Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Virus/Malware - Security Pop-ups, etc


  • This topic is locked This topic is locked
18 replies to this topic

#1 State Or Die

State Or Die

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 29 May 2010 - 07:47 PM

Hello

A couple of days ago I came home from work and the computer was completely overrun with pop-ups and security warnings. I didn't pay too much attention to what they said because i wasn't able to do anything on the computer... I just turned it off and re-started in safe mode. I ran malwarebytes, super anti spyware and sophos and removed everything they identified. However, i was not able to update them because it wouldn't connect to the websites...

Now i cannot connect to the internet at all without being in safe mode. I haven't been able to identify the malware/virus that i have been infected with via running processes or programs listed in the control panel. I have run the programs listed in the instructions and attached to results below. Any help would be appreciated.. thanks in advance!!!


DDS LOGS:


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Kristen MacKool at 18:44:38.56 on Sat 05/29/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.623 [GMT -4:00]

AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kristen MacKool\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/?ref=hp
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uWindow Title = Microsoft Internet Explorer presented by Comcast
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80229
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [<NO NAME>]
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hp\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kriste~1\applic~1\mozilla\firefox\profiles\52hk3u6l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80229&language=en&qkw=
FF - plugin: c:\documents and settings\kristen mackool\application data\move networks\plugins\npqmp071705000014.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-8-21 98304]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2008-8-14 110848]
S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2008-8-14 38528]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-10-5 80936]
S2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-6-11 172032]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-11-15 14976]

=============== Created Last 30 ================

2010-05-29 22:43:55 0 ----a-w- c:\documents and settings\kristen mackool\defogger_reenable
2010-05-28 02:07:49 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-27 14:11:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-05-27 14:11:56 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-05-27 14:11:42 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-05-27 14:11:42 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys

==================== Find3M ====================

2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 04:33:41 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2010-03-10 04:33:38 1025024 ------w- c:\windows\system32\dllcache\browseui.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 11:09:18 430080 ------w- c:\windows\system32\dllcache\vbscript.dll

============= FINISH: 18:45:42.26 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/27/2006 5:05:25 AM
System Uptime: 5/29/2010 6:36:02 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 30A4
Processor: AMD Turion™ 64 Mobile Technology ML-32 | U23 | 1794/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 79 GiB total, 36.873 GiB free.
D: is FIXED (FAT32) - 13 GiB total, 0.938 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_30A4103C&REV_10\4&13826118&1&30A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_30A4103C&REV_10\4&13826118&1&30A4
Service: RTL8023xp

==== System Restore Points ===================

RP968: 3/17/2010 8:23:41 PM - System Checkpoint
RP969: 3/18/2010 10:10:06 PM - System Checkpoint
RP970: 3/20/2010 12:49:52 AM - System Checkpoint
RP971: 3/21/2010 8:43:13 PM - System Checkpoint
RP972: 3/22/2010 9:41:56 PM - System Checkpoint
RP973: 3/23/2010 9:45:03 PM - System Checkpoint
RP974: 3/24/2010 11:55:10 PM - System Checkpoint
RP975: 3/25/2010 11:56:02 PM - System Checkpoint
RP976: 3/28/2010 7:58:44 PM - System Checkpoint
RP977: 3/29/2010 8:21:20 PM - System Checkpoint
RP978: 3/30/2010 9:14:19 PM - System Checkpoint
RP979: 3/31/2010 10:26:51 PM - System Checkpoint
RP980: 4/1/2010 4:04:26 PM - Software Distribution Service 3.0
RP981: 4/3/2010 10:25:13 AM - System Checkpoint
RP982: 4/5/2010 8:06:22 PM - System Checkpoint
RP983: 4/6/2010 9:54:49 PM - System Checkpoint
RP984: 4/8/2010 8:17:27 AM - System Checkpoint
RP985: 4/9/2010 8:28:59 AM - System Checkpoint
RP986: 4/10/2010 9:14:33 AM - System Checkpoint
RP987: 4/11/2010 12:20:12 PM - System Checkpoint
RP988: 4/12/2010 5:18:46 PM - System Checkpoint
RP989: 4/13/2010 5:42:35 PM - System Checkpoint
RP990: 4/14/2010 6:08:19 AM - Software Distribution Service 3.0
RP991: 4/15/2010 6:54:41 AM - System Checkpoint
RP992: 4/16/2010 7:13:48 AM - System Checkpoint
RP993: 4/17/2010 8:13:59 AM - System Checkpoint
RP994: 4/18/2010 8:06:01 PM - System Checkpoint
RP995: 4/19/2010 8:48:53 PM - System Checkpoint
RP996: 4/20/2010 9:12:51 PM - System Checkpoint
RP997: 4/22/2010 6:43:59 AM - System Checkpoint
RP998: 4/23/2010 7:02:25 AM - System Checkpoint
RP999: 4/25/2010 4:09:54 PM - System Checkpoint
RP1000: 4/26/2010 4:49:59 PM - System Checkpoint
RP1001: 4/27/2010 6:50:58 PM - System Checkpoint
RP1002: 4/28/2010 7:08:48 PM - System Checkpoint
RP1003: 4/29/2010 8:10:17 PM - System Checkpoint
RP1004: 4/30/2010 10:06:15 PM - System Checkpoint
RP1005: 5/2/2010 10:52:02 AM - System Checkpoint
RP1006: 5/3/2010 3:57:51 PM - System Checkpoint
RP1007: 5/4/2010 5:48:11 PM - System Checkpoint
RP1008: 5/5/2010 7:25:29 PM - System Checkpoint
RP1009: 5/6/2010 8:17:05 PM - System Checkpoint
RP1010: 5/9/2010 3:53:21 PM - System Checkpoint
RP1011: 5/10/2010 6:08:04 PM - System Checkpoint
RP1012: 5/11/2010 8:28:16 PM - System Checkpoint
RP1013: 5/12/2010 6:33:45 AM - Software Distribution Service 3.0
RP1014: 5/13/2010 7:46:01 AM - System Checkpoint
RP1015: 5/15/2010 3:22:40 PM - System Checkpoint
RP1016: 5/16/2010 4:48:08 PM - System Checkpoint
RP1017: 5/17/2010 7:25:17 PM - System Checkpoint
RP1018: 5/18/2010 11:11:58 PM - System Checkpoint
RP1019: 5/20/2010 12:49:54 AM - System Checkpoint
RP1020: 5/21/2010 7:29:37 AM - System Checkpoint
RP1021: 5/22/2010 7:43:49 AM - System Checkpoint
RP1022: 5/23/2010 8:32:42 AM - System Checkpoint
RP1023: 5/24/2010 5:02:29 PM - System Checkpoint
RP1024: 5/25/2010 7:19:07 PM - System Checkpoint
RP1025: 5/26/2010 6:02:07 AM - Software Distribution Service 3.0
RP1026: 5/27/2010 6:33:17 AM - Software Distribution Service 3.0
RP1027: 5/27/2010 10:23:55 AM - Software Distribution Service 3.0
RP1028: 5/27/2010 9:25:36 PM - Removed Bonjour
RP1029: 5/27/2010 10:07:19 PM - Removed SUPERAntiSpyware Free Edition
RP1030: 5/28/2010 8:28:21 PM - Software Distribution Service 3.0

