Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop Computer is Acting Strange


  • This topic is locked This topic is locked
98 replies to this topic

#1 kymberly

kymberly

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 04 April 2010 - 05:19 PM



Avira AntiVir Personal
Report file date: Sunday, April 04, 2010 14:32

Scanning for 1955003 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (plain) [6.0.6000]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SHOELOVER

Version information:
BUILD.DAT : 10.0.0.561 32098 Bytes 3/18/2010 15:46:00
AVSCAN.EXE : 10.0.2.3 433832 Bytes 3/8/2010 00:57:10
AVSCAN.DLL : 10.0.2.2 45928 Bytes 3/2/2010 19:48:47
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 01:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 23:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 18:29:03
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 18:29:03
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 18:29:03
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 18:29:03
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 18:29:03
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 18:29:03
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 18:29:03
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 18:29:03
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 18:29:03
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 22:43:21
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 22:24:21
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 00:41:40
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 16:25:53
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 16:39:58
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 20:01:24
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 21:26:33
VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 21:26:34
VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 21:26:35
VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 21:26:36
VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 21:26:38
VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 21:26:40
VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 21:26:41
VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 21:26:42
VBASE027.VDF : 7.10.6.19 2048 Bytes 4/1/2010 21:26:43
VBASE028.VDF : 7.10.6.20 2048 Bytes 4/1/2010 21:26:43
VBASE029.VDF : 7.10.6.21 2048 Bytes 4/1/2010 21:26:43
VBASE030.VDF : 7.10.6.22 2048 Bytes 4/1/2010 21:26:43
VBASE031.VDF : 7.10.6.24 27136 Bytes 4/3/2010 21:26:44
Engineversion : 8.2.1.210
AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 19:16:21
AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/4/2010 21:27:03
AESCN.DLL : 8.1.5.0 127347 Bytes 2/26/2010 01:38:41
AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 18:09:47
AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 18:09:47
AEPACK.DLL : 8.2.1.1 426358 Bytes 4/4/2010 21:26:57
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 18:09:46
AEHEUR.DLL : 8.1.1.16 2503031 Bytes 4/4/2010 21:26:56
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/4/2010 21:26:49
AEGEN.DLL : 8.1.3.6 373108 Bytes 4/4/2010 21:26:48
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 16:04:22
AECORE.DLL : 8.1.13.1 188790 Bytes 4/4/2010 21:26:47
AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 19:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 19:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 23:47:40
AVREG.DLL : 10.0.1.2 52072 Bytes 1/29/2010 18:47:41
AVSCPLR.DLL : 10.0.2.3 83304 Bytes 3/8/2010 01:02:30
AVARKT.DLL : 10.0.0.13 227176 Bytes 3/8/2010 00:48:41
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 16:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.46.0 97128 Bytes 3/5/2010 17:09:41

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, April 04, 2010 14:32

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot17\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000007\00000000\type
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot17\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000007\00000000\data
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot17\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000008\00000000\type
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot17\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000008\00000000\data
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'iexplore.exe' - '130' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '80' Module(s) have been scanned
Scan process 'FlashUtil10e.exe' - '30' Module(s) have been scanned
Scan process 'avgnt.exe' - '50' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '64' Module(s) have been scanned
Scan process 'xaudio.exe' - '14' Module(s) have been scanned
Scan process 'wuauclt.exe' - '41' Module(s) have been scanned
Scan process 'iexplore.exe' - '135' Module(s) have been scanned
Scan process 'ieuser.exe' - '91' Module(s) have been scanned
Scan process 'mcnasvc.exe' - '96' Module(s) have been scanned
Scan process 'mcsysmon.exe' - '65' Module(s) have been scanned
Scan process 'mobsync.exe' - '36' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '28' Module(s) have been scanned
Scan process 'mcmscsvc.exe' - '89' Module(s) have been scanned
Scan process 'HPAdvisor.exe' - '128' Module(s) have been scanned
Scan process 'mcagent.exe' - '80' Module(s) have been scanned
Scan process 'Explorer.EXE' - '140' Module(s) have been scanned
Scan process 'taskeng.exe' - '78' Module(s) have been scanned
Scan process 'Dwm.exe' - '38' Module(s) have been scanned
Scan process 'taskeng.exe' - '48' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '9' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'MPFSrv.exe' - '74' Module(s) have been scanned
Scan process 'mcshield.exe' - '85' Module(s) have been scanned
Scan process 'mcproxy.exe' - '48' Module(s) have been scanned
Scan process 'rundll32.exe' - '27' Module(s) have been scanned
Scan process 'McSACore.exe' - '75' Module(s) have been scanned
Scan process 'lxcycoms.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '83' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '154' Module(s) have been scanned
Scan process 'svchost.exe' - '113' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '339' files ).


Starting the file scan:

Begin scan in 'C:\' <COMPAQ>
Begin scan in 'D:\' <Recovery>


End of the scan: Sunday, April 04, 2010 15:13
Used time: 41:33 Minute(s)

The scan has been done completely.

9795 Scanned directories
256227 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
256227 Files not concerned
2720 Archives were scanned
0 Warnings
0 Notes
280804 Objects were scanned with rootkit scan
4 Hidden objects were found



BC AdBot (Login to Remove)

 


#2 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 07 April 2010 - 03:35 PM

Files that I got concern about:
1. FlashUtil10e.exe
2. C:\Windows\system32\getuname.dll
3.C:\hp\HPQWARE\DTSHORTCUTS

Computer is very slow and takes at least 3-5 mintutes to get from one screen to the next!!!

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:41 AM

Posted 08 April 2010 - 11:29 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 09 April 2010 - 05:06 PM

I was able to run the reports that you gave me but there was a big problem. I kept getting the blue screen of death and now I cant access the internet at all. I have to use another computer so please bare with me. My internet service was working fine until I ran the reports. I am trying to see what happen! I will be checking back for further instructions. I cant post the reports either!

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:41 AM

Posted 10 April 2010 - 04:16 AM

Are you able to copy the logfiles to a flash drive and post it here?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 12 April 2010 - 08:55 AM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Me & the Kids at 16:57:18.11 on Thu 04/08/2010
Internet Explorer: 7.0.6000.16386
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1143 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\mobsync.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Me & the Kids\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 385536]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-4 60936]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-4 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-4 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-4-4 40552]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-4-4 34248]

