDFLDR.SYS (WDFLDR/Microsoft Corporation) 8026D000-8027A000 (53248 bytes)
Module \SystemRoot\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) 8022A000-8026D000 (274432 bytes)
Module \SystemRoot\system32\drivers\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) 80221000-8022A000 (36864 bytes)
Module \SystemRoot\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) 80219000-80221000 (32768 bytes)
Module \SystemRoot\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) 8047F000-804A4000 (151552 bytes)
Module \SystemRoot\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) 8020A000-80219000 (61440 bytes)
Module \SystemRoot\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) 8046F000-8047F000 (65536 bytes)
Module \SystemRoot\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) 80203000-8020A000 (28672 bytes)
Module \SystemRoot\system32\drivers\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) 80461000-8046F000 (57344 bytes)
Module \SystemRoot\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) 80417000-80461000 (303104 bytes)
Module \SystemRoot\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) 8040F000-80417000 (32768 bytes)
Module \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 807E2000-80800000 (122880 bytes)
Module \SystemRoot\system32\drivers\nvstor32.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) 807C8000-807E2000 (106496 bytes)
Module \SystemRoot\system32\drivers\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 80788000-807C8000 (262144 bytes)
Module \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) 80757000-80788000 (200704 bytes)
Module \SystemRoot\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) 80747000-80757000 (65536 bytes)
Module \SystemRoot\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) 80406000-8040F000 (36864 bytes)
Module \SystemRoot\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) 80643000-80747000 (1064960 bytes)
Module \SystemRoot\system32\drivers\msrpc.sys (Kernel Remote Procedure Call Provider/Microsoft Corporation) 80618000-80643000 (176128 bytes)
Module \SystemRoot\system32\drivers\NETIO.SYS (Network I/O Subsystem/Microsoft Corporation) 873C7000-87400000 (233472 bytes)
Module \SystemRoot\System32\Drivers\Ntfs.sys (NT File System Driver/Microsoft Corporation) 872BF000-873C7000 (1081344 bytes)
Module \SystemRoot\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) 87255000-872BF000 (434176 bytes)
Module \SystemRoot\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) 8721F000-87255000 (221184 bytes)
Module \SystemRoot\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) 80601000-80610000 (61440 bytes)
Module \SystemRoot\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) 87210000-8721F000 (61440 bytes)
Module \SystemRoot\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) 875DB000-87600000 (151552 bytes)
Module \SystemRoot\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) 875CA000-875DB000 (69632 bytes)
Module \SystemRoot\system32\drivers\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) 875A9000-875CA000 (135168 bytes)
Module \SystemRoot\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) 87207000-87210000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) 87E03000-87E16000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\PS2.sys (PS2 SYS/Hewlett-Packard Company) 87EB0000-87EB5000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) 882A5000-882B0000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) 8829B000-882A5000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 8825E000-8829B000 (249856 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) 88250000-8825E000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) 883B0000-883C0000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation) 88242000-88250000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) 88230000-88242000 (73728 bytes)
Module \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) 88218000-88230000 (98304 bytes)
Module \SystemRoot\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) 8A9D5000-8AA00000 (176128 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) 8820D000-88218000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) 87405000-87414000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) 88202000-8820D000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) 80200000-80202000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation) 8A89B000-8A8C5000 (172032 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 8A891000-8A89B000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) 8A884000-8A891000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) 8A850000-8A884000 (212992 bytes)
Module \??\C:\Windows\system32\SAVRKBootTasks.sys (Sophos boot tasks for Windows 2000/Sophos Plc) 882B0000-882B5000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) 87414000-8741D000 (36864 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) 87EB5000-87EBC000 (28672 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) 8A849000-8A850000 (28672 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) 8A83D000-8A849000 (49152 bytes)
Module \SystemRoot\System32\drivers\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) 8A81C000-8A83D000 (135168 bytes)
Module \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) 8A80F000-8A81C000 (53248 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) 8A804000-8A80F000 (45056 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) 8AB42000-8AB50000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) 8AADB000-8AAF2000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) 8A8C7000-8A8C9000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) 8AB70000-8AB79000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\HIDCLASS.SYS (Hid Class Library/Microsoft Corporation) 883F0000-88400000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\HIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation) 8AAD4000-8AADB000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) 80610000-80618000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) 8AAB9000-8AAC3000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) 87E1E000-87E30000 (73728 bytes)
Module \SystemRoot\System32\Drivers\crashdmp.sys (Crash Dump Driver/Microsoft Corporation) 87E30000-87E3D000 (53248 bytes)
Module \SystemRoot\System32\Drivers\dump_diskdump.sys 87E4D000-87E57000 (40960 bytes)
Module \SystemRoot\System32\Drivers\dump_nvstor32.sys 8AA4F000-8AA69000 (106496 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) 92000000-92200000 (2097152 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) 8B090000-8B09A000 (40960 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) 8BDE0000-8BDF7000 (94208 bytes)
Module \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation) 8BC00000-8BC09000 (36864 bytes)
Module \SystemRoot\System32\framebuf.dll (Framebuffer Display Driver/Microsoft Corporation) 8BC10000-8BC18000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) 934B3000-934C9000 (90112 bytes)
Module \??\C:\Users\GOTOHE~1\AppData\Local\Temp\uxrirkog.sys (GMER) 9345B000-93472000 (94208 bytes)
Module \Windows\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 77920000-77A3E000 (1171456 bytes)

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process C:\Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation) 228
Library C:\Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation) 0x47F40000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 352
Library C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x49CB0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x75F60000
Library C:\Windows\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x75F40000
Library C:\Windows\system32\winsrv.dll (Multi-User Windows Server DLL/Microsoft Corporation) 0x75EE0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x75DB0000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 388
Library C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x49CB0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x75F60000
Library C:\Windows\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x75F40000
Library C:\Windows\system32\winsrv.dll (Multi-User Windows Server DLL/Microsoft Corporation) 0x75EE0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x75DB0000

Process C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 396
Library C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 0x00950000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76350000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77A40000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x756E0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x756C0000

Process C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 440
Library C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 0x00FA0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75E70000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75F70000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75380000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77A60000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76350000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77A40000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75AE0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76010000
Library C:\Windows\system32\SHSVCS.dll (Windows Shell Services Dll/Microsoft Corporation) 0x746C0000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75A20000
Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x75A60000

Process C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 472
Library C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 0x00E20000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\SCESRV.dll (Windows Security Configuration Editor Engine/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75F70000
Library C:\Windows\system32\NCObjAPI.DLL (Microsoft Corporation) 0x75B60000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75900000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75AC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x757A0000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75660000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75380000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77A60000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76350000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77A40000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75AE0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76010000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x756E0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x756C0000

Process C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 484
Library C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 0x00C90000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\SAMSRV.dll (SAM Server DLL/Microsoft Corporation) 0x75B70000
Library C:\Windows\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x75B30000
Library C:\Windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x75B00000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76350000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77A40000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75F70000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75AE0000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75AC0000
Library C:\Windows\system32\NTDSAPI.dll (Active Directory Domain Services API/Microsoft Corporation) 0x75A80000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77A60000
Library C:\Windows\system32\FeClient.dll (Windows NT File Encryption Client Interfaces/Microsoft Corporation) 0x75AB0000
Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x75A60000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75900000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75A20000
Library C:\Windows\system32\SYSNTFY.dll (Windows Notifications Dynamic Link Library/Microsoft Corporation) 0x75E10000
Library C:\Windows\system32\wevtapi.dll (Eventing Consumption and Configuration API/Microsoft Corporation) 0x758C0000
Library C:\Windows\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x75880000
Library C:\Windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x75AA0000
Library C:\Windows\system32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75860000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\cngaudit.dll (Windows Cryptographic Next Generation audit library/Microsoft Corporation) 0x75850000
Library C:\Windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\ncrypt.dll (Windows cryptographic library/Microsoft Corporation) 0x75810000
Library C:\Windows\system32\BCRYPT.dll (Windows Cryptographic Primitives Library/Microsoft Corporation) 0x757C0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x757A0000
Library C:\Windows\system32\msprivs.dll (Microsoft Privilege Translations/Microsoft Corporation) 0x757B0000
Library C:\Windows\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x75720000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x756E0000
Library C:\Windows\System32\wship6.dll (Winsock2 Helper DLL (TL/IPv6)/Microsoft Corporation) 0x756B0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x756C0000
Library C:\Windows\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x75610000
Library C:\Windows\system32\netlogon.dll (Net Logon Services DLL/Microsoft Corporation) 0x75580000
Library C:\Windows\system32\WINBRAND.dll (Windows Branding Resources/Microsoft Corporation) 0x754A0000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75660000
Library C:\Windows\system32\wdigest.dll (Microsoft Digest Access/Microsoft Corporation) 0x75400000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x75460000
Library C:\Windows\system32\tspkg.dll (Web Service Security Package/Microsoft Corporation) 0x75440000
Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x753E0000
Library C:\Windows\system32\setupapi.dll (Windows Setup API/Microsoft Corporation) 0x77520000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x77750000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76010000
Library C:\Windows\system32\scecli.dll (Windows Security Configuration Editor Client Engine/Microsoft Corporation) 0x753B0000
Library C:\Windows\system32\keyiso.dll (CNG Key Isolation Service/Microsoft Corporation) 0x75180000