==== Installed Programs ======================


1000 Key English Words and Idioms Demo 1.0 Build 9
Ad-Aware SE Personal
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.3
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Hang
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
BufferChm
Canon S500
CCScore
Comcast High-Speed Internet Install Wizard
Conexant AC-Link Audio
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Destinations
DeviceManagementQFolder
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy Internet Sign-up
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
FullDPAppQFolder
HD Tune 2.55
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Help and Support
HP Imaging Device Functions 6.0
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
HP Photosmart Premier Software 6.0
hp psc 1200 series
HP QuickPlay 2.0
HP Rhapsody
HP Software Update
HP User Guides--System Recovery
HP User Guides 0025
HP Wireless Assistant 2.00 C1
HpSdpAppCoreApp
IKEA Home Planner
InstantShareDevices
iTunes
Java™ 6 Update 17
Java™ 6 Update 7
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
LightScribe 1.4.56.1
LimeWire 4.12.4
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Money 2006
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Works
Move Media Player
Mozilla Firefox (3.0.19)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
netbrdg
Notifier
Office 2003 Trial Assistant
OfotoXMI
OptionalContentQFolder
PCDADDIN
PCDHELP
Pdf995
PhotoGallery
Quick Launch Buttons 5.20 G1
Quicken 2006
QuickTime
RandMap
REA's TESTware for the PLT Grades K-6
ReaJPEG Pro 3.9
RealPlayer
Scramble My Words
Scroll Me A Quote
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SFR
SHASTA
SKIN0001
SkinsHP1
SKINXSDK
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
Sony Digital Voice Editor 2
Sophos Anti-Virus
Sophos AutoUpdate
SpywareBlaster v3.5.1
staticcr
SUPERAntiSpyware
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
tooltips
TourSetup
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wohiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wohiper
TurboTax 2009 wrapper
TurboTax Deluxe 2007
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981726)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
VPRINTOL
W Photo Studio
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WIRELESS
Wireless Home Network Setup

==== Event Viewer Messages From Past Week ========

5/29/2010 6:36:38 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
5/28/2010 8:29:50 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
5/28/2010 4:53:03 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
5/27/2010 9:53:18 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/27/2010 9:49:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde ViaIde
5/27/2010 9:49:15 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/27/2010 8:35:51 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/27/2010 6:45:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 eabfiltr Fips SASDIFSV SASKUTIL SAVOnAccessControl SAVOnAccessFilter
5/27/2010 6:44:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2010 6:33:30 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Internet Explorer 8 for Windows XP.
5/27/2010 10:39:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
5/27/2010 10:39:15 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/27/2010 10:08:29 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: The system cannot find the file specified.
5/27/2010 10:07:27 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

==== End Of File ===========================



GMER LOG:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-29 20:46:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KRISTE~1\LOCALS~1\Temp\fwldqpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\disk.sys entry point in ".rsrc" section [0xF755D514]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B3000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[856] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B4000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[856] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B2000C
.text C:\WINDOWS\Explorer.EXE[1176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A
.text C:\WINDOWS\Explorer.EXE[1176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A8000A
.text C:\WINDOWS\Explorer.EXE[1176] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006C000A
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006D000A
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006B000C
.text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00CB000A
.text C:\WINDOWS\system32\svchost.exe[1360] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0096000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Cdfs \Cdfs F76A5400
Device -> \Driver\atapi \Device\Harddisk0\DR0 86ECED01

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BC4F1D0-C954-B15A-C247-27EF0FA54527}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BC4F1D0-C954-B15A-C247-27EF0FA54527}@ialhhnpiiimakdglof 0x69 0x61 0x6C 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BC4F1D0-C954-B15A-C247-27EF0FA54527}@hajhjnolgipecgof 0x69 0x61 0x6C 0x67 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\disk.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Attached Files


Edited by State Or Die, 29 May 2010 - 07:50 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 31 May 2010 - 04:01 PM

Hello, State Or Die.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
(This step may produce a blank log. Let me know if that is the case)
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 State Or Die

State Or Die
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 31 May 2010 - 09:04 PM

Hi AOM -

Thanks for taking the time to help, I have run the requested scans and posted the results below. Not sure if it is relevant or not, but all of these scans have been run in safe mode - since it is the only way that I can connect to the internet. Also, I have to post the GMER log as supplemental posts due to length restrictions on the forum....

Thanks again!