=============== Created Last 30 ================

2010-04-08 23:46:48 274432 ----a-w- c:\windows\system32\raschap.dll
2010-04-08 23:46:47 232960 ----a-w- c:\windows\system32\rastls.dll
2010-04-08 23:44:39 321536 ----a-w- c:\windows\system32\WSDApi.dll
2010-04-08 23:41:34 2026496 ----a-w- c:\windows\system32\win32k.sys
2010-04-08 23:41:33 633856 ----a-w- c:\windows\system32\user32.dll
2010-04-08 17:51:56 750080 ----a-w- c:\windows\system32\qmgr.dll
2010-04-08 17:51:10 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-04-08 17:49:31 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-08 17:49:28 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-04-08 17:49:27 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-04-08 17:49:27 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-04-08 17:49:22 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-04-08 17:44:51 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-08 17:44:51 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-08 17:44:51 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-07 22:05:16 0 d-sh--w- C:\$RECYCLE.BIN
2010-04-07 20:46:13 77312 ----a-w- c:\windows\MBR.exe
2010-04-07 20:46:12 98816 ----a-w- c:\windows\sed.exe
2010-04-07 20:46:12 261632 ----a-w- c:\windows\PEV.exe
2010-04-07 20:46:12 161792 ----a-w- c:\windows\SWREG.exe
2010-04-07 20:45:57 0 d-----w- c:\program files\Lexmark Fax Solutions
2010-04-07 20:45:04 0 d-----w- c:\program files\Lexmark 3400 Series
2010-04-04 21:25:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-04 21:25:06 0 d-----w- c:\programdata\Avira
2010-04-04 21:25:06 0 d-----w- c:\program files\Avira
2010-04-04 19:56:18 1877 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_GC660AA-ABA SR5123WM_YC_0Pres_QCNX719_E73NAv3PrA1_49_INettle2_SECS_V1.0_B5.07_T070404_WUH0_L409_M1918_J320_7AMD_8Athlon 64 X2 Dual Core_92.1_#100404_N10DE03EF_Z14F12F20_G10DE03D0.MRK
2010-04-04 19:40:55 44 ----a-w- c:\windows\system\hpsysdrv.dat
2010-04-04 19:09:05 323584 ----a-w- c:\windows\system32\lxcyhcp.dll
2010-04-04 19:08:59 385712 ----a-w- c:\windows\system32\lxcyih.exe
2010-04-04 19:04:35 6426 ----a-w- c:\windows\system32\Config.MPF
2010-04-04 19:04:03 0 d-----w- c:\programdata\SiteAdvisor
2010-04-04 19:03:19 0 d-----w- c:\users\me&the~1\appdata\roaming\Malwarebytes
2010-04-04 19:03:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-04 19:03:07 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-04 19:03:07 0 d-----w- c:\programdata\Malwarebytes
2010-04-04 19:03:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-04 19:01:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-04 19:01:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-04-04 19:01:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-04 19:01:47 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-04-04 19:01:14 0 d-----w- c:\program files\common files\McAfee
2010-04-04 19:01:13 0 d-----w- c:\program files\McAfee.com
2010-04-04 19:01:10 0 d-----w- c:\program files\McAfee
2010-04-04 18:58:19 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-04-04 18:44:05 0 d-----w- c:\program files\VS Revo Group
2010-04-04 18:36:59 0 d-----w- c:\programdata\McAfee
2010-04-04 18:28:59 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-04-04 18:27:25 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-04-04 18:27:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-04-04 09:49:22 0 d-----w- c:\programdata\Hewlett-Packard
2010-04-04 09:45:33 0 d-----w- c:\windows\SMINST
2010-04-04 09:39:57 0 d-----w- c:\programdata\Symantec
2010-04-04 09:39:44 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-04 09:38:28 0 d-----w- c:\program files\Yahoo!
2010-04-04 09:36:43 0 d-----w- c:\program files\Online Services
2010-04-04 09:34:18 0 d-----w- c:\programdata\PC-Doctor
2010-04-04 09:33:52 0 d-----w- c:\program files\PC-Doctor 5 for Windows
2010-04-04 09:31:29 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-04 09:29:31 0 d-----w- c:\programdata\Microsoft Help
2010-04-04 09:27:00 0 d-----w- c:\programdata\Adobe
2010-04-04 09:25:53 0 d-----w- c:\program files\muvee Technologies
2010-04-04 09:25:53 0 d-----w- c:\program files\common files\muvee Technologies
2010-04-04 09:25:52 0 d-----w- c:\programdata\muvee Technologies
2010-04-04 09:25:25 0 d-----w- c:\program files\common files\xing shared
2010-04-04 09:25:17 0 d-----w- c:\program files\common files\Real
2010-04-04 09:24:27 0 d-----w- c:\program files\Rhapsody
2010-04-04 09:23:46 0 d---a-w- c:\program files\common files\LS Getting Started
2010-04-04 09:23:37 0 d-----w- c:\program files\common files\SureThing Shared
2010-04-04 09:22:25 0 d-----w- c:\programdata\Sonic
2010-04-04 09:22:06 0 d-----w- c:\program files\common files\PX Storage Engine
2010-04-04 09:21:36 0 d-----w- c:\programdata\Roxio
2010-04-04 09:21:36 0 d-----w- c:\program files\common files\Sonic Shared
2010-04-04 09:21:35 0 d-----w- c:\program files\Roxio
2010-04-04 09:15:31 0 d-----w- c:\program files\HP
2010-04-04 09:14:59 103521 ----a-w- c:\windows\hpqins13.dat
2010-04-04 09:14:56 0 d-----w- c:\programdata\HP
2010-04-04 09:09:56 0 d-----w- c:\programdata\WildTangent
2010-04-04 09:05:11 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-04-04 09:05:09 520192 ----a-w- c:\windows\RtlExUpd.dll
2010-04-04 09:05:09 315392 ----a-w- c:\windows\HideWin.exe
2010-04-04 09:05:09 0 d-----w- c:\program files\Realtek
2010-04-04 09:04:58 0 d-----w- c:\windows\system32\RTCOM
2010-04-04 09:04:44 532480 ----a-w- c:\windows\system32\RTSndMgr.cpl
2010-04-04 09:04:44 494080 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-04-04 09:04:44 339968 ----a-w- c:\windows\system32\SRSTSXT.dll
2010-04-04 09:04:44 1840640 ----a-w- c:\windows\system32\RtkAPO.dll
2010-04-04 09:04:44 1744928 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-04-04 09:04:44 135168 ----a-w- c:\windows\system32\SRSWOW.dll
2010-04-04 09:04:44 1191936 ----a-w- c:\windows\RtlUpd.exe
2010-04-04 09:04:43 4390912 ----a-w- c:\windows\RtHDVCpl.exe
2010-04-04 09:01:43 146944 ----a-w- c:\windows\system32\MMDevAPI.dll
2010-04-04 09:01:24 84480 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-04-04 09:01:24 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-04-04 09:00:27 135680 ----a-w- c:\windows\system32\wusa.exe
2010-04-04 09:00:07 974336 ----a-w- c:\windows\system32\crypt32.dll
2010-04-04 08:59:48 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-04-04 08:59:27 74752 ----a-w- c:\windows\system32\drivers\rasl2tp.sys
2010-04-04 08:59:27 60928 ----a-w- c:\windows\system32\drivers\raspptp.sys
2010-04-04 08:58:50 229888 ----a-w- c:\windows\system32\msshsq.dll
2010-04-04 08:58:29 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-04-04 08:58:29 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-04-04 08:58:29 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-04-04 08:58:29 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-04-04 08:58:29 218624 ----a-w- c:\windows\system32\psisrndr.ax
2010-04-04 08:56:51 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-04-04 08:56:51 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-04-04 08:56:51 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-04-04 08:56:51 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-04-04 08:56:51 223744 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-04-04 08:56:51 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-04-04 08:56:51 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-04-04 08:56:17 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2010-04-04 08:55:58 61440 ------w- c:\windows\system32\OsdRemove.exe
2010-04-04 08:55:13 48760 ----a-w- c:\windows\system32\RUNCLOSE.OCX
2010-04-04 08:55:13 19072 ----a-w- c:\windows\system32\drivers\PS2.sys
2010-04-04 08:54:33 253952 ----a-w- c:\windows\system32\cPC_DMIRD.dll
2010-04-04 08:52:38 327680 ----a-w- c:\windows\system32\pythoncom24.dll
2010-04-04 08:52:38 102400 ----a-w- c:\windows\system32\pywintypes24.dll
2010-04-04 08:52:20 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-04 08:52:19 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-04-04 08:51:57 0 d-sh--w- c:\windows\Installer
2010-04-04 08:43:48 0 d-----w- c:\program files\CONEXANT
2010-04-04 08:39:21 0 d-----w- C:\hp
2010-04-04 08:39:12 94208 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-04-04 08:39:12 172032 ----a-w- c:\windows\system32\UCI32m15.dll
2010-04-04 08:39:12 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-04-04 08:39:07 255488 ----a-w- c:\windows\system32\drivers\netr73.sys
2010-04-04 08:38:52 352768 ----a-w- c:\windows\system32\idecoiins.dll
2010-04-04 08:38:52 352768 ----a-w- c:\windows\system32\idecoi.dll
2010-04-04 08:38:52 101672 ----a-w- c:\windows\system32\drivers\nvstor32.sys
2010-04-04 08:38:42 0 d-----w- c:\windows\system32\OEM
2010-04-04 08:38:42 0 d-----w- c:\windows\Panther
2010-04-04 08:38:28 8192 --s-a-r- C:\BOOTSECT.BAK
2010-04-04 08:38:27 438840 --sha-r- C:\bootmgr
2010-04-04 08:38:26 0 d-----w- C:\Boot

==================== Find3M ====================

2010-04-08 17:42:37 16710176 ----a-w- c:\windows\fonts\meiryo.ttc
2010-04-08 17:42:32 17159388 ----a-w- c:\windows\fonts\meiryob.ttc
2010-04-04 21:12:57 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-04 21:12:57 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-04 21:12:54 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-04 09:07:28 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-04 09:02:35 4153344 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-04 09:02:35 1686016 ----a-w- c:\windows\system32\gameux.dll
2010-04-04 09:02:04 414208 ----a-w- c:\windows\system32\msscp.dll
2010-04-04 09:01:05 356576 ----a-w- c:\windows\fonts\monbaiti.ttf
2010-04-04 08:59:08 160872 ----a-w- c:\windows\system32\halmacpi.dll
2010-04-04 08:59:08 134760 ----a-w- c:\windows\system32\halacpi.dll
2006-11-02 12:50:50 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:01:33.22 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/4/2010 1:48:16 AM
System Uptime: 4/8/2010 4:51:15 PM (1 hours ago)

Motherboard: ECS | | Nettle2
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+ | Socket M2 | 2100/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 289 GiB total, 265.825 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.007 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: 3400 Series
Device ID: USB\VID_043D&PID_00F6&MI_00\6&1510ED7D&0&0000
Manufacturer:
Name: 3400 Series
PNP Device ID: USB\VID_043D&PID_00F6&MI_00\6&1510ED7D&0&0000
Service:

==== System Restore Points ===================


==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Avira AntiVir Personal - Free Antivirus
Enhanced Multimedia Keyboard Solution
Hardware Diagnostic Tools
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Total Care Advisor
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
NVIDIA Drivers
Python 2.4.3
RealPlayer
Realtek High Definition Audio Driver
Revo Uninstaller 1.85
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Soft Data Fax Modem with SmartCP

==== End Of File ===========================




#7 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 12 April 2010 - 09:01 AM

GMER report wont upload its too large! Any other methods of loading!!

ComboFix 10-04-06.05 - Me & the Kids 04/07/2010 14:01:11.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1918.1527 [GMT -7:00]
Running from: c:\users\Ma Toot\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3211010432-1296711987-4061410187-500