Process C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 492
Library C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 0x00560000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\SYSNTFY.dll (Windows Notifications Dynamic Link Library/Microsoft Corporation) 0x75E10000
Library C:\Windows\system32\WMsgAPI.dll (WinLogon IPC Client/Microsoft Corporation) 0x75B50000
Library C:\Windows\system32\secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75900000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75AC0000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x757A0000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75660000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75F70000

Process C:\Users\Orange and Blue\Desktop\g6bbuj2s.exe 632
Library C:\Users\Orange and Blue\Desktop\g6bbuj2s.exe 0x00400000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.DLL (Common Controls Library/Microsoft Corporation) 0x73B10000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77150000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x74D60000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76010000
Library C:\Windows\system32\VERSION.DLL (Version Checking and File Installation Libraries/Microsoft Corporation) 0x756D0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 640
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00770000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library c:\windows\system32\umpnpmgr.dll (User-mode Plug-and-Play Service/Microsoft Corporation) 0x75300000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x75360000
Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x753E0000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75A20000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x751E0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76350000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77A40000
Library c:\windows\system32\FirewallAPI.dll (Windows Firewall API/Microsoft Corporation) 0x75290000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x77750000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76010000
Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x756D0000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75900000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75AC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x757A0000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75660000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75F70000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77520000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x77890000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75380000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77A60000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75AE0000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75E70000
Library C:\Windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x751A0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 692
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00770000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x751E0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76350000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77A40000
Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library c:\windows\system32\FirewallAPI.dll (Windows Firewall API/Microsoft Corporation) 0x75290000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x77750000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76010000
Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x756D0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75900000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75AC0000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x757A0000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75660000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75F70000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x75460000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x756E0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x756C0000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x77890000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 820
Library C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00770000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library c:\windows\system32\wevtsvc.dll (Event Logging Service/Microsoft Corporation) 0x748C0000
Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x756D0000
Library c:\windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x753E0000
Library c:\windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75A20000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\System32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75900000
Library C:\Windows\System32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75AC0000
Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x757A0000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75660000
Library C:\Windows\System32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75F70000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76350000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77A40000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x756E0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x756C0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 844
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00770000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75380000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000

#10 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 10 March 2010 - 11:07 PM

Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77A60000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76350000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77A40000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75F70000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75AE0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76010000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library c:\windows\system32\profsvc.dll (ProfSvc/Microsoft Corporation) 0x75150000
Library c:\windows\system32\SYSNTFY.dll (Windows Notifications Dynamic Link Library/Microsoft Corporation) 0x75E10000
Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library c:\windows\system32\nlaapi.dll (Network Location Awareness 2/Microsoft Corporation) 0x75430000
Library c:\windows\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x75A00000
Library c:\windows\system32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x75880000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x75B00000
Library c:\windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x75AA0000
Library c:\windows\system32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75860000
Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x75340000
Library c:\windows\system32\wbem\wmisvc.dll (WMI/Microsoft Corporation) 0x74C90000
Library c:\windows\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x74BA0000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x77750000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x77890000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x75460000
Library C:\Windows\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x747C0000
Library C:\Windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x75270000
Library C:\Windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\XmlLite.dll (Microsoft XmlLite Library/Microsoft Corporation) 0x74CF0000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x75A60000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77520000
Library C:\Windows\system32\wbem\wbemcore.dll (Windows Management Instrumentation/Microsoft Corporation) 0x716C0000
Library C:\Windows\system32\wbem\esscli.dll (WMI/Microsoft Corporation) 0x71EF0000
Library C:\Windows\system32\wbem\FastProx.dll (WMI Custom Marshaller/Microsoft Corporation) 0x717A0000
Library C:\Windows\system32\NTDSAPI.dll (Active Directory Domain Services API/Microsoft Corporation) 0x75A80000
Library C:\Windows\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x71A70000
Library C:\Windows\system32\wbem\repdrvfs.dll (WMI Repository Driver/Microsoft Corporation) 0x71440000
Library C:\Windows\system32\wbem\wmiprvsd.dll (WMI/Microsoft Corporation) 0x71340000
Library C:\Windows\system32\NCObjAPI.DLL (Microsoft Corporation) 0x75B60000
Library C:\Windows\system32\wbem\wbemess.dll (WMI/Microsoft Corporation) 0x712E0000
Library C:\Windows\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x72900000
Library C:\Windows\system32\wbem\wbemcons.dll (WMI Standard Event Consumers/Microsoft Corporation) 0x728F0000
Library C:\Windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x751A0000
Library c:\windows\system32\appinfo.dll (Application Information Service/Microsoft Corporation) 0x728C0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 908
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00770000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75380000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77A60000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76350000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77A40000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75F70000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75AE0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76010000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library c:\windows\system32\cryptsvc.dll (Cryptographic Services/Microsoft Corporation) 0x74CC0000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x77750000
Library c:\windows\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x747C0000
Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x75340000
Library c:\windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x75270000
Library c:\windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x75C60000
Library c:\windows\system32\XmlLite.dll (Microsoft XmlLite Library/Microsoft Corporation) 0x74CF0000
Library c:\windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75BF0000
Library c:\windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x75A60000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77520000
Library c:\windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75900000
Library c:\windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75AC0000
Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\ESENT.dll (Extensible Storage Engine for Microsoft® Windows®/Microsoft Corporation) 0x71BF0000
Library C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x76380000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77150000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x74D60000
Library C:\Windows\system32\CRYPTNET.dll (Crypto Network Related API/Microsoft Corporation) 0x71570000
Library C:\Windows\system32\SensApi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x728B0000
Library C:\Windows\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x71250000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x756E0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x756C0000
Library C:\Windows\System32\wship6.dll (Winsock2 Helper DLL (TL/IPv6)/Microsoft Corporation) 0x756B0000
Library C:\Windows\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x75880000
Library C:\Windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x75B00000
Library C:\Windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x75AA0000
Library C:\Windows\system32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75860000