Logfile of random's system information tool 1.07 (written by random/random)
Run by Kristen l at 2010-05-31 20:07:13
Microsoft Windows XP Professional Service Pack 3
System drive C: has 38 GB (46%) free of 81 GB
Total RAM: 1022 MB (58% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1215016801.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2010-01-25 240680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-03 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]
""= []
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-22 405504]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-09-14 185784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-03 149280]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-11 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSmileys]
C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-09-14 185784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-09-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-02-20 282624]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe
hp psc 1000 series.lnk - C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\msmgs.exe"="C:\WINDOWS\system32\msmgs.exe:*:Enabled:Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2215374a-11f9-11db-be84-0014a5a3eeed}]
shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e87b5858-5133-11dd-bf34-0014a5a3eeed}]
shell\AutoRun\command - F:\Ultimate\PStart.exe


======List of files/folders created in the last 1 months======

2010-05-31 20:07:14 ----D---- C:\Program Files\trend micro
2010-05-31 20:07:13 ----D---- C:\rsit
2010-05-27 22:07:49 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-27 18:43:46 ----SHD---- C:\WINDOWS\CSC
2010-05-27 18:43:31 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-27 10:11:56 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-05-26 06:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-12 06:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$

======List of files/folders modified in the last 1 months======

2010-05-31 20:07:14 ----D---- C:\Program Files
2010-05-31 20:03:40 ----D---- C:\Program Files\Mozilla Firefox
2010-05-31 18:21:38 ----D---- C:\WINDOWS\Temp
2010-05-31 13:28:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-31 10:42:08 ----D---- C:\WINDOWS\Prefetch
2010-05-31 09:35:27 ----A---- C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt
2010-05-31 08:29:39 ----D---- C:\WINDOWS\Registration
2010-05-31 08:29:25 ----D---- C:\WINDOWS
2010-05-28 18:23:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-27 22:08:21 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-27 22:07:45 ----SHD---- C:\WINDOWS\Installer
2010-05-27 22:07:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-05-27 22:07:41 ----HD---- C:\Config.Msi
2010-05-27 21:51:13 ----D---- C:\WINDOWS\system32
2010-05-27 21:51:10 ----D---- C:\Program Files\CONEXANT
2010-05-27 21:51:09 ----D---- C:\WINDOWS\system32\drivers
2010-05-27 21:51:01 ----HD---- C:\WINDOWS\inf
2010-05-27 21:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2010-05-27 21:13:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-27 10:12:02 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-05-12 06:37:03 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-05-12 06:36:38 ----A---- C:\WINDOWS\imsins.BAK
2010-05-12 06:36:26 ----D---- C:\Program Files\Outlook Express
2010-05-11 17:42:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-11 17:13:04 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-03 06:43:23 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-28 424320]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
S1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
S1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2009-01-05 110848]
S1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2009-01-05 38528]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1396224]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016]
S3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312]
S3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008]
S3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-05-23 14976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2008-08-21 98304]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
S2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
S2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
S2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-12-22 98304]
S2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-03 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
S2 SAVAdminService;Sophos Anti-Virus status reporter; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2009-10-05 80936]
S2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2009-06-11 172032]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 ICDSPTSV;Sony SPTI Service for DVE; C:\WINDOWS\system32\IcdSptSv.exe [2003-04-01 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------








info.txt logfile of random's system information tool 1.06 2010-05-31 20:07:20

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{510582B9-2633-11D4-99DC-0000F49094C7}\Setup.exe" UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1000 Key English Words and Idioms Demo 1.0 Build 9-->"C:\Program Files\ESL Pro Systems\1000 Key English Words and Idioms Demo\unins000.exe"
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Hang-->MsiExec.exe /I{94279E6D-20DE-4A56-8842-0E281E2AD463}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Canon S500-->C:\WINDOWS\system32\CNMS500.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S500 Installer\Inst\DeIsL1.isu" -pCanon S500-c"C:\BJPrinter\CNMWINDOWS\Canon S500 Installer\Inst\bjinst.dll
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"
HijackThis 1.99.1-->F:\Ultimate\IT Additions\Hijack This\HijackThis.exe /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\HP\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
hp psc 1200 series-->rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series
HP QuickPlay 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0025-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52AE81CB-B786-490E-93CF-240A9891B392}\setup.exe" -l0x9 -removeonly
HP User Guides--System Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 C1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
IKEA Home Planner-->MsiExec.exe /I{B3276CB1-20B6-4AF9-AAEC-E72C83816495}
iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_3f9f5fdf\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
LimeWire 4.12.4-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.19)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
netbrdg-->MsiExec.exe /I{56AB063D-1450-4BDE-9F0D-E9C693429C51}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PCDADDIN-->MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP-->MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
Pdf995-->C:\Program Files\pdf995\setup.exe uninstall
Quick Launch Buttons 5.20 G1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
ReaJPEG Pro 3.9-->"C:\Program Files\ReaSoft\ReaJPEG Pro\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REA's TESTware for the PLT Grades K-6-->MsiExec.exe /I{2B642CEC-5CD4-4DE1-9FE7-E214E10D2765}
Scramble My Words-->MsiExec.exe /I{E6AFB239-B615-481D-B267-ABF2A8572BA1}
Scroll Me A Quote-->MsiExec.exe /I{B3A2337A-E0F4-45B2-A8BC-22D8719D2026}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder-->MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder-->MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Sony Digital Voice Editor 2-->C:\PROGRA~1\SONY\DIGITA~1\UNINST.EXE
Sophos Anti-Virus-->MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
Sophos AutoUpdate-->MsiExec.exe /X{15C418EB-7675-42BE-B2B3-281952DA014D}
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\SASUNINST.EXE" /NOUI
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
TourSetup-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wohiper-->MsiExec.exe /I{AF32FB61-AB9C-423B-A3E0-724A167953D9}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
TurboTax 2009 wohiper-->MsiExec.exe /I{3BAC6780-EAA2-012B-AE74-000000000000}
TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
TurboTax 2009-->C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Outlook 2007 Junk Email Filter (kb981726)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {2C69BACE-1151-41C0-8C8D-F6026D510BD4}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
W Photo Studio-->MsiExec.exe /X{CBF3C503-946E-45EA-B347-EACC41781989}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Home Network Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Security center information======

AV: Sophos Anti-Virus (disabled)
FW: Norton Internet Worm Protection (disabled)

======System event log======

Computer Name: KRISTEN
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.2.6 on the
Network Card with network address 0014A5A3EEED.