.
((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-07 21:04 . 2010-04-07 21:05 -------- d-----w- c:\users\Me & the Kids\AppData\Local\temp
2010-04-07 21:04 . 2010-04-07 21:04 -------- d-----w- c:\users\Ma Toot\AppData\Local\temp
2010-04-07 21:04 . 2010-04-07 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-07 21:00 . 2010-04-07 21:00 -------- d-----w- C:\32788R22FWJFW
2010-04-07 20:45 . 2010-04-07 20:46 -------- d-----w- c:\program files\Lexmark Fax Solutions
2010-04-07 20:45 . 2010-04-07 20:45 -------- d-----w- c:\program files\Lexmark 3400 Series
2010-04-04 22:54 . 2010-04-04 22:54 -------- d-----w- c:\users\Ma Toot\AppData\Roaming\Malwarebytes
2010-04-04 21:28 . 2010-04-04 21:28 -------- d-----w- c:\users\Ma Toot\AppData\Roaming\Avira
2010-04-04 21:25 . 2010-03-01 16:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-04 21:25 . 2010-02-16 20:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-04 21:25 . 2009-05-11 18:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-04 21:25 . 2009-05-11 18:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-04 21:25 . 2010-04-04 21:25 -------- d-----w- c:\programdata\Avira
2010-04-04 21:25 . 2010-04-04 21:25 -------- d-----w- c:\program files\Avira
2010-04-04 20:23 . 2010-04-04 20:23 -------- d-----w- c:\users\Ma Toot\AppData\Roaming\Hewlett-Packard
2010-04-04 20:23 . 2010-04-04 20:23 -------- d-----w- c:\users\Ma Toot\AppData\Local\Hewlett-Packard
2010-04-04 20:22 . 2010-04-04 20:22 86488 ----a-w- c:\users\Ma Toot\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-04 20:12 . 2007-01-12 16:29 1126400 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-04-04 20:12 . 2007-01-12 16:36 1089536 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.exe
2010-04-04 20:01 . 2010-04-04 20:01 -------- d-----w- c:\users\Me & the Kids\AppData\Local\Seven Zip
2010-04-04 19:43 . 2010-04-04 19:43 -------- d-----w- c:\users\Me & the Kids\AppData\Local\Hewlett-Packard
2010-04-04 19:42 . 2010-04-04 19:42 92472 ----a-w- c:\users\Me & the Kids\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-04 19:42 . 2010-04-04 19:42 -------- d-----w- c:\users\Me & the Kids\AppData\Roaming\Snapfish
2010-04-04 19:42 . 2010-04-04 19:42 -------- d-----w- c:\users\Me & the Kids\AppData\Local\VirtualStore
2010-04-04 19:40 . 2010-04-04 19:40 44 ----a-w- c:\windows\system\hpsysdrv.dat
2010-04-04 19:39 . 2010-04-04 19:58 -------- d-----w- c:\users\Me & the Kids\AppData\Roaming\Hewlett-Packard
2010-04-04 19:08 . 2007-06-20 10:28 385712 ----a-w- c:\windows\system32\lxcyih.exe
2010-04-04 19:08 . 2007-05-17 11:24 176128 ----a-w- c:\windows\system32\lxcyins.dll
2010-04-04 19:08 . 2007-04-04 15:18 696320 ----a-w- c:\windows\system32\lxcyhbn3.dll
2010-04-04 19:08 . 2006-05-09 21:15 983107 ----a-w- c:\windows\system32\lxcygf.dll
2010-04-04 19:08 . 2007-05-17 11:27 36864 ----a-w- c:\windows\system32\lxcycur.dll
2010-04-04 19:08 . 2007-05-17 11:24 86016 ----a-w- c:\windows\system32\lxcycub.dll
2010-04-04 19:08 . 2007-05-17 11:24 77824 ----a-w- c:\windows\system32\lxcycu.dll
2010-04-04 19:08 . 2007-06-20 10:28 537264 ----a-w- c:\windows\system32\lxcycoms.exe
2010-04-04 19:08 . 2007-04-04 15:34 421888 ----a-w- c:\windows\system32\lxcycomm.dll
2010-04-04 19:08 . 2007-06-20 10:28 381616 ----a-w- c:\windows\system32\lxcycfg.exe
2010-04-04 19:08 . 2007-04-04 15:28 684032 ----a-w- c:\windows\system32\lxcycomc.dll
2010-04-04 19:08 . 2006-09-06 10:17 77824 ----a-w- c:\windows\system32\lxcycfg.dll
2010-04-04 19:04 . 2010-04-04 19:04 -------- d-----w- c:\programdata\SiteAdvisor
2010-04-04 19:03 . 2010-04-04 19:03 -------- d-----w- c:\users\Me & the Kids\AppData\Roaming\Malwarebytes
2010-04-04 19:03 . 2010-03-29 22:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-04 19:03 . 2010-04-04 19:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-04 19:03 . 2010-04-04 19:03 -------- d-----w- c:\programdata\Malwarebytes
2010-04-04 19:03 . 2010-03-29 22:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-04 19:01 . 2010-02-17 23:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-04 19:01 . 2010-02-17 23:52 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-04-04 19:01 . 2010-02-17 23:52 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-04 19:01 . 2009-07-16 19:32 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-04-04 19:01 . 2010-04-04 19:01 -------- d-----w- c:\program files\Common Files\McAfee
2010-04-04 19:01 . 2010-04-04 19:01 -------- d-----w- c:\program files\McAfee.com
2010-04-04 19:01 . 2010-04-07 19:29 -------- d-----w- c:\program files\McAfee
2010-04-04 18:58 . 2010-02-17 23:52 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-04-04 18:44 . 2010-04-04 21:01 -------- d-----w- c:\program files\VS Revo Group
2010-04-04 18:36 . 2010-04-04 19:04 -------- d-----w- c:\programdata\McAfee
2010-04-04 18:28 . 2010-04-04 18:28 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-04-04 18:28 . 2010-04-04 18:28 44768 ----a-w- c:\windows\system32\wups2.dll
2010-04-04 18:28 . 2010-04-04 18:28 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-04-04 18:28 . 2010-04-04 18:28 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-04-04 18:27 . 2010-04-04 18:27 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-04-04 18:27 . 2010-04-04 18:27 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-04-04 09:49 . 2010-04-04 19:58 -------- d-----w- c:\programdata\Hewlett-Packard
2010-04-04 09:45 . 2010-04-07 20:45 -------- d-----w- c:\windows\SMINST
2010-04-04 09:39 . 2010-04-04 18:50 -------- d-----w- c:\programdata\Symantec
2010-04-04 09:39 . 2010-04-04 18:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-04 09:38 . 2010-04-04 20:00 -------- d-----w- c:\program files\Yahoo!
2010-04-04 09:34 . 2010-04-04 09:34 -------- d-----w- c:\programdata\PC-Doctor
2010-04-04 09:33 . 2010-04-04 09:48 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2010-04-04 09:31 . 2006-10-27 02:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-04-04 09:31 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-04 09:29 . 2010-04-04 20:11 -------- d-----w- c:\programdata\Microsoft Help
2010-04-04 09:26 . 2010-04-04 09:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-04 09:25 . 2010-04-04 20:04 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-04-04 09:25 . 2010-04-04 09:25 -------- d-----w- c:\program files\muvee Technologies
2010-04-04 09:25 . 2010-04-04 09:25 -------- d-----w- c:\programdata\muvee Technologies
2010-04-04 09:25 . 2010-04-04 09:25 -------- d-----w- c:\program files\Common Files\xing shared
2010-04-04 09:25 . 2010-04-04 09:25 -------- d-----w- c:\program files\Common Files\Real
2010-04-04 09:24 . 2010-04-04 09:25 -------- d-----w- c:\program files\Real
2010-04-04 09:24 . 2010-04-04 09:24 -------- d-----w- c:\program files\Rhapsody
2010-04-04 09:23 . 2010-04-04 09:23 -------- d---a-w- c:\program files\Common Files\LS Getting Started
2010-04-04 09:23 . 2010-04-04 18:54 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-04-04 09:23 . 2010-04-04 09:23 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-04-04 09:22 . 2010-04-04 09:22 -------- d-----w- c:\programdata\Sonic
2010-04-04 09:22 . 2010-04-04 09:22 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-04 09:21 . 2010-04-04 09:23 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-04-04 09:21 . 2010-04-04 09:21 -------- d-----w- c:\programdata\Roxio
2010-04-04 09:21 . 2010-04-04 09:23 -------- d-----w- c:\program files\Roxio
2010-04-04 09:21 . 2010-04-04 09:22 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-04 09:15 . 2010-04-04 20:00 -------- d-----w- c:\program files\HP
2010-04-04 09:14 . 2010-04-04 09:16 103521 ----a-w- c:\windows\hpqins13.dat
2010-04-04 09:14 . 2010-04-04 20:13 -------- d-----w- c:\programdata\HP
2010-04-04 09:14 . 2007-01-03 13:31 4779376 ----a-w- c:\programdata\WildTangent\oem-eula.exe
2010-04-04 09:09 . 2010-04-04 19:42 -------- d-----w- c:\programdata\WildTangent
2010-04-04 09:09 . 2010-04-04 21:26 -------- d-----w- c:\windows\system32\Macromed
2010-04-04 09:05 . 2010-04-04 09:05 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-04-04 09:05 . 2010-04-04 20:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-04 09:05 . 2010-04-04 09:05 315392 ----a-w- c:\windows\HideWin.exe
2010-04-04 09:05 . 2010-04-04 09:05 -------- d-----w- c:\program files\Realtek
2010-04-04 09:05 . 2007-01-12 16:54 520192 ----a-w- c:\windows\RtlExUpd.dll
2010-04-04 09:05 . 2010-04-04 09:16 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-04 09:04 . 2010-04-04 09:05 -------- d-----w- c:\windows\system32\RTCOM
2010-04-04 09:04 . 2007-03-01 16:21 1744928 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-04-04 09:04 . 2007-03-01 14:30 1840640 ----a-w- c:\windows\system32\RtkAPO.dll
2010-04-04 09:04 . 2007-02-06 14:55 494080 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-04-04 09:04 . 2007-01-16 10:39 1191936 ----a-w- c:\windows\RtlUpd.exe
2010-04-04 09:04 . 2006-12-13 10:30 339968 ----a-w- c:\windows\system32\SRSTSXT.dll
2010-04-04 09:04 . 2006-11-29 18:47 135168 ----a-w- c:\windows\system32\SRSWOW.dll
2010-04-04 09:04 . 2007-03-01 15:38 4390912 ----a-w- c:\windows\RtHDVCpl.exe
2010-04-04 09:01 . 2010-04-04 09:01 146944 ----a-w- c:\windows\system32\MMDevAPI.dll
2010-04-04 09:01 . 2010-04-04 09:01 84480 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-04-04 09:01 . 2010-04-04 09:01 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-04-04 09:00 . 2010-04-04 09:00 135680 ----a-w- c:\windows\system32\wusa.exe
2010-04-04 09:00 . 2010-04-04 09:00 974336 ----a-w- c:\windows\system32\crypt32.dll
2010-04-04 08:59 . 2010-04-04 08:59 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-04-04 08:59 . 2010-04-04 08:59 74752 ----a-w- c:\windows\system32\drivers\rasl2tp.sys
2010-04-04 08:59 . 2010-04-04 08:59 60928 ----a-w- c:\windows\system32\drivers\raspptp.sys
2010-04-04 08:58 . 2010-04-04 08:58 229888 ----a-w- c:\windows\system32\msshsq.dll
2010-04-04 08:58 . 2010-04-04 08:58 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-04-04 08:56 . 2010-04-04 08:56 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-04-04 08:56 . 2010-04-04 08:56 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-04-04 08:56 . 2010-04-04 08:56 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-04-04 08:56 . 2010-04-04 08:56 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-04-04 08:56 . 2010-04-04 08:56 223744 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-04-04 08:56 . 2010-04-04 08:56 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2010-04-04 08:56 . 2010-04-04 08:56 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-04-04 08:56 . 2010-04-04 08:56 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 19:56 . 2010-04-04 19:56 1877 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_GC660AA-ABA SR5123WM_YC_0Pres_QCNX719_E73NAv3PrA1_49_INettle2_SECS_V1.0_B5.07_T070404_WUH0_L409_M1918_J320_7AMD_8Athlon 64 X2 Dual Core_92.1_#100404_N10DE03EF_Z14F12F20_G10DE03D0.MRK
2010-04-04 09:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-04 09:02 . 2010-04-04 09:02 537600 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-04 09:02 . 2010-04-04 09:02 449024 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-04 09:02 . 2010-04-04 09:02 2560 ----a-w- c:\windows\AppPatch\AcRes.dll
2010-04-04 09:02 . 2010-04-04 09:02 2143744 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-04 09:02 . 2010-04-04 09:02 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-04 09:02 . 2010-04-04 09:02 4153344 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-04 09:02 . 2010-04-04 09:02 1686016 ----a-w- c:\windows\system32\gameux.dll
2010-04-04 09:02 . 2010-04-04 09:02 414208 ----a-w- c:\windows\system32\msscp.dll
2010-04-04 08:59 . 2006-11-02 08:30 134760 ----a-w- c:\windows\system32\halacpi.dll
2010-04-04 08:59 . 2006-11-02 08:30 160872 ----a-w- c:\windows\system32\halmacpi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R3 netr73;Amigo RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-01-04 255488]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
.
Contents of the 'Scheduled Tasks' folder

2010-04-04 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-04 19:22]

2010-04-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-04 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 14:05
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\ME&THE~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-07 14:06:15
ComboFix-quarantined-files.txt 2010-04-07 21:06

Pre-Run: 290,369,171,456 bytes free
Post-Run: 290,370,215,936 bytes free

- - End Of File - - E2B735ED6B577E785F06D73F754908DB

Ok, I had combofix on y desktop and ran it while in the midst of all this confusion on my system and this is what it deleted. I know this was not one of your report you ask for but I am attending school and tried everything possible to get this to work!! This computer is crazy!! Please inform me on how to get the GMER report to you!!