Process C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1072
Library C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation) 0x00E20000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77150000
Library C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x76380000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76010000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x77750000
Library C:\Windows\system32\SHDOCVW.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x744A0000
Library C:\Windows\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x74D20000
Library C:\Windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x75360000
Library C:\Windows\system32\dwmapi.dll (Microsoft Desktop Window Manager API/Microsoft Corporation) 0x75190000
Library C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x749C0000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75A20000
Library C:\Windows\system32\PROPSYS.dll (Microsoft Property System/Microsoft Corporation) 0x74700000
Library C:\Windows\system32\BROWSEUI.dll (Shell Browser UI Library/Microsoft Corporation) 0x74350000
Library C:\Windows\system32\IMM32.dll (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\DUser.dll (Windows DirectUser Engine/Microsoft Corporation) 0x751B0000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x74D60000
Library C:\Windows\system32\WindowsCodecs.dll (Microsoft Windows Codecs Library/Microsoft Corporation) 0x74290000
Library C:\Windows\system32\IconCodecService.dll (Converts a PNG part of the icon to a legacy bmp icon/Microsoft Corporation) 0x750F0000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x77890000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x75460000
Library C:\Windows\system32\timedate.cpl (Time Date Control Panel Applet/Microsoft Corporation) 0x741D0000
Library C:\Windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x75340000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75F70000
Library C:\Windows\system32\OLEACC.dll (Active Accessibility Core Component/Microsoft Corporation) 0x74640000
Library C:\Windows\system32\WINBRAND.dll (Windows Branding Resources/Microsoft Corporation) 0x754A0000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library C:\Windows\System32\shacct.dll (Shell Accounts Classes/Microsoft Corporation) 0x75110000
Library C:\Windows\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75AE0000
Library C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x74B70000
Library C:\Windows\System32\msshsq.dll (Structured Query/Microsoft Corporation) 0x74150000
Library C:\Windows\System32\NaturalLanguage6.dll (Natural Language Development Platform 6/Microsoft Corporation) 0x73FB0000
Library C:\Windows\System32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75900000
Library C:\Windows\System32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75AC0000
Library C:\Windows\System32\NLSData0009.dll (Microsoft English Natural Language Server Data and Code/Microsoft Corporation) 0x73650000
Library C:\Windows\System32\NLSLexicons0009.dll (Microsoft English Natural Language Server Data and Code/Microsoft Corporation) 0x733C0000
Library C:\Windows\system32\authui.dll (Windows Authentication UI/Microsoft Corporation) 0x74F00000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x75650000
Library C:\Windows\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) 0x72920000
Library C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x76160000
Library C:\Windows\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x75100000
Library C:\Windows\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x76F10000
Library C:\Windows\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x77AB0000
Library C:\Windows\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x77290000
Library C:\Windows\system32\thumbcache.dll (Microsoft Thumbnail Cache/Microsoft Corporation) 0x74190000
Library C:\Windows\system32\ExplorerFrame.dll (ExplorerFrame/Microsoft Corporation) 0x741C0000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75380000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77A60000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76350000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77A40000
Library C:\Windows\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x74680000
Library C:\Windows\system32\wdmaud.drv (Winmm audio system driver/Microsoft Corporation) 0x74610000
Library C:\Windows\system32\ksuser.dll (User CSA Library/Microsoft Corporation) 0x74600000
Library C:\Windows\system32\AVRT.dll (Multimedia Realtime Runtime/Microsoft Corporation) 0x745F0000
Library C:\Windows\system32\MMDevAPI.DLL (MMDevice API/Microsoft Corporation) 0x745C0000
Library C:\Windows\system32\ntshrui.dll (Shell extensions for sharing/Microsoft Corporation) 0x74100000
Library C:\Windows\system32\cscapi.dll (Offline Files Win32 API/Microsoft Corporation) 0x75140000
Library C:\Windows\system32\stobject.dll (Systray shell service object/Microsoft Corporation) 0x73D90000
Library C:\Windows\system32\BatMeter.dll (Battery Meter Helper DLL/Microsoft Corporation) 0x73EF0000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77520000
Library C:\Windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x751A0000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75E70000
Library C:\Windows\system32\es.dll (COM+/Microsoft Corporation) 0x73E40000
Library C:\Windows\System32\SndVolSSO.dll (SCA Volume/Microsoft Corporation) 0x740A0000
Library C:\Windows\ehome\ehSSO.dll (Windows Media Center Shell Service Object/Microsoft Corporation) 0x73EC0000
Library C:\Windows\system32\HID.DLL (Hid User Library/Microsoft Corporation) 0x75130000
Library C:\Windows\system32\FirewallAPI.dll (Windows Firewall API/Microsoft Corporation) 0x75290000
Library C:\Windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x756D0000
Library C:\Windows\System32\netshell.dll (Network Connections Shell/Microsoft Corporation) 0x72300000
Library C:\Windows\System32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x75A00000
Library C:\Windows\System32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x75880000
Library C:\Windows\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x75B00000
Library C:\Windows\System32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x75AA0000
Library C:\Windows\System32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75860000
Library C:\Windows\System32\nlaapi.dll (Network Location Awareness 2/Microsoft Corporation) 0x75430000
Library C:\Windows\system32\FunDisc.dll (Function Discovery Dll/Microsoft Corporation) 0x73E90000
Library C:\Windows\system32\pnidui.dll (Network System Icon/Microsoft Corporation) 0x73BD0000
Library C:\Windows\system32\QUtil.dll (Quarantine Utilities/Microsoft Corporation) 0x740E0000
Library C:\Windows\system32\wevtapi.dll (Eventing Consumption and Configuration API/Microsoft Corporation) 0x758C0000
Library C:\Windows\system32\wlanutil.dll (Windows Wireless LAN 802.11 Utility DLL/Microsoft Corporation) 0x745B0000
Library C:\Windows\system32\fdproxy.dll (Function Discovery Proxy Dll/Microsoft Corporation) 0x741B0000
Library C:\Windows\System32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x726A0000
Library C:\Windows\system32\msiltcfg.dll (Windows Installer Configuration API Stub/Microsoft Corporation) 0x740D0000
Library C:\Windows\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x71F40000
Library C:\Windows\system32\ACTXPRXY.DLL (ActiveX Interface Marshaling Library/Microsoft Corporation) 0x72850000
Library C:\Windows\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75DB0000
Library C:\Windows\system32\MLANG.dll (Multi Language Support DLL/Microsoft Corporation) 0x73BA0000
Library C:\Windows\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x721B0000
Library C:\Windows\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x774A0000
Library C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll (MSXML 5.0/Microsoft Corporation) 0x78800000
Library C:\Windows\system32\tquery.dll (tquery.lib/Microsoft Corporation) 0x718F0000
Library C:\Windows\system32\query.dll (Content Index Utility DLL/Microsoft Corporation) 0x71A90000
Library C:\Program Files\Common Files\System\Ole DB\oledb32.dll (OLE DB Core Services/Microsoft Corporation) 0x71840000
Library C:\Windows\system32\MSDART.DLL (OLE DB Runtime Routines/Microsoft Corporation) 0x74080000
Library C:\Windows\system32\COMDLG32.dll (Common Dialogs DLL/Microsoft Corporation) 0x77AE0000
Library C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL (OLE DB Core Services Resources/Microsoft Corporation) 0x72170000
Library C:\Windows\system32\msstrc.dll (msstrc.lib/Microsoft Corporation) 0x72160000
Library C:\Windows\system32\inetcomm.dll (Microsoft Internet Messaging API Resources/Microsoft Corporation) 0x71160000
Library C:\Windows\system32\MSOERT2.dll (Microsoft Windows Mail RT Lib/Microsoft Corporation) 0x71E60000
Library C:\Windows\system32\inetres.dll (Microsoft Internet Messaging API Resources/Microsoft Corporation) 0x716A0000
Library C:\Windows\system32\Wlanapi.dll (Windows WLAN AutoConfig Client Side API DLL/Microsoft Corporation) 0x73E30000
Library C:\Windows\system32\OneX.DLL (IEEE 802.1X supplicant library/Microsoft Corporation) 0x71EC0000
Library C:\Windows\system32\eappprxy.dll (Microsoft EAPHost Peer Client DLL/Microsoft Corporation) 0x71EB0000
Library C:\Windows\system32\eappcfg.dll (Eap Peer Config/Microsoft Corporation) 0x71E80000
Library C:\Windows\system32\bcrypt.dll (Windows Cryptographic Primitives Library/Microsoft Corporation) 0x757C0000
Library C:\Windows\System32\AltTab.dll (Windows Shell Alt Tab/Microsoft Corporation) 0x71790000
Library C:\Windows\system32\wpdshserviceobj.dll (Windows Portable Device Shell Service Object/Microsoft Corporation) 0x712B0000
Library C:\Windows\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x71250000
Library C:\Windows\System32\srchadmin.dll (Indexing Options/Microsoft Corporation) 0x710E0000
Library C:\Windows\System32\webcheck.dll (Web Site Monitor/Microsoft Corporation) 0x710A0000
Library C:\Windows\System32\SyncCenter.dll (Microsoft Sync Center/Microsoft Corporation) 0x70C60000
Library C:\Windows\system32\PortableDeviceTypes.dll (Windows Portable Device (Parameter) Types Component/Microsoft Corporation) 0x71130000
Library C:\Windows\system32\PortableDeviceApi.dll (Windows Portable Device API Components/Microsoft Corporation) 0x70FC0000
Library C:\Windows\system32\wscntfy.dll (Windows Security Center Notification App/Microsoft Corporation) 0x71000000
Library C:\Windows\system32\WSCAPI.dll (Windows Security Center API/Microsoft Corporation) 0x71780000
Library C:\Windows\system32\imapi2.dll (Image Mastering API v2/Microsoft Corporation) 0x70F00000
Library C:\Windows\system32\bthprops.cpl (Bluetooth Control Panel Applet/Microsoft Corporation) 0x70A00000
Library C:\Windows\System32\QAgent.dll (Quarantine Agent Proxy/Microsoft Corporation) 0x70F90000
Library C:\Windows\System32\fwpuclnt.dll (FWP/IPsec User-Mode API/Microsoft Corporation) 0x70970000
Library C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Tablet PC Input Panel Text Services Framework/Microsoft Corporation) 0x71D90000
Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x75A60000
Library C:\Windows\System32\ntlanman.dll (Microsoft® Lan Manager/Microsoft Corporation) 0x71E30000
Library C:\Windows\System32\drprov.dll (Microsoft Terminal Server Network Provider/Microsoft Corporation) 0x72190000
Library C:\Windows\System32\davclnt.dll (Web DAV Client DLL/Microsoft Corporation) 0x71E20000
Library C:\Windows\system32\mssvp.dll (MSSearch Vista Platform/Microsoft Corporation) 0x707C0000
Library C:\Windows\system32\MAPI32.dll (Extended MAPI 1.0 for Windows NT/Microsoft Corporation) 0x71E00000
Library c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) 0x10000000
Library C:\Windows\system32\xmllite.dll (Microsoft XmlLite Library/Microsoft Corporation) 0x74CF0000