Record Number: 54111
Source Name: Dhcp
Time Written: 20100417075146.000000-240
Event Type: error
User:

Computer Name: KRISTEN
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A5A3EEED. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 54110
Source Name: Dhcp
Time Written: 20100417075146.000000-240
Event Type: warning
User:

Computer Name: KRISTEN
Event Code: 20
Message: Printer Driver Send To Microsoft OneNote Driver for Windows NT x86 Version-3 was added or updated. Files:- msonpdrv.dll, msonpui.dll, msonpui.dll.

Record Number: 54003
Source Name: Print
Time Written: 20100414061404.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KRISTEN
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.2.6 on the
Network Card with network address 0014A5A3EEED.

Record Number: 53968
Source Name: Dhcp
Time Written: 20100414060659.000000-240
Event Type: error
User:

Computer Name: KRISTEN
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A5A3EEED. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 53967
Source Name: Dhcp
Time Written: 20100414060659.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: KRISTEN
Event Code: 32
Message: File "C:\Documents and Settings\Kristen l\Local Settings\Application Data\uccgxahqx\ajukehotssd.exe" belongs to virus/spyware 'Mal/FakeAV-AX'.

Record Number: 6548
Source Name: Sophos Anti-Virus
Time Written: 20100527153702.000000-240
Event Type: warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: KRISTEN
Event Code: 32
Message: File "C:\Documents and Settings\Kristen l\Local Settings\Application Data\uccgxahqx\ajukehotssd.exe" belongs to virus/spyware 'Mal/FakeAV-AX'.

Record Number: 6547
Source Name: Sophos Anti-Virus
Time Written: 20100527153700.000000-240
Event Type: warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: KRISTEN
Event Code: 32
Message: File "C:\Documents and Settings\Kristen l\Local Settings\Application Data\uccgxahqx\ajukehotssd.exe" belongs to virus/spyware 'Mal/FakeAV-AX'.

Record Number: 6546
Source Name: Sophos Anti-Virus
Time Written: 20100527153658.000000-240
Event Type: warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: KRISTEN
Event Code: 32
Message: File "C:\Documents and Settings\Kristen l\Local Settings\Application Data\uccgxahqx\ajukehotssd.exe" belongs to virus/spyware 'Mal/FakeAV-AX'.

Record Number: 6545
Source Name: Sophos Anti-Virus
Time Written: 20100527153655.000000-240
Event Type: warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: KRISTEN
Event Code: 32
Message: File "C:\Documents and Settings\Kristen l\Local Settings\Application Data\uccgxahqx\ajukehotssd.exe" belongs to virus/spyware 'Mal/FakeAV-AX'.

Record Number: 6544
Source Name: Sophos Anti-Virus
Time Written: 20100527153653.000000-240
Event Type: warning
User: NT AUTHORITY\LOCAL SERVICE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"PCTYPE"=PAVILION
"PLATFORM"=MCD
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------





#4 State Or Die

State Or Die
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 31 May 2010 - 09:10 PM