I also believe that I have some hijacking of the internet and networking issues!!

Edited by kymberly, 12 April 2010 - 09:07 AM.


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:41 AM

Posted 13 April 2010 - 12:50 PM

Hi,

Please send it at schrauber(at)hijackthis.de
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 13 April 2010 - 03:34 PM

The first time I tried uploading on hijackthis.de it let me select from the browse and then paste that way, but it never took because it said error. Then i tried copy and paste it just stalled. So out got out of the page and reload the page again. It wouldn't come up at all. Kept getting 504 gateway timeout! So how do I get this to you??? Computer allows me to do perform only at limited amount of duties! I have Avira AntiVir and I noticed that it keeps disabling and enabling itself at all times, especially during start up its disable and then pops up and then it does it again. After I start my computer I dont get the login screen. I am getting a pitch black screen then about 3-4 minutes I am ask to logon with password. After logging on I immediately get "Please wait, then maybe after a minute or so here comes the same ole "Configuring Updates". I don't understand this to save my life I havent dowload any updates or installed anyupdates. Most of the updates either failed or were cancelled. Cancelled by who I dont know!! Microsoft.net framework service pack 1 and .net framework 3.5 family update(KB951847)x86 was cancelled. (Not sure why) I have never been able to download service pack 1 on this computer let alone service pack 2. Something is wrong with this pitch blacl screen.

Edited by kymberly, 13 April 2010 - 10:59 PM.


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:41 AM

Posted 14 April 2010 - 01:09 PM

When you save the gmer log as a textfile, how big is the file? How many KB?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 14 April 2010 - 08:10 PM

Ok, I right clicked on the gmer and this is what I got:

size 460kb (471,968) bytes

size on disk 464kb (475,136)bytes

This is what I am noticing the most about my computer! I am getting a fake windows update and it shuts the computer down when it gets ready! the suspect is wuauclt.exe and it goes the following:after a MS security-update for this little application shows a popup dialog which asks me to restart my computer. I press "restart later" but the f***** pop up window shows every 5 minutes. After killing the wuauclt process "s.o." starts it again only seconds later. after during a little research this is a trojan, i believe it because when i get off the internet the internet light is still going! It does this every day at least 3 times a day! What so weird about this is most of my updates are either failing or cancelled by who I dont know

Edited by kymberly, 15 April 2010 - 12:17 PM.


#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:06:41 AM

Posted 17 April 2010 - 02:08 AM

That is not too much, should work. Did you try to attach the file here in your post?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 17 April 2010 - 09:48 PM