Process C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) 1960
Library C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) 0x00400000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75F70000
Library C:\Windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x751A0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x721B0000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75900000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75AC0000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x774A0000
Library C:\Windows\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x77290000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76010000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x77750000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77150000
Library C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x76160000
Library C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x76380000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x74D60000
Library c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_15_1~1\McUtil.dll (McAfee Utility DLL/McAfee, Inc.) 0x62600000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77520000
Library C:\Windows\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x76F10000
Library C:\Windows\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x77AB0000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75380000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77A60000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76350000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77A40000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75AE0000
Library C:\PROGRA~1\McAfee\MSC\McRes.dll (McAfee Non-Localized Resource DLL/McAfee, Inc.) 0x67200000
Library C:\PROGRA~1\McAfee\MSC\1033\McLocRes.dll (McAfee Localized Resource DLL/McAfee, Inc.) 0x66500000
Library C:\Program Files\McAfee\MSC\oem\679\Mccobres.dll (McAfee Co-Branded Resource DLL/McAfee, Inc.) 0x66400000
Library C:\PROGRA~1\McAfee\MSC\Mccobres.dll (McAfee Co-Branded Resource DLL/McAfee, Inc.) 0x01380000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x77890000
Library c:\Windows\system32\msxml4.dll (MSXML 4.0 SP 2/Microsoft Corporation) 0x69B10000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x75460000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75E70000
Library C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll (Sqlite3 Database Module/McAfee, Inc.) 0x62800000
Library c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll (McAfee Core Proxy Stub/McAfee, Inc.) 0x62A00000
Library c:\PROGRA~1\mcafee\msc\mcmispps.dll (McAfee MISP Proxy Stub DLL/McAfee, Inc.) 0x66A00000
Library c:\PROGRA~1\mcafee.com\agent\mcagntps.dll (McAfee Integrated Security Platform/McAfee, Inc.) 0x66000000

Process c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee Integrated Security Platform/McAfee, Inc.) 2032
Library c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee Integrated Security Platform/McAfee, Inc.) 0x00400000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77920000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x771B0000
Library C:\Windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x756D0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x777E0000
Library C:\Windows\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x721B0000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75900000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x76E50000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x773D0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x776B0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x774D0000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75AC0000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75EC0000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x774A0000
Library C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x76380000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77150000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76010000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x77750000
Library C:\Windows\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x76F10000
Library C:\Windows\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x77AB0000
Library C:\Windows\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x77290000
Library C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x76160000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x77AC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77080000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x77A50000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77000000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x74D60000
Library C:\PROGRA~1\McAfee\MSC\McRes.dll (McAfee Non-Localized Resource DLL/McAfee, Inc.) 0x67200000
Library C:\PROGRA~1\McAfee\MSC\1033\McLocRes.dll (McAfee Localized Resource DLL/McAfee, Inc.) 0x66500000
Library C:\Program Files\McAfee\MSC\oem\679\Mccobres.dll (McAfee Co-Branded Resource DLL/McAfee, Inc.) 0x66400000
Library C:\PROGRA~1\McAfee\MSC\Mccobres.dll (McAfee Co-Branded Resource DLL/McAfee, Inc.) 0x00D90000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75380000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77A60000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76350000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77A40000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75F70000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75AE0000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x77890000
Library c:\Windows\system32\msxml4.dll (MSXML 4.0 SP 2/Microsoft Corporation) 0x69B10000
Library C:\Windows\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x751A0000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75E70000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x75460000
Library C:\Windows\system32\ncrypt.dll (Windows cryptographic library/Microsoft Corporation) 0x75810000
Library C:\Windows\system32\BCRYPT.dll (Windows Cryptographic Primitives Library/Microsoft Corporation) 0x757C0000
Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x753E0000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75A20000
Library C:\Windows\system32\cryptnet.dll (Crypto Network Related API/Microsoft Corporation) 0x71570000
Library C:\Windows\system32\SensApi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x728B0000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\Cabinet.dll (Microsoft® Cabinet File API/Microsoft Corporation) 0x728D0000
Library C:\PROGRA~1\McAfee\MSC\McAltLib.dll (MISP Alert Library/McAfee, Inc.) 0x66100000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x73B10000
Library C:\PROGRA~1\COMMON~1\McAfee\MSC\MispLF.dll (MISP Look-and-Feel Library/McAfee, Inc.) 0x62500000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x75650000
Library C:\Windows\system32\riched20.dll (Rich Text Edit Control, v3.1/Microsoft Corporation) 0x72620000
Library C:\Windows\system32\winmm.dll (MCI API DLL/Microsoft Corporation) 0x74680000
Library C:\Windows\system32\OLEACC.dll (Active Accessibility Core Component/Microsoft Corporation) 0x74640000
Library c:\PROGRA~1\COMMON~1\mcafee\msc\mcutil\9_15_1~1\McUtil.dll (McAfee Utility DLL/McAfee, Inc.) 0x62600000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77520000
Library c:\PROGRA~1\mcafee\msc\mcuicfg.dll (McAfee Integrated Security Platform/McAfee, Inc.) 0x67600000
Library C:\Windows\System32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x726A0000
Library c:\progra~1\mcafee\msc\mcsubmgr\9_15_1~2\mcsubmgr.dll (McAfee Subscription manager module/McAfee, Inc.) 0x67500000
Library c:\PROGRA~1\mcafee\msc\mcregobj\9_15_1~1\mcregobj.dll (MISP Registration Component/McAfee, Inc.) 0x67100000
Library c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll (McAfee Core Proxy Stub/McAfee, Inc.) 0x62A00000
Library c:\PROGRA~1\mcafee\msc\mcmispps.dll (McAfee MISP Proxy Stub DLL/McAfee, Inc.) 0x66A00000
Library C:\Windows\system32\winhttp.dll (Windows HTTP Services/Microsoft Corporation) 0x71250000
Library c:\PROGRA~1\mcafee.com\agent\mcagntps.dll (McAfee Integrated Security Platform/McAfee, Inc.) 0x66000000
Library c:\PROGRA~1\mcafee\msc\mccfgpv.dll (MISP Default Configuration Provider/McAfee, Inc.) 0x66300000
Library C:\Windows\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x75880000
Library C:\Windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x75B00000
Library C:\Windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x75AA0000
Library C:\Windows\system32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75860000