GMER LOG PART 1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-31 21:58:46
Windows 5.1.2600 Service Pack 3
Running: cuphgwh3.exe; Driver: C:\DOCUME~1\KRISTE~1\LOCALS~1\Temp\fwldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x805891F1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x805792D1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x8058C5E8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x8058A52C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x80590AA6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x806383F2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x8063A583]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x8063A5CC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x8057A8C4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x80649391]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x80637BAD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x805900C4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlertResumeThread [0x8062FCF4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlertThread [0x8057ADAD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x80591876]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x80626C4D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x805DD479]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateVirtualMemory [0x80568FCA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x805D9817]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x805A253D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x804E2CC4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x8062C4AE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x805C9BB6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x804ECFBC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x80569676]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x805678CD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x80590532]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x8064EC88]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x8058BA4E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x80589F39]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x8064EEF5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwConnectPort [0x8058C63A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x804E2006]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x8065A3C6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x805A2905]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x8056D752]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x80649484]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x8056CF98]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x8058A785]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x805AB234]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x8063019F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x80570833]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x805D9708]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMutant [0x80578217]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x8058412B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x805BBE63]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x80597609]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x805B14AC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x8057FE4C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x80649ABB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x805652B3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x80572620]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x8059F586]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThread [0x80587A3C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x8059E63D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x805A8BDA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x805DB1D4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugActiveProcess [0x8065B541]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x8065B69B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x80566410]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x8058C4E9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x805D80BB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x80595316]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x8063A627]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x80592D64]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x805883AA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x805BF031]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateObject [0x805717C5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x8057D1CB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x80570F41]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x80648E1F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x80589A67]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwExtendSection [0x80625A74]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFilterToken [0x805B0C90]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFindAtom [0x8058BCDE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushBuffersFile [0x8058CB4D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstructionCache [0x80577873]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushKey [0x805DC640]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushVirtualMemory [0x8059AD24]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushWriteBuffer [0x806274AF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x80627002]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeVirtualMemory [0x805698F5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFsControlFile [0x8057AC95]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetContextThread [0x805E04D3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetDevicePowerState [0x8062C4DB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetPlugPlayEvent [0x8059FE35]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetWriteWatch [0x8053B775]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x8059762D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateClientOfPort [0x8058B4BA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateThread [0x8057E821]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeRegistry [0x805A80E6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitiatePowerAction [0x8062C293]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsProcessInJob [0x80630053]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x8062C4C1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwListenPort [0x805AA775]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadDriver [0x805A3B73]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey [0x805AEE7B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey2 [0x805AECB8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockFile [0x8058E224]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockProductActivationKeys [0x805B0E60]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockRegistryKey [0x805D0F87]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockVirtualMemory [0x805B02E2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakePermanentObject [0x8059F9C2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakeTemporaryObject [0x8059F93F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPages [0x80626139]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x8062660D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapViewOfSection [0x80573D41]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x8059112F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeKey [0x8058EA94]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x8058EB5D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenDirectoryObject [0x80589E32]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEvent [0x8057DEC7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEventPair [0x80649577]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenFile [0x8056CF33]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenIoCompletion [0x80616ADF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenJobObject [0x806303F7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x80568D48]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenMutant [0x805782C5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x80595401]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcess [0x805719AC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessToken [0x8056E0CD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessTokenEx [0x8056E2C6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSection [0x805711B4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSemaphore [0x8059F042]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x80589CFE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThread [0x8058E5C4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadToken [0x8056DB6A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadTokenEx [0x8056DADB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTimer [0x806493AD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPlugPlayControl [0x805DB394]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPowerInformation [0x8059CA1E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeCheck [0x805DDA4E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x805DD2E8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x805AA8B8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwProtectVirtualMemory [0x80571E96]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPulseEvent [0x805DB12C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryAttributesFile [0x80574692]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDebugFilterState [0x804F7E5D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultLocale [0x80566B82]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x8057EC87]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryFile [0x805722F6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryObject [0x8058458D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEaFile [0x80616D2C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEvent [0x80589EAF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryFullAttributesFile [0x8057C9FA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationAtom [0x805D7798]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationFile [0x80572E4F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationJobObject [0x80580A8D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationPort [0x80623543]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationProcess [0x8056DD08]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationThread [0x8056BC5D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationToken [0x8056E837]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInstallUILanguage [0x8057E00B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIntervalProfile [0x80649F6B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIoCompletion [0x80616BA0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x80570C4A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMultipleValueKey [0x8064E66B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMutant [0x806498F0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryObject [0x8057F694]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeys [0x8064E875]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPerformanceCounter [0x80567338]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x806175F3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySection [0x8057D6B6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityObject [0x805DD8EE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySemaphore [0x806486EB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x80589B6F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x80648E47]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x80648E0C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformation [0x8057BE20]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemTime [0x8058A5B6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimer [0x805873F2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimerResolution [0x805841F3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x8056A1F9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVirtualMemory [0x8056E3C4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x8056D1DB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThread [0x8058A487]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseException [0x804E204E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseHardError [0x80648427]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFile [0x805742F7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFileScatter [0x805DA8DF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadRequestData [0x8058B7FF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadVirtualMemory [0x8057E4B8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x80588189]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseMutant [0x8056647B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseSemaphore [0x8058BFFA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletion [0x80566F99]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveProcessDebug [0x8065B616]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRenameKey [0x8064EAEA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplaceKey [0x8064F446]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyPort [0x8057CEC4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePort [0x8056BA04]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x8056B51C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReplyPort [0x80623622]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestDeviceWakeup [0x8062C43B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestPort [0x805DD6A4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWaitReplyPort [0x80576EC6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWakeupLatency [0x8062C234]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetEvent [0x8059EC05]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x8053BC0A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRestoreKey [0x8064EFDD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeProcess [0x8062FC94]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeThread [0x805880AF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKey [0x8064F0DE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKeyEx [0x8064F1C9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveMergedKeys [0x8064F2F6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSecureConnectPort [0x805888DA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetContextThread [0x8062E057]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDebugFilterState [0x8065D15E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x805D5707]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultLocale [0x805AE977]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultUILanguage [0x805AE91E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEaFile [0x8061727B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEvent [0x805696C5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEventBoostPriority [0x80575B6E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighEventPair [0x80649877]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x80649797]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationDebugObject [0x8065AFB7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationFile [0x80574B2A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationJobObject [0x805AB388]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationKey [0x8064E1CE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationObject [0x8057DF3D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationProcess [0x8056DDD9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationThread [0x80575756]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationToken [0x805A8772]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIntervalProfile [0x80649A97]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletion [0x8056BEF1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLdtEntries [0x8062ED77]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowEventPair [0x8064980B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x80649723]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetQuotaInformationFile [0x806175C9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSecurityObject [0x8059B1F3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x806490E4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemInformation [0x805A7C5F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemPowerState [0x80667A0B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemTime [0x80647D6F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetThreadExecutionState [0x805E0242]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimer [0x804E57AB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerResolution [0x805E08C8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetUuidSeed [0x805AAA9F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetValueKey [0x80572A6E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetVolumeInformationFile [0x80617B0F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownSystem [0x806474BB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x80517381]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStartProfile [0x80649D02]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStopProfile [0x80649EBB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendProcess [0x8062FC39]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendThread [0x805E053E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSystemDebugControl [0x8064A01B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateJobObject [0x8063056D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateProcess [0x805824CC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateThread [0x8057BA6F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTestAlert [0x80587B96]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTraceEvent [0x80545B28]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTranslateFilePath [0x80648E33]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadDriver [0x80619F32]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey [0x8064DD32]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKeyEx [0x8064DF63]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockFile [0x8058E384]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockVirtualMemory [0x80627525]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnmapViewOfSection [0x805738C6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwVdmControl [0x805B7B07]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForDebugEvent [0x8065AD00]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects [0x805666C6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForSingleObject [0x8056617C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitHighEventPair [0x806496B7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitLowEventPair [0x8064964B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFile [0x80574DD5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFileGather [0x805DA515]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteRequestData [0x8058B9EC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteVirtualMemory [0x8057E60A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwYieldExecution [0x804F0EB6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyedEvent [0x805CBE3D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyedEvent [0x80581818]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseKeyedEvent [0x8064A48F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForKeyedEvent [0x8064A72A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPortInformationProcess [0x8062D835]