I have tried and tried to post this gmer log! My computer is about to go out the ?&^%*&^ window! It will not let me upload saying that the file is too large. I dont understand that because it should have enough room to post! That's why I believe my computer has restrictions on what I can do! I had to split this report up into several small peices. Also another thing I am noticing I have bellsouth dsl and when i shut my computer down the internet light is still flashing like i am surfing the internet! Is it possible that my internet services has been hijack! That light is not supposed to be on like i am surfing????
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryObject [0x81DF7C1D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeys [0x81D3C4E7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeysEx [0x81D3C76B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPerformanceCounter [0x81E909B0]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x81D920E7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySection [0x81DE34F2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityObject [0x81DF470B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySemaphore [0x81E882FE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x81DEFF54]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x81E8A223]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x81E8A831]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformation [0x81E7FF73]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemTime [0x81E7AC06]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimer [0x81E8F913]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimerResolution [0x81E7AEEB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x81D3985A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVirtualMemory [0x81DE9273]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x81D9274E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThread [0x81E1A655]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseException [0x81C90400]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseHardError [0x81E87CB7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadFile [0x81D9302B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadFileScatter [0x81D936B7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadRequestData [0x81DBE4E9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadVirtualMemory [0x81DD6EEE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x81E1C3C5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseMutant [0x81E9028F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseSemaphore [0x81E88447]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletion [0x81D8B61B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveProcessDebug [0x81D761E1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRenameKey [0x81D3CAAB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplaceKey [0x81D3BD46]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyPort [0x81DBE5C3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePort [0x81DBE6C8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x81DBE6EF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReplyPort [0x81DBE92F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestPort [0x81DBE253]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWaitReplyPort [0x81DBE31C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWakeupLatency [0x81E0D95B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResetEvent [0x81E874F7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x81CE5127]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRestoreKey [0x81D39BB0]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResumeProcess [0x81E1D271]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResumeThread [0x81E1D130]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKey [0x81D39CCF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKeyEx [0x81D39DD6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveMergedKeys [0x81D39F21]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClearSavepointTransaction [0x81E579BB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSavepointTransaction [0x81E545A1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSecureConnectPort [0x81DBDBF9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetBootEntryOrder [0x81E8B91A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetBootOptions [0x81E8BE1C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetContextThread [0x81E1AC4B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDebugFilterState [0x81E9A87B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x81E88043]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultLocale [0x81E7ECAF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultUILanguage [0x81E7F995]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDriverEntryOrder [0x81E8C8BD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEaFile [0x81D9070D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEvent [0x81E875D6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEventBoostPriority [0x81E876BB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighEventPair [0x81E8FEA7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x81E8FDD9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationDebugObject [0x81D7684D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationFile [0x81D91555]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationJobObject [0x81E20763]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationKey [0x81D3B8E3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationObject [0x81DF82E7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationProcess [0x81E15C65]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationThread [0x81E183C7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationToken [0x81E5056F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetIntervalProfile [0x81E908D4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletion [0x81D8B5B4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLdtEntries [0x81E1EFF7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowEventPair [0x81E8FE44]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x81E8FD6E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetQuotaInformationFile [0x81D92739]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSecurityObject [0x81DF44F0]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x81E8A52F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValueEx [0x81E8AB57]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemInformation [0x81E829F3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemPowerState [0x81EC7BB4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemTime [0x81E7ACAA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetThreadExecutionState [0x81E0D82D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimer [0x81C794BF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerResolution [0x81E7AFCA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetUuidSeed [0x81E888EB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetValueKey [0x81D3A08B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetVolumeInformationFile [0x81D92C2F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownSystem [0x81E7A057]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x81C47951]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStartProfile [0x81E90642]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStopProfile [0x81E90813]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendProcess [0x81E1D213]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendThread [0x81E1D047]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSystemDebugControl [0x81E90B4F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateJobObject [0x81E21670]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateProcess [0x81E1B043]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateThread [0x81E1B497]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTestAlert [0x81E1D42E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwThawRegistry [0x81CD06E7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwThawTransactions [0x81C69250]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTraceEvent [0x81C6E91B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTraceControl [0x81E6DB67]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTranslateFilePath [0x81E8CACB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadDriver [0x81D98552]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey [0x81D3ABD4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey2 [0x81D3ABF3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKeyEx [0x81D3B219]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockFile [0x81D8F34F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockVirtualMemory [0x81C15D20]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnmapViewOfSection [0x81DE0BF0]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwVdmControl [0x81E5C76C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForDebugEvent [0x81D7642F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects [0x81DF514C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForSingleObject [0x81DF5027]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitHighEventPair [0x81E8FD05]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitLowEventPair [0x81E8FC9C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFile [0x81D93C33]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFileGather [0x81D9436B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteRequestData [0x81DBE556]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteVirtualMemory [0x81DD701B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwYieldExecution [0x81CB59C6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyedEvent [0x81E90F41]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyedEvent [0x81E91073]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseKeyedEvent [0x81E9114D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForKeyedEvent [0x81E91434]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPortInformationProcess [0x81E15902]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetCurrentProcessorNumber [0x81E18EEE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects32 [0x81DF525B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetNextProcess [0x81E1D964]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetNextThread [0x81E1DBD1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFileEx [0x81D8BF27]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelSynchronousIoFile [0x81D8C064]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletionEx [0x81D8B7B4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterProtocolAddressInformation [0x81C69663]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPullTransaction [0x81C69672]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMarshallTransaction [0x81C696AF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPropagationComplete [0x81C69687]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPropagationFailed [0x81C6969B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWorkerFactory [0x81E9171B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseWorkerFactoryWorker [0x81C79C2D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForWorkViaWorkerFactory [0x81C79CE4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationWorkerFactory [0x81C79FD7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationWorkerFactory [0x81C7A4A7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWorkerFactoryWorkerReady [0x81C7A72F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownWorkerFactory [0x81E919BE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThreadEx [0x81E23D84]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateUserProcess [0x81E2256F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryLicenseValue [0x81E7C753]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapCMFModule [0x81E92B75]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwIsUILanguageComitted [0x81E9354D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstallUILanguage [0x81E9356F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetMUIRegistryInfo [0x81E9317F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAcquireCMFViewOwnership [0x81E91B88]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x81D752D2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x81DED9DF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x81E870E8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x81E8FA91]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x81D8EC5E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x81D8B298]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x81E1F339]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x81E2210F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x81D37576]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyTransacted [0x81D375D9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x81D8ED8F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMutant [0x81E8FF0A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x81D8ECA1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePrivateNamespace [0x81DFA0B6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x81DE37EC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x81DBDB25]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x81E123B2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x81E123FD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x81E90403]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x81DD7703]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x81E880FF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x81DEFC6B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThread [0x81E11F31]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x81E8F6F1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x81E4CCED]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTransaction [0x81E53AC4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTransaction [0x81E53DD7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationTransaction [0x81E53FCF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationTransactionManager [0x81E56472]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrePrepareEnlistment [0x81E54E64]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrepareEnlistment [0x81E54DA3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCommitEnlistment [0x81E54F25]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadOnlyEnlistment [0x81E553A9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackComplete [0x81E55468]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackEnlistment [0x81E54FE6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCommitTransaction [0x81E544CF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackTransaction [0x81E54538]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrePrepareComplete [0x81E55168]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrepareComplete [0x81E550A7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCommitComplete [0x81E55229]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSinglePhaseReject [0x81E552EA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationTransaction [0x81E545B5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationTransactionManager [0x81E56879]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationResourceManager [0x81E55D36]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTransactionManager [0x81E55ED0]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTransactionManager [0x81E560E7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollforwardTransactionManager [0x81E56356]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverEnlistment [0x81E549C3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverResourceManager [0x81E55999]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverTransactionManager [0x81E56417]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateResourceManager [0x81E55527]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenResourceManager [0x81E557ED]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetNotificationResourceManager [0x81E559F2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationResourceManager [0x81E55B07]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEnlistment [0x81E5470D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEnlistment [0x81E547FA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationEnlistment [0x81E54C06]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationEnlistment [0x81E54A1F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStartTm [0x81E89383]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x81DBDB8F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDebugActiveProcess [0x81D76096]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x81D766EC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x81E90AA5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x81E891FB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteBootEntry [0x81E8B027]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteDriverEntry [0x81E8C2B3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x81D8C187]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x81D379A7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeletePrivateNamespace [0x81DFA6AA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x81E4ADAB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x81D37C3A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x81D8EE63]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x81E7A099]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateObject [0x81DF1FB3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x81E3F88B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateBootEntries [0x81E8B228]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateDriverEntries [0x81E8C4B2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x81D37F12]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x81E8ADFB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateTransactionObject [0x81C68F61]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x81D38171]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwExtendSection [0x81DE1387]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFilterToken [0x81E40316]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFindAtom [0x81E890A1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushBuffersFile [0x81D8C299]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstructionCache [0x81DE84B3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushKey [0x81D383F0]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushProcessWriteBuffers [0x81CCDFAB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushVirtualMemory [0x81DDA8E1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushWriteBuffer [0x81DE84A0]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x81DE7B6E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreeVirtualMemory [0x81CBEB63]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreezeRegistry [0x81CD0683]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreezeTransactions [0x81C69169]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFsControlFile [0x81D8EE9F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetContextThread [0x81E1A9BF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetDevicePowerState [0x81E0DBC7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetNlsSectionPtr [0x81E8610B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetPlugPlayEvent [0x81DB9D7A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetWriteWatch [0x81CE4864]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x81E4DECF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateClientOfPort [0x81DBE383]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateThread [0x81E22455]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeNlsFiles [0x81E84DA7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeRegistry [0x81D3860D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwInitiatePowerAction [0x81E0D9B8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwIsProcessInJob [0x81E21F63]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x81E0DBAD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwListenPort [0x81DBE3B1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadDriver [0x81D98384]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey [0x81D3A414]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey2 [0x81D3A43B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKeyEx [0x81D3A467]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockFile [0x81D8EEDB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockProductActivationKeys [0x81E7A35C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockRegistryKey [0x81D3D08E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockVirtualMemory [0x81C1AD7F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMakePermanentObject [0x81DEF3B9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMakeTemporaryObject [0x81DF18CB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPages [0x81DE67E2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x81DE6D4B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapViewOfSection [0x81DD0206]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwModifyBootEntry [0x81E8B1F7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwModifyDriverEntry [0x81E8C483]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x81D8FD76]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeKey [0x81D38716]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x81D38753]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenDirectoryObject [0x81DEDAE3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEvent [0x81E87211]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEventPair [0x81E8FBC7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenFile [0x81D900CB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenIoCompletion [0x81D8B3A5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenJobObject [0x81E1F4F7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x81D3922F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyTransacted [0x81D3928B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenMutant [0x81E9000F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenPrivateNamespace [0x81DFA335]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x81E4A823]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcess [0x81E1385D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessToken [0x81E40D3C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessTokenEx [0x81E40D61]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSection [0x81DDA58B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSemaphore [0x81E8822B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSession [0x81DE46CF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x81DEFE95]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThread [0x81E13BBF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadToken [0x81E40F2B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadTokenEx [0x81E40F53]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTimer [0x81E8F840]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPlugPlayControl [0x81DB9EFF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPowerInformation [0x81E079BC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeCheck [0x81E4FD36]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x81E49869]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x81E49ACA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwProtectVirtualMemory [0x81DE8767]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPulseEvent [0x81E872E4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryAttributesFile [0x81D8C4B5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryBootEntryOrder [0x81E8B6D3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryBootOptions [0x81E8BB27]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDebugFilterState [0x81C7C403]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultLocale [0x81E7EC28]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x81E7EFAF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryFile [0x81D8FD0D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryObject [0x81DEDBA2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDriverEntryOrder [0x81E8C03B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEaFile [0x81D90107]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEvent [0x81E873C7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryFullAttributesFile [0x81D8C657]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationAtom [0x81E89228]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationFile [0x81D90CF6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationJobObject [0x81E1FF3F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationPort [0x81DBE429]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationProcess [0x81E14191]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationThread [0x81E1774B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationToken [0x81E41198]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInstallUILanguage [0x81E7EF2B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIntervalProfile [0x81E908F7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIoCompletion [0x81D8B47C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x81D39557]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMultipleValueKey [0x81D3BE73]
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-08 17:38:58
Windows 6.0.6000
Running: v6k9qjpz.exe; Driver: C:\Users\ME&THE~1\AppData\Local\Temp\uwlyipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x81DBE057]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x81C657CE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x81E4A707]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x81C65805]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x81E4A746]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x81C65840]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x81E4A78F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x81E4A7D8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x81E88F47]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x81E8AFF4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddDriverEntry [0x81E8C282]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x81E3EEE5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x81E3EACD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlertResumeThread [0x81E1D327]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlertThread [0x81E1D2CF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x81E89390]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x81DE743F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x81E88A70]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateVirtualMemory [0x81DD531F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcAcceptConnectPort [0x81DC0B37]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCancelMessage [0x81DC62C7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcConnectPort [0x81DBFE3B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreatePort [0x81DBF54B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreatePortSection [0x81DC839B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateResourceReserve [0x81DC9CC3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateSectionView [0x81DC8637]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateSecurityContext [0x81DCA27F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeletePortSection [0x81DC853A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteResourceReserve [0x81DC9DFA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteSectionView [0x81DC886D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteSecurityContext [0x81DCA577]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDisconnectPort [0x81DCC39B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcImpersonateClientOfPort [0x81DCA803]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcOpenSenderProcess [0x81DCE107]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcOpenSenderThread [0x81DCE6B7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcQueryInformation [0x81DCD953]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcQueryInformationMessage [0x81DC70D5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcRevokeSecurityContext [0x81DCA430]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcSendWaitReceivePort [0x81DC615B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcSetInformation [0x81DCD48B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwApphelpCacheControl [0x81E9F2F9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x81DD21CB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x81E1F5BB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x81C8037C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x81D8046C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x81D8BD6C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x81C79318]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x81E87095]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x81DF189C]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x81E4ACC9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x81D3CD2B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x81E4E0C9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x81DBE0DB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x81D3CFB7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwConnectPort [0x81DBE023]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x81C903B8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x81D752D2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x81DED9DF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x81E870E8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x81E8FA91]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x81D8EC5E]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x81D8B298]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x81E1F339]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x81E2210F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x81D37576]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyTransacted [0x81D375D9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x81D8ED8F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMutant [0x81E8FF0A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x81D8ECA1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePrivateNamespace [0x81DFA0B6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x81DE37EC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x81DBDB25]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x81E123B2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x81E123FD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x81E90403]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x81DD7703]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x81E880FF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x81DEFC6B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThread [0x81E11F31]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x81E8F6F1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x81E4CCED]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTransaction [0x81E53AC4]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTransaction [0x81E53DD7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationTransaction [0x81E53FCF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationTransactionManager [0x81E56472]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrePrepareEnlistment [0x81E54E64]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrepareEnlistment [0x81E54DA3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCommitEnlistment [0x81E54F25]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadOnlyEnlistment [0x81E553A9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackComplete [0x81E55468]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackEnlistment [0x81E54FE6]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCommitTransaction [0x81E544CF]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackTransaction [0x81E54538]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrePrepareComplete [0x81E55168]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrepareComplete [0x81E550A7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCommitComplete [0x81E55229]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSinglePhaseReject [0x81E552EA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationTransaction [0x81E545B5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationTransactionManager [0x81E56879]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationResourceManager [0x81E55D36]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTransactionManager [0x81E55ED0]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTransactionManager [0x81E560E7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRollforwardTransactionManager [0x81E56356]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverEnlistment [0x81E549C3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverResourceManager [0x81E55999]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverTransactionManager [0x81E56417]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateResourceManager [0x81E55527]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenResourceManager [0x81E557ED]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetNotificationResourceManager [0x81E559F2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationResourceManager [0x81E55B07]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEnlistment [0x81E5470D]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEnlistment [0x81E547FA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationEnlistment [0x81E54C06]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationEnlistment [0x81E54A1F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStartTm [0x81E89383]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x81DBDB8F]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDebugActiveProcess [0x81D76096]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x81D766EC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x81E90AA5]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x81E891FB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteBootEntry [0x81E8B027]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteDriverEntry [0x81E8C2B3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x81D8C187]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x81D379A7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeletePrivateNamespace [0x81DFA6AA]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x81E4ADAB]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x81D37C3A]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x81D8EE63]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x81E7A099]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateObject [0x81DF1FB3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x81E3F88B]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateBootEntries [0x81E8B228]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

#14 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 17 April 2010 - 09:49 PM