---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service C:\Windows\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service C:\Windows\system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [DISABLED] adp94xx
Service C:\Windows\system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [DISABLED] adpahci
Service C:\Windows\system32\drivers\adpu160m.sys (Adaptec LH Ultra160 Driver (x86)/Adaptec, Inc.) [DISABLED] adpu160m
Service C:\Windows\system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver/Adaptec, Inc.) [DISABLED] adpu320
Service adsi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AeLookupSvc
Service C:\Windows\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service C:\Windows\system32\drivers\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440
Service C:\Windows\system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [DISABLED] aic78xx
Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service C:\Windows\system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [DISABLED] aliide
Service C:\Windows\system32\drivers\amdagp.sys (AMD NT AGP Filter/Microsoft Corporation) [MANUAL] amdagp
Service C:\Windows\system32\drivers\amdide.sys (AMD IDE Driver/Microsoft Corporation) [DISABLED] amdide
Service C:\Windows\system32\drivers\amdk7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] AmdK7
Service C:\Windows\system32\DRIVERS\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) AppMgmt
Service C:\Windows\system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [DISABLED] arc
Service C:\Windows\system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [DISABLED] arcsas
Service C:\Users\GOTOHE~1\AppData\Local\Temp\aswArKrn.sys [MANUAL] aswArKrn
Service C:\Windows\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\Windows\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Audiosrv
Service (Battery Class Driver/Microsoft Corporation) BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BITS
Service system32\drivers\blbdrive.sys [DISABLED] blbdrive
Service C:\Windows\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
Service C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Browser
Service C:\Windows\system32\drivers\brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [DISABLED] Brserid
Service C:\Windows\system32\drivers\brserwdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [DISABLED] BrSerWdm
Service C:\Windows\system32\drivers\brusbmdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [DISABLED] BrUsbMdm
Service C:\Windows\system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service C:\Windows\system32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [DISABLED] BTHMODEM
Service C:\Users\GOTOHE~1\AppData\Local\Temp\catchme.sys [MANUAL] catchme
Service C:\Windows\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
Service C:\Windows\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc
Service C:\Windows\system32\drivers\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [DISABLED] circlass
Service C:\Windows\System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service C:\Windows\system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] cmdide
Service C:\Windows\system32\drivers\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [DISABLED] Compbatt
Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service C:\Windows\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [BOOT] crcdisk
Service C:\Windows\system32\drivers\crusoe.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Crusoe
Service crypt32
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc
Service DCLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\Windows\System32\Drivers\dfsc.sys (DFS Client MUP Surrogate Driver/Microsoft Corporation) [SYSTEM] DfsC
Service C:\Windows\system32\DFSR.exe (Distributed File System Replication/Microsoft Corporation) [MANUAL] DFSR
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\Windows\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] disk
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS
Service C:\Windows\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\Windows\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl
Service C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel® PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\Windows\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) [BOOT] Ecache
Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center Receiver Service/Microsoft Corporation) [MANUAL] ehRecvr
Service C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service/Microsoft Corporation) [MANUAL] ehSched
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ehstart
Service C:\Windows\system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [DISABLED] elxstor
Service EmdCache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EMDMgmt
Service ESENT
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Eventlog
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem
Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat
Service C:\Windows\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [DISABLED] fdc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] fdPHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] FDResPub
Service C:\Windows\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo
Service C:\Windows\system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace
Service C:\Windows\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [DISABLED] flpydisk
Service C:\Windows\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\Windows\system32\drivers\gagp30kx.sys (MS Generic AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] gagp30kx
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] gpsvc
Service C:\Windows\system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService
Service C:\Windows\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus
Service C:\Windows\system32\drivers\hidbth.sys (Bluetooth Miniport Driver for HID Devices/Microsoft Corporation) [DISABLED] HidBth
Service C:\Windows\system32\drivers\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [DISABLED] HidIr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] hidserv
Service C:\Windows\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hkmsvc
Service C:\Windows\system32\drivers\hpcisss.sys (Smart Array Storport Driver/Hewlett-Packard Company) [DISABLED] HpCISSs
Service C:\Windows\system32\DRIVERS\HSX_DP.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DP
Service C:\Windows\system32\DRIVERS\HSXHWBS2.sys (HSF_HWB2 WDM driver/Conexant Systems, Inc.) [MANUAL] HSXHWBS2
Service C:\Windows\system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\Windows\system32\drivers\i2omp.sys (I2O Miniport Driver/Microsoft Corporation) [DISABLED] i2omp
Service C:\Windows\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\Windows\system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) [DISABLED] iaStorV
Service c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service C:\Windows\system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [DISABLED] iirsp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] IKEEXT
Service inetaccs
Service C:\Windows\system32\drivers\RTKVHDA.sys (Realtek® High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service C:\Windows\system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [DISABLED] intelide
Service C:\Windows\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] intelppm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] IPBusEnum
Service C:\Windows\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] iphlpsvc
Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\Windows\system32\drivers\ipmidrv.sys (WMI IPMI DRIVER/Microsoft Corporation) [DISABLED] IPMIDRV
Service C:\Windows\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT
Service C:\Windows\system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service C:\Windows\system32\drivers\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [DISABLED] isapnp
Service C:\Windows\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt
Service C:\Windows\system32\drivers\iteatapi.sys (ITE IT8211 ATA/ATAPI SCSI miniport/Integrated Technology Express, Inc.) [DISABLED] iteatapi
Service C:\Windows\system32\drivers\iteraid.sys (ITE IT8212 ATA RAID SCSI miniport/Integrated Technology Express, Inc.) [DISABLED] iteraid
Service C:\Windows\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] kbdclass
Service C:\Windows\system32\drivers\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation) [DISABLED] kbdhid
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso
Service C:\Windows\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] KtmRm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation
Service ldap
Service c:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [AUTO] LightScribeService
Service C:\Windows\system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts
Service Lsa
Service C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic Fusion-MPT FC Driver (StorPort)/LSI Logic) [DISABLED] LSI_FC
Service C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic Fusion-MPT SAS Driver (StorPort)/LSI Logic) [DISABLED] LSI_SAS
Service C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) [DISABLED] LSI_SCSI
Service C:\Windows\system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv
Service C:\Windows\system32\lxcycoms.exe (Printer Communication System/ ) [AUTO] lxcy_device
Service C:\??\C:\Windows\system32\drivers\mbamswissarmy.sys [MANUAL] MBAMSwissArmy
Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (SiteAdvisor/McAfee, Inc.) [AUTO] McAfee SiteAdvisor Service
Service C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee Services/McAfee, Inc.) [AUTO] mcmscsvc
Service c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee Network Agent/McAfee, Inc.) [AUTO] McNASvc
Service C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee VirusScan - On Demand Scan/McAfee, Inc.) [MANUAL] McODS
Service c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) [AUTO] McProxy
Service C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (On-Access Scanner service/McAfee, Inc.) [AUTO] McShield
Service C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee SystemGuards Service/McAfee, Inc.) [MANUAL] McSysmon
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc
Service C:\Windows\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) [AUTO] mdmxsdk
Service C:\Windows\system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) [DISABLED] megasas
Service C:\Windows\system32\CBA8.tmp [MANUAL] MEMSWEEP2
Service C:\Windows\system32\drivers\mfeavfk.sys (Anti-Virus File System Filter Driver/McAfee, Inc.) [MANUAL] mfeavfk

#11 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 10 March 2010 - 11:09 PM