INT 0x00 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF350
INT 0x01 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF4CB
INT 0x03 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF89D
INT 0x04 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFA20
INT 0x05 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFB81
INT 0x06 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFD02
INT 0x07 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E036A
INT 0x09 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E078F
INT 0x0A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E08AC
INT 0x0B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E09E9
INT 0x0C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0C42
INT 0x0D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0F38
INT 0x0E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E1662
INT 0x0F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x10 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E1AAC
INT 0x11 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E1BE2
INT 0x12 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x13 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E1D48
INT 0x14 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x15 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x16 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x17 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x18 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x19 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x1A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x1B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x1C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x1D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x1E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x1F \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EFFD0
INT 0x2A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEB92
INT 0x2B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEC95
INT 0x2C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEE34
INT 0x2D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF77C
INT 0x2E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE631
INT 0x2F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E198F
INT 0x30 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDCF0
INT 0x31 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDCFA
INT 0x32 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD04
INT 0x33 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD0E
INT 0x34 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD18
INT 0x35 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD22
INT 0x36 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD2C
INT 0x37 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EF728
INT 0x38 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD40
INT 0x39 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD4A
INT 0x3A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD54
INT 0x3B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD5E
INT 0x3C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD68
INT 0x3D \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806F0B70
INT 0x3E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD7C
INT 0x3F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD86
INT 0x40 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD90
INT 0x41 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806F09CC
INT 0x42 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDA4
INT 0x43 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDAE
INT 0x44 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDB8
INT 0x45 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDC2
INT 0x46 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDCC
INT 0x47 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDD6
INT 0x48 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDE0
INT 0x49 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDEA
INT 0x4A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDF4
INT 0x4B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDDFE
INT 0x4C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE08
INT 0x4D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE12
INT 0x4E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE1C
INT 0x4F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE26
INT 0x50 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EF800
INT 0x51 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE3A
INT 0x52 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE44
INT 0x53 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE4E
INT 0x54 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE58
INT 0x55 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE62
INT 0x56 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE6C
INT 0x57 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE76
INT 0x58 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE80
INT 0x59 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE8A
INT 0x5A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE94
INT 0x5B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE9E
INT 0x5C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEA8
INT 0x5D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEB2
INT 0x5E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEBC
INT 0x5F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEC6
INT 0x60 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDED0
INT 0x61 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEDA
INT 0x62 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F744F67E
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F72CAE54
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F72CAE54
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F72CAE54
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F72CAE54
INT 0x64 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDEF8
INT 0x65 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF02
INT 0x66 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF0C
INT 0x67 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF16
INT 0x68 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF20
INT 0x69 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF2A
INT 0x6A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF34
INT 0x6B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF3E
INT 0x6C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF48
INT 0x6D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF52
INT 0x6E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF5C
INT 0x6F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF66
INT 0x70 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF70
INT 0x71 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF7A
INT 0x72 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF84
INT 0x73 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) F735FE10
INT 0x74 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDF98
INT 0x75 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFA2
INT 0x76 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFAC
INT 0x77 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFB6
INT 0x78 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFC0
INT 0x79 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFCA
INT 0x7A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFD4
INT 0x7B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFDE
INT 0x7C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFE8
INT 0x7D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFF2
INT 0x7E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDFFC
INT 0x7F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE006
INT 0x80 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE010
INT 0x81 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE01A
INT 0x82 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F744F67E
INT 0x83 pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) F74A8046
INT 0x84 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE038
INT 0x85 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE042
INT 0x86 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE04C
INT 0x87 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE056
INT 0x88 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE060
INT 0x89 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE06A
INT 0x8A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE074
INT 0x8B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE07E
INT 0x8C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE088
INT 0x8D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE092
INT 0x8E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE09C
INT 0x8F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0A6
INT 0x90 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0B0
INT 0x91 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0BA
INT 0x92 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0C4
INT 0x93 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F7615495
INT 0x94 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0D8
INT 0x95 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0E2
INT 0x96 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0EC
INT 0x97 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE0F6
INT 0x98 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE100
INT 0x99 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE10A
INT 0x9A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE114
INT 0x9B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE11E
INT 0x9C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE128
INT 0x9D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE132
INT 0x9E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE13C
INT 0x9F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE146
INT 0xA0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE150
INT 0xA1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE15A
INT 0xA2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE164
INT 0xA3 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F761CC90
INT 0xA4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE178
INT 0xA5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE182
INT 0xA6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE18C
INT 0xA7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE196
INT 0xA8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1A0
INT 0xA9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1AA
INT 0xAA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1B4
INT 0xAB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1BE
INT 0xAC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1C8
INT 0xAD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1D2
INT 0xAE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1DC
INT 0xAF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1E6
INT 0xB0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE1F0
INT 0xB1 ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F74E131E
INT 0xB2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE204
INT 0xB3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE20E
INT 0xB4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE218
INT 0xB5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE222
INT 0xB6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE22C
INT 0xB7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE236
INT 0xB8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE240
INT 0xB9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE24A
INT 0xBA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE254
INT 0xBB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE25E
INT 0xBC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE268
INT 0xBD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE272
INT 0xBE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE27C
INT 0xBF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE286
INT 0xC0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE290
INT 0xC1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EF984
INT 0xC2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2A4
INT 0xC3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2AE
INT 0xC4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2B8
INT 0xC5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2C2
INT 0xC6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2CC
INT 0xC7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2D6
INT 0xC8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2E0
INT 0xC9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2EA
INT 0xCA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2F4
INT 0xCB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE2FE
INT 0xCC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE308
INT 0xCD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE312
INT 0xCE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE31C
INT 0xCF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE326
INT 0xD0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE330
INT 0xD1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EED34
INT 0xD2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE344
INT 0xD3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE34E
INT 0xD4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE358
INT 0xD5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE362
INT 0xD6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE36C
INT 0xD7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE376
INT 0xD8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE380
INT 0xD9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE38A
INT 0xDA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE394
INT 0xDB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE39E
INT 0xDC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3A8
INT 0xDD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3B2
INT 0xDE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3BC
INT 0xDF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3C6
INT 0xE0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3D0
INT 0xE1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EFF0C
INT 0xE2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3E4
INT 0xE3 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EFC70
INT 0xE4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE3F8
INT 0xE5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE402
INT 0xE6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE40C
INT 0xE7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE416
INT 0xE8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE420
INT 0xE9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE42A
INT 0xEA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE434
INT 0xEB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE43E
INT 0xEC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE448
INT 0xED \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE452
INT 0xEE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE459
INT 0xEF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE460
INT 0xF0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE467
INT 0xF1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE46E
INT 0xF2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE475
INT 0xF3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE47C
INT 0xF4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE483
INT 0xF5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE48A
INT 0xF6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE491
INT 0xF7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE498
INT 0xF8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE49F
INT 0xF9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4A6
INT 0xFA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4AD
INT 0xFB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4B4
INT 0xFC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4BB
INT 0xFD \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806F0464
INT 0xFE \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806F0604
INT 0xFF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE4D0