INT 0x00 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D640
INT 0x01 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D7C0
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DC14
INT 0x04 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DD9C
INT 0x05 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DEFC
INT 0x06 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8E070
INT 0x07 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8E6E0
INT 0x09 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8EB08
INT 0x0A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8EC2C
INT 0x0B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8ED6C
INT 0x0C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8EFCC
INT 0x0D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8F2B4
INT 0x0E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8F998
INT 0x0F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x10 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FE4C
INT 0x11 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FF8C
INT 0x12 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x13 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C900F8
INT 0x14 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x15 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x16 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x17 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x18 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x19 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x1A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x1B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x1C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x1D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x1E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x1F \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB5AC4
INT 0x2A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8CDAA
INT 0x2B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8CF30
INT 0x2C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8D06C
INT 0x2D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8DAEC
INT 0x2E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C76E
INT 0x2F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8FD28
INT 0x30 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE30
INT 0x31 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE3A
INT 0x32 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE44
INT 0x33 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE4E
INT 0x34 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE58
INT 0x35 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE62
INT 0x36 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE6C
INT 0x37 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB50E8
INT 0x38 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE80
INT 0x39 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE8A
INT 0x3A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE94
INT 0x3B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BE9E
INT 0x3C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEA8
INT 0x3D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEB2
INT 0x3E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEBC
INT 0x3F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEC6
INT 0x40 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BED0
INT 0x41 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEDA
INT 0x42 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEE4
INT 0x43 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEEE
INT 0x44 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BEF8
INT 0x45 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF02
INT 0x46 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF0C
INT 0x47 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF16
INT 0x48 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF20
INT 0x49 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF2A
INT 0x4A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF34
INT 0x4B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF3E
INT 0x4C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF48
INT 0x4D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF52
INT 0x4E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF5C
INT 0x4F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF66
INT 0x50 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF70
INT 0x51 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF7A
INT 0x52 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 8825AE1B
INT 0x53 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF8E
INT 0x54 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BF98
INT 0x55 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFA2
INT 0x56 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFAC
INT 0x57 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFB6
INT 0x58 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFC0
INT 0x59 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFCA
INT 0x5A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFD4
INT 0x5B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFDE
INT 0x5C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFE8
INT 0x5D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFF2
INT 0x5E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8BFFC
INT 0x5F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C006
INT 0x60 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C010
INT 0x61 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C01A
INT 0x62 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 8825AE1B
INT 0x63 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C02E
INT 0x64 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C038
INT 0x65 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C042
INT 0x66 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C04C
INT 0x67 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C056
INT 0x68 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C060
INT 0x69 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C06A
INT 0x6A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C074
INT 0x6B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C07E
INT 0x6C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C088
INT 0x6D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C092
INT 0x6E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C09C
INT 0x6F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0A6
INT 0x70 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0B0
INT 0x71 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) 882A515C
INT 0x72 \SystemRoot\system32\drivers\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 8078EED0
INT 0x73 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0CE
INT 0x74 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0D8
INT 0x75 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0E2
INT 0x76 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0EC
INT 0x77 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C0F6
INT 0x78 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C100
INT 0x79 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C10A
INT 0x7A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C114
INT 0x7B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C11E
INT 0x7C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C128
INT 0x7D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C132
INT 0x7E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C13C
INT 0x7F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C146
INT 0x80 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C150
INT 0x81 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C15A
INT 0x82 \SystemRoot\system32\drivers\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 8078EED0
INT 0x83 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C16E
INT 0x84 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C178
INT 0x85 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C182
INT 0x86 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C18C
INT 0x87 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C196
INT 0x88 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1A0
INT 0x89 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1AA
INT 0x8A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1B4
INT 0x8B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1BE
INT 0x8C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1C8
INT 0x8D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1D2
INT 0x8E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1DC
INT 0x8F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1E6
INT 0x90 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1F0
INT 0x91 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C1FA
INT 0x92 \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 807E9E30
INT 0x93 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C20E
INT 0x94 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C218
INT 0x95 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C222
INT 0x96 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C22C
INT 0x97 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C236
INT 0x98 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C240
INT 0x99 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C24A
INT 0x9A \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C254
INT 0x9B \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C25E
INT 0x9C \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C268
INT 0x9D \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C272
INT 0x9E \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C27C
INT 0x9F \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C286
INT 0xA0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C290
INT 0xA1 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C29A
INT 0xA2 \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 807E9E30
INT 0xA3 \SystemRoot\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) 8A9B6354
INT 0xA4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2B8
INT 0xA5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2C2
INT 0xA6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2CC
INT 0xA7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2D6
INT 0xA8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2E0
INT 0xA9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2EA
INT 0xAA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2F4
INT 0xAB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C2FE
INT 0xAC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C308
INT 0xAD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C312
INT 0xAE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C31C
INT 0xAF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C326
INT 0xB0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C330
INT 0xB1 \SystemRoot\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) 8023768C
INT 0xB2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C344
INT 0xB3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C34E
INT 0xB4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C358
INT 0xB5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C362
INT 0xB6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C36C
INT 0xB7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C376
INT 0xB8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C380
INT 0xB9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C38A
INT 0xBA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C394
INT 0xBB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C39E
INT 0xBC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3A8
INT 0xBD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3B2
INT 0xBE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3BC
INT 0xBF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3C6
INT 0xC0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3D0
INT 0xC1 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB53D8
INT 0xC2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3E4
INT 0xC3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3EE
INT 0xC4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C3F8
INT 0xC5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C402
INT 0xC6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C40C
INT 0xC7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C416
INT 0xC8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C420
INT 0xC9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C42A
INT 0xCA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C434
INT 0xCB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C43E
INT 0xCC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C448
INT 0xCD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C452
INT 0xCE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C45C
INT 0xCF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C466
INT 0xD0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C470
INT 0xD1 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FA497C
INT 0xD2 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FA3F08
INT 0xD3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C48E
INT 0xD4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C498
INT 0xD5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4A2
INT 0xD6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4AC
INT 0xD7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4B6
INT 0xD8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4C0
INT 0xD9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4CA
INT 0xDA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4D4
INT 0xDB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4DE
INT 0xDC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4E8
INT 0xDD \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4F2
INT 0xDE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C4FC
INT 0xDF \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB51C0
INT 0xE0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C510
INT 0xE1 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB5934
INT 0xE2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C524
INT 0xE3 \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB56D4
INT 0xE4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C538
INT 0xE5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C542
INT 0xE6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C54C
INT 0xE7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C556
INT 0xE8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C560
INT 0xE9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C56A
INT 0xEA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C574
INT 0xEB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C57E
INT 0xEC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C588
INT 0xED \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C592
INT 0xEE \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C599
INT 0xEF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5A0
INT 0xF0 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5A7
INT 0xF1 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5AE
INT 0xF2 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5B5
INT 0xF3 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5BC
INT 0xF4 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5C3
INT 0xF5 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5CA
INT 0xF6 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5D1
INT 0xF7 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5D8
INT 0xF8 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5DF
INT 0xF9 \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5E6
INT 0xFA \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5ED
INT 0xFB \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5F4
INT 0xFC \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C5FB
INT 0xFD \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB5EDC
INT 0xFE \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FB6148
INT 0xFF \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C8C610
SYSENTER \SystemRoot\system32\ntkrnlpa.exe 81C8C840

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + CE1 81C8CAA9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 46E 81C911BE 18 Bytes [E0, 25, 7F, FF, FF, FF, 0F, ...]
.text ntkrnlpa.exe!KiDispatchInterrupt + 486 81C911D6 1 Byte [00]
.text ntkrnlpa.exe!RtlPrefetchMemoryNonTemporal 81C919E8 1 Byte [90]

---- User code sections - GMER 1.0.15 ----

UPX1 C:\Users\Me & the Kids\Desktop\v6k9qjpz.exe[1412] C:\Users\Me & the Kids\Desktop\v6k9qjpz.exe entry point in "UPX1" section [0x004B3F40]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \
Device \Driver\KSecDD \Device\KsecDD ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000019
Device \Device\00000025
Device \Device\00000032
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NDIS \Device\Ndis ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation)
Device \Device\00000026
Device \Device\00000033
Device \Device\00000027
Device \Device\00000034
Device \Device\00000040
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Device\00000028
Device \Device\00000035
Device \Driver\WMIxWDM \Device\WMIAdminDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIAdminDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Wdf01000 \Device\KMDF0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\Wdf01000 \Device\KMDF0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000041
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Device\Video0
Device \Driver\kbdclass \Device\KeyboardClass0 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\kbdclass \Device\KeyboardClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\kbdclass \Device\KeyboardClass0 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Device\00000029
Device \Device\00000036
Device \Driver\ACPI \Device\00000042 acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\kbdclass \Device\KeyboardClass1 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\kbdclass \Device\KeyboardClass1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\kbdclass \Device\KeyboardClass1 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Device\0000000a
Device \Device\00000037
Device \Device\00000043
Device \Device\00000050
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\mouclass \Device\PointerClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\mouclass \Device\PointerClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\0000000b
Device \Device\00000038
Device \Device\00000044
Device \Device\00000051
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\PointerClass1
Device \Driver\uwlyipow \Device\uwlyipow uwlyipow.sys
Device \Driver\uwlyipow \Device\uwlyipow ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\0000000c
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000045 acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000039 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000039 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000052 acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\0000000d
Device \Device\0000001a
Device \Driver\ACPI \Device\00000046 acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\NTPNP_PCI0000
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\nvstor32 \Device\00000053 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation)
Device \Driver\nvstor32 \Device\00000053 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-2 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\nvstor32 \Device\00000054 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation)
Device \Driver\nvstor32 \Device\00000054 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\0000000e
Device \Device\0000001b
Device \Driver\ACPI \Device\00000047 acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0001 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0001 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000060 usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000060 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-3 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\0000000f
Device \Device\0000001c
Device \Device\NTPNP_PCI0002
Device \Device\00000048
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Device\00000061
Device \Driver\usbhub \Device\USBPDO-4 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\0000001d
Device \Device\NTPNP_PCI0003
Device \Device\00000049
Device \Driver\pci \Device\NTPNP_PCI0010 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0010 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\usbhub \Device\00000056 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000056 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000062 usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000062 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\0000001e
Device \Device\0000002a
Device \Driver\pci \Device\NTPNP_PCI0011 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0011 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0004 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0004 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\usbhub \Device\00000057 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000057 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000063 usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000063 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume1 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\0000001f
Device \Device\0000002b
Device \Device\NTPNP_PCI0012
Device \Driver\pci \Device\NTPNP_PCI0005 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0005 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\00000058
Device \Device\00000064
Device \Driver\volmgr \Device\HarddiskVolume2 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\0000002c
Device \Device\NTPNP_PCI0006
Device \Device\NTPNP_PCI0013
Device \Driver\Ecache \Device\ECacheControl ecache.sys (Special Memory Device Cache/Microsoft Corporation)
Device \Driver\TermDD \Device\Termdd termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000065 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000065 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume3 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\0000002d
Device \Driver\pci \Device\NTPNP_PCI0007 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0007 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\NTPNP_PCI0014
Device \Device\NTPNP_PCI0020
Device \Driver\atapi \Device\Ide\IdePort0 ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pciide \Device\Ide\PciIde0Channel0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pciide \Device\Ide\PciIde0Channel0 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Driver\pciide \Device\Ide\PciIde0Channel1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pciide \Device\Ide\PciIde0Channel1 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Device\Ide\PciIde0
Device \Device\i
Device \Driver\PnpManager \Device\0000003a ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003a ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume4 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0021 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0021 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume5 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume5 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume6 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume6 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000069 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000069 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume7 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume7 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy11 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000003f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000003f hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy12 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy13 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy20 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy14 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000005a USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000005a ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager mountmgr.sys (Mount Point Manager/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy15 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000005b USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000005b ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004f acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy16 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \FileSystem\Mup \Device\Mup mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\nvstor32 \Device\RaidPort0 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation)
Device \Driver\nvstor32 \Device\RaidPort0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000005c USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000005c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\nvstor32 \Device\RaidPort1 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation)
Device \Driver\nvstor32 \Device\RaidPort1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy17 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\Ps2 \Device\Ps2 PS2.sys (PS2 SYS/Hewlett-Packard Company)
Device \Driver\USBSTOR \Device\0000005d USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000005d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk0\DR0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk0\DR0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy18 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\iScsiPrt \Device\RaidPort2 storport.sys (Microsoft Storage Port Driver/Microsoft Corporation)
Device \Driver\iScsiPrt \Device\RaidPort2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000005e USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\0000005e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\HidUsb \Device\0000006a HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\0000006a ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk1\DR1 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk1\DR1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy19 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\0000005f usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\0000005f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk2\DR2 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk2\DR2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ohci1394 \Device\1394BUS0 1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation)
Device \Driver\ohci1394 \Device\1394BUS0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ohci1394 \Device\1394BUS0 ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\HidUsb \Device\0000006c HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\0000006c ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk3\DR3 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk3\DR3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\HidUsb \Device\0000006d HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\0000006d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk4\DR4 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk4\DR4 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000005 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000005 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk5\DR5 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\disk \Device\Harddisk5\DR5 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\FileInfo \Device\FileInfo fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation)
Device \FileSystem\FileInfo \Device\FileInfo ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs

#15 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 17 April 2010 - 09:51 PM

---- Modules - GMER 1.0.15 ----

Module \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 81C00000-81FA1000 (3805184 bytes)
Module \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81FA1000-81FD5000 (212992 bytes)
Module \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation) 802C6000-802CE000 (32768 bytes)
Module \SystemRoot\system32\PSHED.dll (Platform Specific Hardware Error Driver/Microsoft Corporation) 802BD000-802C6000 (36864 bytes)
Module \SystemRoot\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) 802B5000-802BD000 (32768 bytes)
Module \SystemRoot\system32\CLFS.SYS (Common Log File System Driver/Microsoft Corporation) 8027A000-802B5000 (241664 bytes)
Module \SystemRoot\system32\CI.dll (Code Integrity Module/Microsoft Corporation) 8051F000-80600000 (921600 bytes)
Module \SystemRoot\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) 804A4000-8051F000 (503808 bytes)
Module \SystemRoot\system32\drivers\WDFLDR.SYS (WDFLDR/Microsoft Corporation) 8026D000-8027A000 (53248 bytes)
Module \SystemRoot\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) 8022A000-8026D000 (274432 bytes)
Module \SystemRoot\system32\drivers\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) 80221000-8022A000 (36864 bytes)
Module \SystemRoot\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) 80219000-80221000 (32768 bytes)
Module \SystemRoot\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) 8047F000-804A4000 (151552 bytes)
Module \SystemRoot\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) 8020A000-80219000 (61440 bytes)
Module \SystemRoot\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) 8046F000-8047F000 (65536 bytes)
Module \SystemRoot\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) 80203000-8020A000 (28672 bytes)
Module \SystemRoot\system32\drivers\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) 80461000-8046F000 (57344 bytes)
Module \SystemRoot\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) 80417000-80461000 (303104 bytes)
Module \SystemRoot\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) 8040F000-80417000 (32768 bytes)
Module \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 807E2000-80800000 (122880 bytes)
Module \SystemRoot\system32\drivers\nvstor32.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) 807C8000-807E2000 (106496 bytes)
Module \SystemRoot\system32\drivers\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 80788000-807C8000 (262144 bytes)
Module \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) 80757000-80788000 (200704 bytes)
Module \SystemRoot\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) 80747000-80757000 (65536 bytes)
Module \SystemRoot\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) 80406000-8040F000 (36864 bytes)
Module \SystemRoot\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) 80643000-80747000 (1064960 bytes)
Module \SystemRoot\system32\drivers\msrpc.sys (Kernel Remote Procedure Call Provider/Microsoft Corporation) 80618000-80643000 (176128 bytes)
Module \SystemRoot\system32\drivers\NETIO.SYS (Network I/O Subsystem/Microsoft Corporation) 873C7000-87400000 (233472 bytes)
Module \SystemRoot\System32\Drivers\Ntfs.sys (NT File System Driver/Microsoft Corporation) 872BF000-873C7000 (1081344 bytes)
Module \SystemRoot\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) 87255000-872BF000 (434176 bytes)
Module \SystemRoot\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) 8721F000-87255000 (221184 bytes)
Module \SystemRoot\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) 80601000-80610000 (61440 bytes)
Module \SystemRoot\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) 87210000-8721F000 (61440 bytes)
Module \SystemRoot\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) 8757F000-875A4000 (151552 bytes)
Module \SystemRoot\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) 8756E000-8757F000 (69632 bytes)
Module \SystemRoot\system32\drivers\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) 8754D000-8756E000 (135168 bytes)
Module \SystemRoot\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) 87207000-87210000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) 882A4000-882B7000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\PS2.sys (PS2 SYS/Hewlett-Packard Company) 8829F000-882A4000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) 882FB000-88306000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) 88295000-8829F000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 88258000-88295000 (249856 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) 8824A000-88258000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) 8A9B0000-8A9C0000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation) 8823C000-8824A000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) 8822A000-8823C000 (73728 bytes)
Module \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) 88212000-8822A000 (98304 bytes)
Module \SystemRoot\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) 8A8D5000-8A900000 (176128 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) 88306000-88311000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) 87FA9000-87FB8000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) 88311000-8831C000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) 87E54000-87E56000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation) 8A8AB000-8A8D5000 (172032 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 88208000-88212000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) 8A89E000-8A8AB000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) 8A86A000-8A89E000 (212992 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) 87FB8000-87FC1000 (36864 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) 88201000-88208000 (28672 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) 8A853000-8A85A000 (28672 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) 8A847000-8A853000 (49152 bytes)
Module \SystemRoot\System32\drivers\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) 8A826000-8A847000 (135168 bytes)
Module \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) 8A819000-8A826000 (53248 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) 8831C000-88327000 (45056 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) 8A80B000-8A819000 (57344 bytes)
Module \SystemRoot\System32\Drivers\crashdmp.sys (Crash Dump Driver/Microsoft Corporation) 882DB000-882E8000 (53248 bytes)
Module \SystemRoot\System32\Drivers\dump_diskdump.sys 882D1000-882DB000 (40960 bytes)
Module \SystemRoot\System32\Drivers\dump_nvstor32.sys 882B7000-882D1000 (106496 bytes)
Module \SystemRoot\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) 8B60E000-8B620000 (73728 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) 87E3E000-87E40000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) 8B729000-8B740000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) 8B960000-8B96A000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) 8B779000-8B782000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\HIDCLASS.SYS (Hid Class Library/Microsoft Corporation) 8A9A0000-8A9B0000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\HIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation) 8B607000-8B60E000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) 87EC5000-87ECD000 (32768 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) 8FE00000-8FFFF000 (2093056 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) 8B974000-8B97E000 (40960 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) 8BFE0000-8BFF7000 (94208 bytes)
Module \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation) 8BE00000-8BE09000 (36864 bytes)
Module \SystemRoot\System32\framebuf.dll (Framebuffer Display Driver/Microsoft Corporation) 8BE10000-8BE18000 (32768 bytes)
Module \??\C:\Users\ME&THE~1\AppData\Local\Temp\uwlyipow.sys (GMER) 92439000-92450000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) 92423000-92439000 (90112 bytes)
Module \Windows\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) ---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process C:\Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation) 232
Library C:\Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation) 0x47AE0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 356
Library C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x4A5D0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x76520000
Library C:\Windows\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x76500000
Library C:\Windows\system32\winsrv.dll (Multi-User Windows Server DLL/Microsoft Corporation) 0x764A0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x76370000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 392
Library C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x4A5D0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x76520000
Library C:\Windows\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x76500000
Library C:\Windows\system32\winsrv.dll (Multi-User Windows Server DLL/Microsoft Corporation) 0x764A0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x76370000

Process C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 400
Library C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 0x00B40000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76480000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x76460000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76CC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76A10000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x768B0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76DC0000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x75CC0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75D30000

Process C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 436
Library C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 0x00BC0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x76460000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76430000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x765C0000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76480000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76CC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76A10000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76CE0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x768B0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76DC0000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x760A0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76DD0000
Library C:\Windows\system32\SHSVCS.dll (Windows Shell Services Dll/Microsoft Corporation) 0x751A0000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x76130000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75EF0000
Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x76030000

Process C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 476
Library C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 0x00880000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76480000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x76460000
Library C:\Windows\system32\SCESRV.dll (Windows Security Configuration Editor Engine/Microsoft Corporation) 0x763E0000
Library C:\Windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x76220000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x76130000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x765C0000
Library C:\Windows\system32\NCObjAPI.DLL (Microsoft Corporation) 0x76100000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76CC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76A10000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75D40000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x76080000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75C30000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76CE0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x768B0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76DC0000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x760A0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76DD0000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x75CC0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75D30000

Process C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 488
Library C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 0x00890000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library C:\Windows\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation) 0x76240000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x76460000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library C:\Windows\system32\SAMSRV.dll (SAM Server DLL/Microsoft Corporation) 0x761A0000
Library C:\Windows\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76110000
Library C:\Windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x760C0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x768B0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76DC0000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x76130000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x765C0000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x760A0000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x76080000
Library C:\Windows\system32\NTDSAPI.dll (Active Directory Domain Services API/Microsoft Corporation) 0x76060000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76CE0000
Library C:\Windows\system32\FeClient.dll (Windows NT File Encryption Client Interfaces/Microsoft Corporation) 0x76050000
Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x76030000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76480000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75EF0000
Library C:\Windows\system32\SYSNTFY.dll (Windows Notifications Dynamic Link Library/Microsoft Corporation) 0x763D0000
Library C:\Windows\system32\wevtapi.dll (Eventing Consumption and Configuration API/Microsoft Corporation) 0x75EB0000
Library C:\Windows\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x75E90000
Library C:\Windows\system32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x75E50000
Library C:\Windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x75E40000
Library C:\Windows\system32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76CC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76A10000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library C:\Windows\system32\cngaudit.dll (Windows Cryptographic Next Generation audit library/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x76220000
Library C:\Windows\system32\ncrypt.dll (Windows cryptographic library/Microsoft Corporation) 0x75DE0000
Library C:\Windows\system32\BCRYPT.dll (Windows Cryptographic Primitives Library/Microsoft Corporation) 0x75D70000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75D40000
Library C:\Windows\system32\msprivs.dll (Microsoft Privilege Translations/Microsoft Corporation) 0x75DD0000
Library C:\Windows\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x75B90000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x75CC0000
Library C:\Windows\System32\wship6.dll (Winsock2 Helper DLL (TL/IPv6)/Microsoft Corporation) 0x75D50000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75D30000
Library C:\Windows\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\netlogon.dll (Net Logon Services DLL/Microsoft Corporation) 0x75B00000
Library C:\Windows\system32\WINBRAND.dll (Windows Branding Resources/Microsoft Corporation) 0x75A20000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75C30000
Library C:\Windows\system32\wdigest.dll (Microsoft Digest Access/Microsoft Corporation) 0x75D00000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x759E0000
Library C:\Windows\system32\tspkg.dll (Web Service Security Package/Microsoft Corporation) 0x75C10000
Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x759C0000
Library C:\Windows\system32\setupapi.dll (Windows Setup API/Microsoft Corporation) 0x76600000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x76820000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76DD0000
Library C:\Windows\system32\scecli.dll (Windows Security Configuration Editor Client Engine/Microsoft Corporation) 0x75990000
Library C:\Windows\system32\keyiso.dll (CNG Key Isolation Service/Microsoft Corporation) 0x75790000