Service C:\Windows\system32\drivers\mfebopk.sys (Buffer Overflow Protection Driver/McAfee, Inc.) [MANUAL] mfebopk
Service C:\Windows\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) [SYSTEM] mfehidk
Service C:\Windows\system32\drivers\mferkdk.sys (VSCore Code Analysis Driver/McAfee, Inc.) [MANUAL] mferkdk
Service C:\Windows\system32\drivers\mfesmfk.sys (System Monitor Filter Driver/McAfee, Inc.) [MANUAL] mfesmfk
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS
Service C:\Windows\system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\Windows\system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
Service C:\Windows\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] mouclass
Service C:\Windows\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service C:\Windows\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [BOOT] MountMgr
Service C:\Windows\System32\Drivers\Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) [SYSTEM] MPFP
Service C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee Personal Firewall Service/McAfee, Inc.) [AUTO] MpfService
Service C:\Windows\system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [DISABLED] mpio
Service C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc
Service C:\Windows\system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) [DISABLED] Mraid35x
Service C:\Windows\system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\Windows\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
Service C:\Windows\system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
Service C:\Windows\system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
Service C:\Windows\system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [DISABLED] msahci
Service C:\Windows\system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [DISABLED] msdsm
Service C:\Windows\System32\msdtc.exe (MS DTCconsole program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\Windows\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] msiserver
Service C:\Windows\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\Windows\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\Windows\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC
Service MSSCNTRS
Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\Windows\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service C:\Windows\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent
Service C:\Windows\system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP
Service C:\Windows\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\Windows\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\Windows\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\Windows\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\Windows\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\Windows\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] netbt
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Netman
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] netprofm
Service C:\Windows\system32\DRIVERS\netr73.sys (Ralink 802.11 USB Wireless Adapter Driver/Ralink Technology, Corp.) [MANUAL] netr73
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service C:\Windows\system32\drivers\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [DISABLED] nfrd960
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] NlaSvc
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] nsi
Service C:\Windows\system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy
Service NTDS
Service (NT File System Driver/Microsoft Corporation) [MANUAL] Ntfs
Service C:\Windows\system32\drivers\ntrigdigi.sys (N-trig tablet digitizer in-box driver/N-trig Innovative Technologies) [DISABLED] ntrigdigi
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\Windows\system32\DRIVERS\nvm60x32.sys (NVIDIA MCP Networking Function Driver./NVIDIA Corporation) [MANUAL] NVENETFD
Service C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 100.65 /NVIDIA Corporation) [MANUAL] nvlddmkm
Service C:\Windows\system32\drivers\nvraid.sys (NVIDIA® nForce™ RAID Driver/NVIDIA Corporation) [DISABLED] nvraid
Service C:\Windows\system32\drivers\nvstor.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) [DISABLED] nvstor
Service C:\Windows\system32\drivers\nvstor32.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) [BOOT] nvstor32
Service C:\Windows\system32\drivers\nv_agp.sys (NForce NT AGP Filter/Microsoft Corporation) [MANUAL] nv_agp
Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv
Service C:\Windows\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2pimsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2psvc
Service C:\Windows\system32\drivers\parport.sys (Parallel Port Driver/Microsoft Corporation) [DISABLED] Parport
Service C:\Windows\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr
Service C:\Windows\system32\drivers\parvdm.sys (VDM Parallel Driver/Microsoft Corporation) [AUTO] Parvdm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PcaSvc
Service C:\Windows\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] pci
Service C:\Windows\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] pciide
Service C:\Windows\system32\drivers\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] pcmcia
Service C:\Windows\system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] pla
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PlugPlay
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPAutoReg
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PolicyAgent
Service PortProxy
Service C:\Windows\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\Windows\system32\drivers\processr.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Processor
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ProfSvc
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage
Service C:\Windows\system32\DRIVERS\PS2.sys (PS2 SYS/Hewlett-Packard Company) [MANUAL] Ps2
Service C:\Windows\system32\DRIVERS\pacer.sys (QoS Packet Scheduler/Microsoft Corporation) [SYSTEM] PSched
Service C:\Windows\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\Windows\system32\drivers\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [DISABLED] ql2300
Service C:\Windows\system32\drivers\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [DISABLED] ql40xx
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] QWAVE
Service C:\Windows\system32\drivers\qwavedrv.sys (Microsoft Quality Windows Audio Video Experience (qWave) Support Driver/Microsoft Corporation) [MANUAL] QWAVEdrv
Service C:\Windows\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\Windows\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\Windows\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\Windows\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] rdbss
Service C:\Windows\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\Windows\system32\drivers\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [DISABLED] rdpdr
Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
Service RDPNP
Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RemoteRegistry
Service c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (RoxMediaDB9 Module/Sonic Solutions) [MANUAL] RoxMediaDB9
Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\Windows\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs
Service C:\??\C:\Windows\system32\SAVRKBootTasks.sys [SYSTEM] SAVRKBootTasks
Service C:\Windows\system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [DISABLED] sbp2port
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Schedule
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCPolicySvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SDRSVC
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] seclogon
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SENS
Service C:\Windows\system32\drivers\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum
Service C:\Windows\system32\drivers\serial.sys (Serial Device Driver/Microsoft Corporation) [MANUAL] Serial
Service C:\Windows\system32\drivers\sermouse.sys (Serial Mouse Filter Driver/Microsoft Corporation) [DISABLED] sermouse
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SessionEnv
Service C:\Windows\system32\drivers\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [DISABLED] sffdisk
Service C:\Windows\system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc
Service C:\Windows\system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
Service C:\Windows\system32\drivers\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [DISABLED] sfloppy
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service C:\Windows\system32\drivers\sisagp.sys (SIS NT AGP Filter/Microsoft Corporation) [MANUAL] sisagp
Service C:\Windows\system32\drivers\sisraid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [DISABLED] SiSRaid2
Service C:\Windows\system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [DISABLED] SiSRaid4
Service C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) [AUTO] slsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SLUINotify
Service C:\Windows\system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [SYSTEM] Smb
Service SMSvcHost 3.0.0.0
Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP
Service (loader for security processor/Microsoft Corporation) [BOOT] spldr
Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\Windows\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv
Service C:\Windows\System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2
Service C:\Windows\System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] stisvc
Service c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (SureThing Labelflash Disc Printer Service Module/MicroVision Development, Inc.) [MANUAL] stllssvr
Service C:\Windows\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv
Service C:\Windows\system32\drivers\symc8xx.sys (LSI Logic 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] Symc8xx
Service SYMTDI
Service C:\Windows\system32\drivers\sym_hi.sys (LSI Logic Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_hi
Service C:\Windows\system32\drivers\sym_u3.sys (LSI Logic Ultra160 SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_u3
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TabletInputService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TBS
Service C:\Windows\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service C:\Windows\system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] Tcpip6
Service C:\Windows\System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg
Service C:\Windows\system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service C:\Windows\system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\Windows\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx
Service C:\Windows\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TermService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller
Service TSDDD
Service C:\Windows\System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv
Service C:\Windows\system32\DRIVERS\tunmp.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunmp
Service C:\Windows\system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel
Service C:\Windows\system32\drivers\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35
Service C:\Windows\system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs
Service UGatherer
Service UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect
Service C:\Windows\system32\drivers\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx
Service C:\Windows\system32\drivers\uliahci.sys (ULi SATA Controller Driver/ULi Electronics Inc.) [DISABLED] uliahci
Service C:\Windows\system32\drivers\ulsata.sys (Promise Ultra/Sata Series Driver for Win2003/Promise Technology, Inc.) [DISABLED] UlSata
Service C:\Windows\system32\drivers\ulsata2.sys (Promise SATAII150 Series Windows Drivers/Promise Technology, Inc.) [DISABLED] ulsata2
Service C:\Windows\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] upnphost
Service usb
Service C:\Windows\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\Windows\system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [DISABLED] usbcir
Service C:\Windows\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\Windows\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\Windows\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service C:\Windows\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\Windows\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:\Windows\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\Windows\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [DISABLED] usbuhci
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] UxSms
Service C:\Windows\System32\vds.exe (Virtual Disk Service/Microsoft Corporation) [MANUAL] vds
Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service C:\Windows\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service C:\Windows\system32\drivers\viaagp.sys (VIA NT AGP Filter/Microsoft Corporation) [MANUAL] viaagp
Service C:\Windows\system32\drivers\viac7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] ViaC7
Service C:\Windows\system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [DISABLED] viaide
Service C:\Windows\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr
Service C:\Windows\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) [BOOT] volmgrx
Service C:\Windows\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] volsnap
Service C:\Windows\system32\drivers\vsmraid.sys (VIA RAID DRIVER FOR X86-32/VIA Technologies Inc.,Ltd) [DISABLED] vsmraid
Service C:\Windows\system32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\Windows\system32\drivers\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [DISABLED] WacomPen
Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wcncsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WcsPlugInService
Service C:\Windows\system32\drivers\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [DISABLED] Wd
Service C:\Windows\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) [BOOT] Wdf01000
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiServiceHost
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiSystemHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WebClient
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Wecsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wercplsupport
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WerSvc
Service C:\Windows\system32\DRIVERS\HSX_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WinDefend
Service Windows Workflow Foundation 3.0.0.0
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Winmgmt
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Wlansvc
Service C:\Windows\system32\drivers\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [DISABLED] WmiAcpi
Service WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv
Service C:\Program Files\Windows Media Player\wmpnetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPCSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WPDBusEnum
Service C:\Windows\system32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] ws2ifsl
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) [AUTO] WSearch
Service WSearchIdxPi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\Windows\system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wudfsvc
Service C:\Windows\system32\DRIVERS\xaudio.sys (Modem Audio Device Driver/Conexant Systems, Inc.) [AUTO] XAudio
Service C:\Windows\system32\DRIVERS\xaudio.exe (Modem Audio Service/Conexant Systems, Inc.) [AUTO] XAudioService
Service xmlprov
Service {601A5320-DCF5-446A-927C-B8D82549B2D5}
Service {8060C6D3-062F-406E-8681-7AB4EB918648}
Service {F3769668-9053-4646-A348-318E45BF9064}