SYSENTER \WINDOWS\system32\ntoskrnl.exe 804DE6F0

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!RtlPrefetchMemoryNonTemporal 804DB03D 1 Byte [90]
.text ntoskrnl.exe!KiDispatchInterrupt + 22E 804DBAA2 18 Bytes [E0, 25, 7F, FF, FF, FF, 0F, ...]
.text ntoskrnl.exe!KiDispatchInterrupt + 246 804DBABA 1 Byte [00]
.text ntoskrnl.exe!ZwYieldExecution + C76 804DE8EA 1 Byte [06]
.rsrc C:\WINDOWS\system32\drivers\disk.sys entry point in ".rsrc" section [0xF755D514]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A
.text C:\WINDOWS\Explorer.EXE[1176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A8000A
.text C:\WINDOWS\Explorer.EXE[1176] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A1000C
.text C:\WINDOWS\Explorer.EXE[1176] mswsock.dll!s_perror + FFFDFE86 71A54057 5 Bytes JMP 00BE000C
.text C:\WINDOWS\Explorer.EXE[1176] mswsock.dll!s_perror + FFFE0169 71A5433A 5 Bytes JMP 00AE000C
.text C:\WINDOWS\Explorer.EXE[1176] mswsock.dll!s_perror + FFFE1676 71A55847 5 Bytes JMP 00B8000C
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006C000A
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006D000A
.text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006B000C
.text C:\WINDOWS\system32\svchost.exe[1364] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[1364] WINMM.dll!waveOutOpen 76B45201 6 Bytes [33, C0, 40, C2, 18, 00] {XOR EAX, EAX; INC EAX; RET 0x18}
.text C:\WINDOWS\system32\svchost.exe[1364] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\svchost.exe[1364] mswsock.dll!s_perror + FFFDFE86 71A54057 5 Bytes JMP 006F000C
.text C:\WINDOWS\system32\svchost.exe[1364] mswsock.dll!s_perror + FFFE0169 71A5433A 5 Bytes JMP 001C000C
.text C:\WINDOWS\system32\svchost.exe[1364] mswsock.dll!s_perror + FFFE1676 71A55847 5 Bytes JMP 006E000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1736] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B3000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1736] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B4000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1736] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B2000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1736] mswsock.dll!s_perror + FFFDFE86 71A54057 5 Bytes JMP 00BC000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1736] mswsock.dll!s_perror + FFFE0169 71A5433A 5 Bytes JMP 00BA000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1736] mswsock.dll!s_perror + FFFE1676 71A55847 5 Bytes JMP 00BB000C
UPX1 C:\Documents and Settings\Kristen l\Desktop\cuphgwh3.exe[1832] C:\Documents and Settings\Kristen l\Desktop\cuphgwh3.exe entry point in "UPX1" section [0x004B3F40]