Process C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 496
Library C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 0x006C0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\SYSNTFY.dll (Windows Notifications Dynamic Link Library/Microsoft Corporation) 0x763D0000
Library C:\Windows\system32\WMsgAPI.dll (WinLogon IPC Client/Microsoft Corporation) 0x760F0000
Library C:\Windows\system32\secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x76460000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75D40000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x76080000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76480000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76CC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76A10000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75C30000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x76130000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x765C0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 640
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x005C0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library c:\windows\system32\umpnpmgr.dll (User-mode Plug-and-Play Service/Microsoft Corporation) 0x758E0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76480000
Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x76460000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76CC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76A10000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library C:\Windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x75940000
Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x759C0000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75EF0000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x757C0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x768B0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76DC0000
Library c:\windows\system32\FirewallAPI.dll (Windows Firewall API/Microsoft Corporation) 0x75870000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x76820000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76DD0000
Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75D60000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75D40000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x76080000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75C30000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x76130000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x765C0000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x76600000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76790000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76CE0000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x760A0000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76430000
Library C:\Windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x75720000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 692
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x005C0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x757C0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x768B0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76DC0000
Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x76460000
Library c:\windows\system32\FirewallAPI.dll (Windows Firewall API/Microsoft Corporation) 0x75870000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x76820000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76DD0000
Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75D60000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76CC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76A10000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75D40000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x76080000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76480000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75C30000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x76130000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x765C0000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x759E0000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x75CC0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75D30000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76790000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 824
Library C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x005C0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library c:\windows\system32\wevtsvc.dll (Event Logging Service/Microsoft Corporation) 0x74EA0000
Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76480000
Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x76460000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75D60000
Library c:\windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x759C0000
Library c:\windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75EF0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76CC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76A10000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75D40000
Library C:\Windows\System32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75F30000
Library C:\Windows\System32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x76080000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x75C30000
Library C:\Windows\System32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x76130000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x765C0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x768B0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76DC0000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x75CC0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75D30000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 848
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x005C0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76CE0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x768B0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76DC0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x765C0000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x760A0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76DD0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76CC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76A10000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library c:\windows\system32\profsvc.dll (ProfSvc/Microsoft Corporation) 0x75760000
Library c:\windows\system32\SYSNTFY.dll (Windows Notifications Dynamic Link Library/Microsoft Corporation) 0x763D0000
Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76480000
Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x76460000
Library c:\windows\system32\nlaapi.dll (Network Location Awareness 2/Microsoft Corporation) 0x75920000
Library c:\windows\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x75E90000
Library c:\windows\system32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x75E50000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x760C0000
Library c:\windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x75E40000
Library c:\windows\system32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75E20000
Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x75850000
Library c:\windows\system32\wbem\wmisvc.dll (WMI/Microsoft Corporation) 0x75240000
Library c:\windows\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x751E0000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x76820000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76790000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x759E0000
Library C:\Windows\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x74DA0000
Library C:\Windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x757A0000
Library C:\Windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x76220000
Library C:\Windows\system32\XmlLite.dll (Microsoft XmlLite Library/Microsoft Corporation) 0x75730000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x76130000
Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x76030000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x76600000
Library C:\Windows\system32\wbem\wbemcore.dll (Windows Management Instrumentation/Microsoft Corporation) 0x72B20000
Library C:\Windows\system32\wbem\esscli.dll (WMI/Microsoft Corporation) 0x73080000
Library C:\Windows\system32\wbem\FastProx.dll (WMI Custom Marshaller/Microsoft Corporation) 0x72C00000
Library C:\Windows\system32\NTDSAPI.dll (Active Directory Domain Services API/Microsoft Corporation) 0x76060000
Library C:\Windows\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x74410000
Library C:\Windows\system32\wbem\repdrvfs.dll (WMI Repository Driver/Microsoft Corporation) 0x727A0000
Library C:\Windows\system32\wbem\wmiprvsd.dll (WMI/Microsoft Corporation) 0x726A0000
Library C:\Windows\system32\NCObjAPI.DLL (Microsoft Corporation) 0x76100000
Library C:\Windows\system32\wbem\wbemess.dll (WMI/Microsoft Corporation) 0x72740000
Library C:\Windows\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x74580000
Library C:\Windows\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x71C50000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 900
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x005C0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76CE0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x768B0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76DC0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x765C0000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x760A0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76DD0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76CC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76A10000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library c:\windows\system32\cryptsvc.dll (Cryptographic Services/Microsoft Corporation) 0x75270000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x76820000
Library c:\windows\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x74DA0000
Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x75850000
Library c:\windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x757A0000
Library c:\windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x76220000
Library c:\windows\system32\XmlLite.dll (Microsoft XmlLite Library/Microsoft Corporation) 0x75730000
Library c:\windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x76130000
Library c:\windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x76030000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x76600000
Library c:\windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75F30000
Library c:\windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x76080000
Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76480000
Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x76460000
Library C:\Windows\system32\ESENT.dll (Extensible Storage Engine for Microsoft® Windows®/Microsoft Corporation) 0x72E40000

Process C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1128
Library C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation) 0x00FA0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77D10000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x76AE0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77BD0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E30000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x76C70000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x76F20000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x76BC0000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x770A0000
Library C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x77100000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76DD0000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x76820000
Library C:\Windows\system32\SHDOCVW.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x74A70000
Library C:\Windows\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x75300000
Library C:\Windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x75940000
Library C:\Windows\system32\dwmapi.dll (Microsoft Desktop Window Manager API/Microsoft Corporation) 0x75710000
Library C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x74FA0000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75EF0000
Library C:\Windows\system32\PROPSYS.dll (Microsoft Property System/Microsoft Corporation) 0x74CE0000
Library C:\Windows\system32\BROWSEUI.dll (Shell Browser UI Library/Microsoft Corporation) 0x74920000
Library C:\Windows\system32\IMM32.dll (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76CC0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76A10000
Library C:\Windows\system32\DUser.dll (Windows DirectUser Engine/Microsoft Corporation) 0x752D0000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x76FC0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x76D30000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x75340000
Library C:\Windows\system32\WindowsCodecs.dll (Microsoft Windows Codecs Library/Microsoft Corporation) 0x74860000
Library C:\Windows\system32\IconCodecService.dll (Converts a PNG part of the icon to a legacy bmp icon/Microsoft Corporation) 0x752B0000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76790000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x759E0000
Library C:\Windows\system32\timedate.cpl (Time Date Control Panel Applet/Microsoft Corporation) 0x747A0000
Library C:\Windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x75850000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x76130000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x765C0000
Library C:\Windows\system32\OLEACC.dll (Active Accessibility Core Component/Microsoft Corporation) 0x74C10000
Library C:\Windows\system32\WINBRAND.dll (Windows Branding Resources/Microsoft Corporation) 0x75A20000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x76480000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x76460000
Library C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll (MediaLamp/HP) 0x10000000
Library C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.312_none_10b2ee7b9bffc2c7\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x74700000
Library C:\Windows\System32\shacct.dll (Shell Accounts Classes/Microsoft Corporation) 0x756D0000
Library C:\Windows\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x760A0000
Library C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x746D0000
Library C:\Windows\System32\msshsq.dll (Structured Query/Microsoft Corporation) 0x74650000
Library C:\Windows\System32\NaturalLanguage6.dll (Natural Language Development Platform 6/Microsoft Corporation) 0x744B0000
Library C:\Windows\System32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75F30000
Library C:\Windows\System32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x76080000
Library C:\Windows\System32\NLSData0009.dll (Microsoft English Natural Language Server Data and Code/Microsoft Corporation) 0x73B50000
Library C:\Windows\System32\NLSLexicons0009.dll (Microsoft English Natural Language Server Data and Code/Microsoft Corporation) 0x738C0000
Library C:\Windows\system32\authui.dll (Windows Authentication UI/Microsoft Corporation) 0x754E0000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x75930000
Library C:\Windows\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) 0x732F0000
Library C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x77F00000
Library C:\Windows\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x752C0000
Library C:\Windows\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x768E0000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76CE0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x768B0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x76DC0000
Library C:\Windows\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x76FD0000
Library C:\Windows\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x76DB0000
Library C:\Windows\system32\ExplorerFrame.dll (ExplorerFrame/Microsoft Corporation) 0x752A0000
Library C:\Windows\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x75160000
Library C:\Windows\system32\wdmaud.drv (Winmm audio system driver/Microsoft Corporation) 0x74620000
Library C:\Windows\system32\ksuser.dll (User CSA Library/Microsoft Corporation) 0x75150000
Library C:\Windows\system32\AVRT.dll (Multimedia Realtime Runtime/Microsoft Corporation) 0x746C0000
Library C:\Windows\system32\MMDevAPI.DLL (MMDevice API/Microsoft Corporation) 0x74BE0000
Library C:\Windows\system32\ntshrui.dll (Shell extensions for sharing/Microsoft Corporation) 0x74B90000
Library C:\Windows\system32\cscapi.dll (Offline Files Win32 API/Microsoft Corporation) 0x75700000
Library C:\Windows\system32\MLANG.dll (Multi Language Support DLL/Microsoft Corporation) 0x745F0000
Library C:\Windows\system32\stobject.dll (Systray shell service object/Microsoft Corporation) 0x74370000
Library C:\Windows\system32\BatMeter.dll (Battery Meter Helper DLL/Microsoft Corporation) 0x742B0000





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users