---- EOF - GMER 1.0.15 ----

INT 0x00 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D7F0
INT 0x01 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D970
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DDC4
INT 0x04 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DF4C
INT 0x05 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8E0AC
INT 0x06 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8E220
INT 0x07 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8E890
INT 0x09 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8ECB8
INT 0x0A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8EDDC
INT 0x0B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8EF1C
INT 0x0C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8F17C
INT 0x0D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8F464
INT 0x0E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FB68
INT 0x0F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x10 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C9001C
INT 0x11 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C9015C
INT 0x12 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x13 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C902C8
INT 0x14 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x15 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x16 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x17 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x18 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x19 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x1A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x1B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x1C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x1D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x1E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x1F \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB5AC4
INT 0x2A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8CF5A
INT 0x2B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D0E0
INT 0x2C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D21C
INT 0x2D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DC9C
INT 0x2E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C91E
INT 0x2F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FEF8
INT 0x30 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFE0
INT 0x31 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFEA
INT 0x32 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFF4
INT 0x33 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFFE
INT 0x34 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C008
INT 0x35 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C012
INT 0x36 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C01C
INT 0x37 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB50E8
INT 0x38 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C030
INT 0x39 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C03A
INT 0x3A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C044
INT 0x3B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C04E
INT 0x3C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C058
INT 0x3D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C062
INT 0x3E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C06C
INT 0x3F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C076
INT 0x40 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C080
INT 0x41 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C08A
INT 0x42 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C094
INT 0x43 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C09E
INT 0x44 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0A8
INT 0x45 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0B2
INT 0x46 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0BC
INT 0x47 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0C6
INT 0x48 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0D0
INT 0x49 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0DA
INT 0x4A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0E4
INT 0x4B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0EE
INT 0x4C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0F8
INT 0x4D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C102
INT 0x4E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C10C
INT 0x4F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C116
INT 0x50 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C120
INT 0x51 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C12A
INT 0x52 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 88260E1B
INT 0x53 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C13E
INT 0x54 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C148
INT 0x55 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C152
INT 0x56 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C15C
INT 0x57 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C166
INT 0x58 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C170
INT 0x59 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C17A
INT 0x5A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C184
INT 0x5B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C18E
INT 0x5C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C198
INT 0x5D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1A2
INT 0x5E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1AC
INT 0x5F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1B6
INT 0x60 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1C0
INT 0x61 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1CA
INT 0x62 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 88260E1B
INT 0x63 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1DE
INT 0x64 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1E8
INT 0x65 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1F2
INT 0x66 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1FC
INT 0x67 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C206
INT 0x68 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C210
INT 0x69 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C21A
INT 0x6A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C224
INT 0x6B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C22E
INT 0x6C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C238
INT 0x6D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C242
INT 0x6E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C24C
INT 0x6F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C256
INT 0x70 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C260
INT 0x71 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) 87E0415C
INT 0x72 \SystemRoot\system32\drivers\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 8078EED0
INT 0x73 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C27E
INT 0x74 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C288
INT 0x75 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C292
INT 0x76 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C29C
INT 0x77 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2A6
INT 0x78 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2B0
INT 0x79 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2BA
INT 0x7A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2C4
INT 0x7B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2CE
INT 0x7C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2D8
INT 0x7D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2E2
INT 0x7E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2EC
INT 0x7F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2F6
INT 0x80 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C300
INT 0x81 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C30A
INT 0x82 \SystemRoot\system32\drivers\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 8078EED0
INT 0x83 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C31E
INT 0x84 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C328
INT 0x85 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C332
INT 0x86 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C33C
INT 0x87 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C346
INT 0x88 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C350
INT 0x89 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C35A
INT 0x8A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C364
INT 0x8B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C36E
INT 0x8C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C378
INT 0x8D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C382
INT 0x8E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C38C
INT 0x8F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C396
INT 0x90 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3A0
INT 0x91 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3AA
INT 0x92 \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 807E9E48
INT 0x93 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3BE
INT 0x94 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3C8
INT 0x95 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3D2
INT 0x96 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3DC
INT 0x97 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3E6
INT 0x98 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3F0
INT 0x99 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3FA
INT 0x9A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C404
INT 0x9B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C40E
INT 0x9C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C418
INT 0x9D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C422
INT 0x9E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C42C
INT 0x9F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C436
INT 0xA0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C440
INT 0xA1 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C44A
INT 0xA2 \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 807E9E48
INT 0xA3 \SystemRoot\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) 883B6354
INT 0xA4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C468
INT 0xA5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C472
INT 0xA6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C47C
INT 0xA7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C486
INT 0xA8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C490
INT 0xA9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C49A
INT 0xAA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4A4
INT 0xAB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4AE
INT 0xAC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4B8
INT 0xAD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4C2
INT 0xAE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4CC
INT 0xAF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4D6
INT 0xB0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4E0
INT 0xB1 \SystemRoot\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) 8023768C
INT 0xB2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4F4
INT 0xB3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4FE
INT 0xB4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C508
INT 0xB5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C512
INT 0xB6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C51C
INT 0xB7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C526
INT 0xB8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C530
INT 0xB9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C53A
INT 0xBA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C544
INT 0xBB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C54E
INT 0xBC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C558
INT 0xBD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C562
INT 0xBE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C56C
INT 0xBF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C576
INT 0xC0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C580
INT 0xC1 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB53D8
INT 0xC2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C594
INT 0xC3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C59E
INT 0xC4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5A8
INT 0xC5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5B2
INT 0xC6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5BC
INT 0xC7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5C6
INT 0xC8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5D0
INT 0xC9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5DA
INT 0xCA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5E4
INT 0xCB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5EE
INT 0xCC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5F8
INT 0xCD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C602
INT 0xCE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C60C
INT 0xCF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C616
INT 0xD0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C620
INT 0xD1 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FA3C64
INT 0xD2 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FA3F08
INT 0xD3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C63E
INT 0xD4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C648
INT 0xD5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C652
INT 0xD6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C65C
INT 0xD7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C666
INT 0xD8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C670
INT 0xD9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C67A
INT 0xDA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C684
INT 0xDB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C68E
INT 0xDC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C698
INT 0xDD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6A2
INT 0xDE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6AC
INT 0xDF \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB51C0
INT 0xE0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6C0
INT 0xE1 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB5934
INT 0xE2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6D4
INT 0xE3 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB56D4
INT 0xE4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6E8
INT 0xE5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6F2
INT 0xE6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C6FC
INT 0xE7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C706
INT 0xE8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C710
INT 0xE9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C71A
INT 0xEA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C724
INT 0xEB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C72E
INT 0xEC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C738
INT 0xED \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C742
INT 0xEE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C749
INT 0xEF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C750
INT 0xF0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C757
INT 0xF1 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C75E
INT 0xF2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C765
INT 0xF3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C76C
INT 0xF4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C773
INT 0xF5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C77A
INT 0xF6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C781
INT 0xF7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C788
INT 0xF8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C78F
INT 0xF9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C796
INT 0xFA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C79D
INT 0xFB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C7A4
INT 0xFC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C7AB
INT 0xFD \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB5EDC
INT 0xFE \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB6148
INT 0xFF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C7C0

SYSENTER \SystemRoot\system32\ntkrnlpa.exe 81C8C9F0

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \
Device \Driver\NDIS \Device\Ndis ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

#12 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 10 March 2010 - 11:14 PM

Service C:\Windows\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2pimsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2psvc
Service C:\Windows\system32\drivers\parport.sys (Parallel Port Driver/Microsoft Corporation) [DISABLED] Parport
Service C:\Windows\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr
Service C:\Windows\system32\drivers\parvdm.sys (VDM Parallel Driver/Microsoft Corporation) [AUTO] Parvdm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PcaSvc
Service C:\Windows\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] pci
Service C:\Windows\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] pciide
Service C:\Windows\system32\drivers\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] pcmcia
Service C:\Windows\system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] pla
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PlugPlay
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPAutoReg
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PolicyAgent
Service PortProxy
Service C:\Windows\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\Windows\system32\drivers\processr.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Processor
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ProfSvc
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage
Service C:\Windows\system32\DRIVERS\PS2.sys (PS2 SYS/Hewlett-Packard Company) [MANUAL] Ps2
Service C:\Windows\system32\DRIVERS\pacer.sys (QoS Packet Scheduler/Microsoft Corporation) [SYSTEM] PSched
Service C:\Windows\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\Windows\system32\drivers\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [DISABLED] ql2300
Service C:\Windows\system32\drivers\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [DISABLED] ql40xx
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] QWAVE
Service C:\Windows\system32\drivers\qwavedrv.sys (Microsoft Quality Windows Audio Video Experience (qWave) Support Driver/Microsoft Corporation) [MANUAL] QWAVEdrv
Service C:\Windows\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\Windows\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\Windows\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\Windows\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] rdbss
Service C:\Windows\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\Windows\system32\drivers\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [DISABLED] rdpdr
Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
Service RDPNP
Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RemoteRegistry
Service c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (RoxMediaDB9 Module/Sonic Solutions) [MANUAL] RoxMediaDB9
Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\Windows\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs
Service C:\??\C:\Windows\system32\SAVRKBootTasks.sys [SYSTEM] SAVRKBootTasks
Service C:\Windows\system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [DISABLED] sbp2port
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Schedule
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCPolicySvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SDRSVC
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] seclogon
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SENS
Service C:\Windows\system32\drivers\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum
Service C:\Windows\system32\drivers\serial.sys (Serial Device Driver/Microsoft Corporation) [MANUAL] Serial
Service C:\Windows\system32\drivers\sermouse.sys (Serial Mouse Filter Driver/Microsoft Corporation) [DISABLED] sermouse
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SessionEnv
Service C:\Windows\system32\drivers\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [DISABLED] sffdisk
Service C:\Windows\system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc
Service C:\Windows\system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
Service C:\Windows\system32\drivers\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [DISABLED] sfloppy
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service C:\Windows\system32\drivers\sisagp.sys (SIS NT AGP Filter/Microsoft Corporation) [MANUAL] sisagp
Service C:\Windows\system32\drivers\sisraid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [DISABLED] SiSRaid2
Service C:\Windows\system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [DISABLED] SiSRaid4
Service C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) [AUTO] slsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SLUINotify
Service C:\Windows\system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [SYSTEM] Smb
Service SMSvcHost 3.0.0.0
Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP
Service (loader for security processor/Microsoft Corporation) [BOOT] spldr
Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\Windows\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv
Service C:\Windows\System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2
Service C:\Windows\System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] stisvc
Service c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (SureThing Labelflash Disc Printer Service Module/MicroVision Development, Inc.) [MANUAL] stllssvr
Service C:\Windows\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv
Service C:\Windows\system32\drivers\symc8xx.sys (LSI Logic 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] Symc8xx
Service SYMTDI
Service C:\Windows\system32\drivers\sym_hi.sys (LSI Logic Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_hi
Service C:\Windows\system32\drivers\sym_u3.sys (LSI Logic Ultra160 SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_u3
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TabletInputService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TBS
Service C:\Windows\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service C:\Windows\system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] Tcpip6
Service C:\Windows\System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg
Service C:\Windows\system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service C:\Windows\system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\Windows\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx
Service C:\Windows\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TermService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller
Service TSDDD
Service C:\Windows\System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv
Service C:\Windows\system32\DRIVERS\tunmp.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunmp
Service C:\Windows\system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel
Service C:\Windows\system32\drivers\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35
Service C:\Windows\system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs
Service UGatherer
Service UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect
Service C:\Windows\system32\drivers\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx
Service C:\Windows\system32\drivers\uliahci.sys (ULi SATA Controller Driver/ULi Electronics Inc.) [DISABLED] uliahci
Service C:\Windows\system32\drivers\ulsata.sys (Promise Ultra/Sata Series Driver for Win2003/Promise Technology, Inc.) [DISABLED] UlSata
Service C:\Windows\system32\drivers\ulsata2.sys (Promise SATAII150 Series Windows Drivers/Promise Technology, Inc.) [DISABLED] ulsata2
Service C:\Windows\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] upnphost
Service usb
Service C:\Windows\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\Windows\system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [DISABLED] usbcir
Service C:\Windows\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\Windows\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\Windows\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service C:\Windows\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\Windows\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:\Windows\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\Windows\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [DISABLED] usbuhci
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] UxSms
Service C:\Windows\System32\vds.exe (Virtual Disk Service/Microsoft Corporation) [MANUAL] vds
Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service C:\Windows\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service C:\Windows\system32\drivers\viaagp.sys (VIA NT AGP Filter/Microsoft Corporation) [MANUAL] viaagp
Service C:\Windows\system32\drivers\viac7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] ViaC7
Service C:\Windows\system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [DISABLED] viaide
Service C:\Windows\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr
Service C:\Windows\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) [BOOT] volmgrx
Service C:\Windows\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] volsnap
Service C:\Windows\system32\drivers\vsmraid.sys (VIA RAID DRIVER FOR X86-32/VIA Technologies Inc.,Ltd) [DISABLED] vsmraid
Service C:\Windows\system32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\Windows\system32\drivers\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [DISABLED] WacomPen
Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wcncsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WcsPlugInService
Service C:\Windows\system32\drivers\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [DISABLED] Wd
Service C:\Windows\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) [BOOT] Wdf01000
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiServiceHost
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiSystemHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WebClient
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Wecsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wercplsupport
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WerSvc
Service C:\Windows\system32\DRIVERS\HSX_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WinDefend
Service Windows Workflow Foundation 3.0.0.0
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Winmgmt
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Wlansvc
Service C:\Windows\system32\drivers\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [DISABLED] WmiAcpi
Service WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv
Service C:\Program Files\Windows Media Player\wmpnetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPCSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WPDBusEnum
Service C:\Windows\system32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] ws2ifsl
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) [AUTO] WSearch
Service WSearchIdxPi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\Windows\system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wudfsvc
Service C:\Windows\system32\DRIVERS\xaudio.sys (Modem Audio Device Driver/Conexant Systems, Inc.) [AUTO] XAudio
Service C:\Windows\system32\DRIVERS\xaudio.exe (Modem Audio Service/Conexant Systems, Inc.) [AUTO] XAudioService
Service xmlprov
Service {601A5320-DCF5-446A-927C-B8D82549B2D5}
Service {8060C6D3-062F-406E-8681-7AB4EB918648}
Service {F3769668-9053-4646-A348-318E45BF9064}

---- EOF - GMER 1.0.15 ----


#13 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 10 March 2010 - 11:18 PM

My computer wouldnt allow me to post this the normal way. I a, having so many problems when I am on your particular website. When I try to delete or backspace something the mouse just keep going until it wipe everything out of the box. Then I try to re-post again. This is so weird. Then I keep getting that freakin message about low disk space which I dont know what to do. Sorry I had to make that many post but normally I do know how to post a single report but it keep telling me to save data and it was too much too post.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:35 PM

Posted 11 March 2010 - 01:36 PM

Hi,

can you please run a new scan with ComboFix.

Please delete all old copies and download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 11 March 2010 - 11:42 PM

ComboFix 10-03-11.02 - hell nawl 03/11/2010 22:18:01.6.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.501.224 [GMT -6:00]
Running from: c:\users\hell nawl\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 )))))))))))))))))))))))))))))))
.

2010-03-12 04:27 . 2010-03-12 04:28 -------- d-----w- c:\users\hell nawl\AppData\Local\temp
2010-03-12 04:27 . 2010-03-12 04:27 -------- d-----w- c:\users\Students Area\AppData\Local\temp
2010-03-12 04:27 . 2010-03-12 04:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-12 04:20 . 2010-03-12 04:20 680 ----a-w- c:\users\hell nawl\AppData\Local\d3d9caps.dat
2010-03-12 04:16 . 2010-03-12 04:17 -------- d-----w- C:\32788R22FWJFW
2010-02-28 19:26 . 2010-01-23 08:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-28 19:25 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-28 19:25 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2010-02-28 19:25 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-28 19:25 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-28 19:25 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-28 19:25 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-28 19:25 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-28 19:25 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-28 19:25 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 02:09 . 2009-05-06 00:22 91752 ----a-w- c:\users\hell nawl\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-12 17:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 04:54 . 2010-01-28 10:06 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-11 04:54 . 2010-01-28 10:06 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-31 21:20 . 2009-12-16 21:44 15 ----a-w- c:\users\hell nawl\settings.dat
2010-01-30 08:27 . 2010-01-28 10:06 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-30 08:27 . 2010-01-28 10:06 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-30 02:50 . 2010-01-30 02:50 -------- d-----w- c:\program files\Secunia
2010-01-30 02:40 . 2010-01-30 02:38 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-30 02:36 . 2010-01-30 02:36 -------- d-----w- c:\programdata\McAfee
2010-01-30 02:12 . 2010-01-30 02:10 -------- d-----w- c:\program files\SpywareBlaster
2010-01-28 10:12 . 2010-01-28 10:06 -------- d-----w- c:\programdata\Comodo
2010-01-28 10:06 . 2010-01-28 10:06 -------- d-----w- c:\program files\COMODO
2010-01-27 23:24 . 2010-01-16 05:23 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 23:24 . 2010-01-16 05:23 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-27 23:24 . 2010-01-16 05:23 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 23:24 . 2010-01-16 05:23 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-27 23:24 . 2010-01-16 05:23 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-23 05:49 . 2009-06-25 06:06 -------- d-----w- c:\program files\a-squared Free
2010-01-20 06:41 . 2010-01-20 06:41 -------- d-----w- c:\program files\Sophos
2010-01-18 21:23 . 2010-01-18 21:23 0 ----a-w- c:\windows\system32\settings.dat
2010-01-16 05:24 . 2010-01-16 05:20 -------- d-----w- c:\programdata\Lavasoft
2010-01-16 05:21 . 2010-01-16 05:21 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-16 05:20 . 2010-01-16 05:20 -------- d-----w- c:\program files\Lavasoft
2010-01-16 02:18 . 2010-01-06 05:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 02:18 . 2010-01-16 02:18 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-14 17:12 . 2009-10-10 02:58 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 09:51 . 2010-01-11 08:10 82 ----a-w- c:\users\hell nawl\AppData\Roaming\wklnhst.dat
2010-01-11 08:11 . 2010-01-11 08:11 -------- d-----w- c:\users\hell nawl\AppData\Roaming\Template
2010-01-11 05:22 . 2010-01-08 10:04 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-07 22:07 . 2010-01-06 05:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-06 05:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 00:32 . 2010-01-03 00:32 46375 ----a-w- c:\windows\Junction1.zip
2010-01-02 16:44 . 2010-01-02 16:46 95616 ----a-w- C:\junction.exe
2010-01-02 16:44 . 2010-01-02 16:44 46375 ----a-w- c:\windows\Junction.zip
2009-12-28 12:36 . 2010-02-10 04:03 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 04:03 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34 . 2010-02-10 04:03 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34 . 2010-02-10 04:03 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34 . 2010-02-10 04:03 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34 . 2010-02-10 04:03 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33 . 2010-02-10 04:03 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32 . 2010-02-10 04:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30 . 2010-02-10 04:03 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30 . 2010-02-10 04:03 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-18 12:52 . 2010-01-23 04:02 832512 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 12:48 . 2010-01-23 04:02 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48 . 2010-01-23 04:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:48 . 2010-01-23 04:02 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-12-18 12:46 . 2010-01-23 04:02 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18 . 2010-01-23 04:02 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45 . 2010-01-23 04:02 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-12-16 20:52 . 2009-08-08 12:18 81984 ----a-w- c:\windows\system32\bdod.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-30 1800464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\hell nawl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-11-06 09:05 106496 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2006-11-28 22:42 46704 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-11-06 09:02 98304 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-11-06 09:02 81920 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-11 130960]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R3 aswArKrn;aswArKrn;c:\users\HELLNA~1\AppData\Local\Temp\aswArKrn.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\96D5.tmp [2009-06-18 6144]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R4 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2009-10-10 1858144]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-01-27 1181328]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-01-30 29520]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-26 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:24]

2010-01-26 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:24]

2010-01-26 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:24]

2010-01-26 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:24]

2010-01-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:24]

2010-01-30 c:\windows\Tasks\Secunia PSI Logon Task.job
- c:\program files\Secunia\PSI\psi.exe [2009-08-21 08:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uLocal Page = hxxp://www.att.net
mStart Page = hxxp://www.att.net
mLocal Page = hxxp://www.att.net
TCP: {1F9F0BB6-4FC7-4150-9016-5A2A785E4C10} = 156.154.70.22,156.154.71.22
TCP: {9EDF7608-C171-40B2-BB6D-40EF62583E78} = 156.154.70.22,156.154.71.22
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-11 22:28
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\96D5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-11 22:36:00
ComboFix-quarantined-files.txt 2010-03-12 04:35

Pre-Run: 53,360,369,664 bytes free
Post-Run: 53,425,995,776 bytes free

- - End Of File - - 6407D2E054E7618602BC572DCF3388F3

This report ran kind of sluggish to me. It kept saying need administrator rights to perform this command. Which I was in safe mode with networking. I can't run any spyware reports in normal computer is toooooooo slow for that.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users