GMER LOG PART II

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \
Device \FileSystem\Mup \Dfs Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\NDIS \Device\Ndis NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000032 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000032 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000032 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000025
Device \Device\00000019
Device \Driver\PnpManager \Device\00000033 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000033 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000033 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios netbios.sys (NetBIOS interface driver/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\AFS2K \Device\OAKAFSUI AFS2K.SYS (Audio File System/Oak Technology Inc.)
Device \Device\00000026
Device \Driver\Tcpip \Device\Ip tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000034
Device \Driver\TermDD \Device\RDP_CONSOLE0 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000040
Device \Device\00000027
Device \Driver\Kbdclass \Device\KeyboardClass0 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Device\Video0
Device \Driver\TermDD \Device\RDP_CONSOLE1 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000041
Device \Device\00000035
Device \Device\00000028
Device \Driver\Kbdclass \Device\KeyboardClass1 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\PnpManager \Device\00000036 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000036 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000036 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video1
Device \Driver\NDProxy \Device\NDProxy NDProxy.SYS (NDIS Proxy/Microsoft Corporation)
Device \Driver\NDProxy \Device\NDProxy ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000042 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000029
Device \Driver\PnpManager \Device\00000037 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000037 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000037 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\RdpDrDvMgr
Device \Device\00000050
Device \Driver\ACPI \Device\00000043 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\0000000a
Device \Driver\PnpManager \Device\00000038 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000038 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000038 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Processor
Device \Driver\Mouclass \Device\PointerClass1 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Compbatt \Device\CompositeBattery compbatt.sys (Composite Battery Driver/Microsoft Corporation)
Device \Driver\Compbatt \Device\CompositeBattery ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000051 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000044
Device \Device\0000000b
Device \Driver\WMIxWDM \Device\WMIDataDevice ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmIoDaemon dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmIoDaemon ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmConfig dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmConfig ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmPnP dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmPnP ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\dmio \Device\DmControl\DmInfo dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software)
Device \Driver\dmio \Device\DmControl\DmInfo ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\i
Device \FileSystem\RAW \Device\RawTape ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\rdpdr \Device\RdpDrPort rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\ACPI \Device\00000054 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\IpNat \Device\IPNAT ipnat.sys (IP Network Address Translator/Microsoft Corporation)
Device \Driver\IpNat \Device\IPNAT ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000055 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PSched \Device\PSched NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\GEARAspiWDM \Device\GEARAspiWDMDevice GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.)
Device \Driver\ACPI \Device\00000048 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Tcpip \Device\Tcp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\AsyncMac \Device\{068B4B2A-6138-4EB9-BCEB-E0581B3B9BF5} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0003 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0003 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0004 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0004 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\usbhub \Device\00000070 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000070 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\rdpdr \Device\RdpDr rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0005 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0005 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\usbhub \Device\00000071 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000071 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000058 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume2 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\BCM43XX \Device\{EA027B51-6232-4C61-89B0-FA72C5FEE344} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\fwldqpoc \Device\fwldqpoc fwldqpoc.sys
Device \Driver\fwldqpoc \Device\fwldqpoc ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\Termdd termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000072 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000072 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel1-1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel1-1 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Device\Ide\PciIde0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume3 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume3 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\RasPppoe \Device\{92D33CB7-FEEF-4FDB-BA6A-12006C7D8282} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002e ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002e ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002e ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPIEC \Device\ACPIEC ACPIEC.sys (ACPI Embedded Controller Driver/Microsoft Corporation)
Device \Driver\ACPIEC \Device\ACPIEC ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002f ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002f ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000002f ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0016 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0016 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\Pcmcia \Device\Pcmcia0 pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation)
Device \Driver\Pcmcia \Device\Pcmcia0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000003c ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000003c hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0017 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0017 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\0000003e ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000003f ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PSched \Device\{868316FB-20DB-4A36-B88C-E3986BE673EC} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\isapnp \Device\0000004d isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation)
Device \Driver\isapnp \Device\0000004d ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager MountMgr.sys (Mount Manager/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\Srv \Device\LanmanServer srv.sys (Server driver/Microsoft Corporation)
Device \FileSystem\Mup \Device\Mup Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Device\Harddisk0\DP(3)0x1709e2fc00-0x40398600+3
Device \Device\Harddisk0\DP(2)0x13db110000-0x32ed1fc00+2
Device \Driver\Disk \Device\Harddisk0\DR0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Harddisk0\DP(1)0x7e00-0x13da930000+1
Device \Driver\Tcpip \Device\RawIp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWanIp NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\AsyncMac \Device\ASYNCMAC NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ipsec.sys (IPSec Driver/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000004 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000004 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000004 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PptpMiniport \Device\{BCEB1743-6125-43D8-A119-62CCE85B889C} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWan NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006e ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\dmload \Device\DmLoader dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.)
Device \Driver\dmload \Device\DmLoader ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \Driver\Gpc \Device\Gpc msgpc.sys (MS General Packet Classifier/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006f ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\AFD \Device\Afd afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000030 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000030 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000030 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\{A47DC621-B44F-48CA-92CD-DD5736CB404A} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \FileSystem\Mup \Device\WinDfs\Root Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\Filters\SystemRestore
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs F6A69400
Device \FileSystem\Cdfs \Cdfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 86ECED01

---- Modules - GMER 1.0.15 ----

Module \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804D7000-806EDA80 (2189952 bytes)
Module \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806EE000-8070E300 (131840 bytes)
Module \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation) F7A25000-F7A27000 (8192 bytes)
Module \WINDOWS\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) F7935000-F7938000 (12288 bytes)
Module ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F74D6000-F7504000 (188416 bytes)
Module \WINDOWS\system32\DRIVERS\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) F7A27000-F7A29000 (8192 bytes)
Module pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) F74C5000-F74D6000 (69632 bytes)
Module isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) F7525000-F752F000 (40960 bytes)
Module compbatt.sys (Composite Battery Driver/Microsoft Corporation) F7939000-F793C000 (12288 bytes)
Module \WINDOWS\system32\DRIVERS\BATTC.SYS (Battery Class Driver/Microsoft Corporation) F793D000-F7941000 (16384 bytes)
Module pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F7AED000-F7AEE000 (4096 bytes)
Module \WINDOWS\system32\DRIVERS\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) F77A5000-F77AC000 (28672 bytes)
Module intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) F7A29000-F7A2B000 (8192 bytes)
Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F7A2B000-F7A2D000 (8192 bytes)
Module aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) F7A2D000-F7A2F000 (8192 bytes)
Module pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) F74A7000-F74C5000 (122880 bytes)
Module MountMgr.sys (Mount Manager/Microsoft Corporation) F7535000-F7540000 (45056 bytes)
Module ftdisk.sys (FT Disk Driver/Microsoft Corporation) F7488000-F74A7000 (126976 bytes)
Module dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) F7A2F000-F7A31000 (8192 bytes)
Module dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) F7462000-F7488000 (155648 bytes)
Module ACPIEC.sys (ACPI Embedded Controller Driver/Microsoft Corporation) F7941000-F7944000 (12288 bytes)
Module \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS (ACPI Operation Registration Driver/Microsoft Corporation) F7AEE000-F7AEF000 (4096 bytes)
Module PartMgr.sys (Partition Manager/Microsoft Corporation) F77AD000-F77B2000 (20480 bytes)
Module VolSnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) F7545000-F7552000 (53248 bytes)
Module atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F744A000-F7462000 (98304 bytes)
Module disk.sys (PnP Disk Driver/Microsoft Corporation) F7555000-F755E000 (36864 bytes)
Module \WINDOWS\system32\DRIVERS\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) F7565000-F7572000 (53248 bytes)
Module fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) F742A000-F744A000 (131072 bytes)
Module sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) F7418000-F742A000 (73728 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7575000-F757E000 (36864 bytes)
Module KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation) F7401000-F7418000 (94208 bytes)
Module Ntfs.sys (NT File System Driver/Microsoft Corporation) F7374000-F7401000 (577536 bytes)
Module NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) F7347000-F7374000 (184320 bytes)
Module Serial.sys (Serial Device Driver/Microsoft Corporation) F7585000-F7595000 (65536 bytes)
Module ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) F7595000-F75A5000 (65536 bytes)
Module \WINDOWS\system32\DRIVERS\1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation) F75A5000-F75B3000 (57344 bytes)
Module Mup.sys (Multiple UNC Provider driver/Microsoft Corporation) F732D000-F7347000 (106496 bytes)
Module \SystemRoot\system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) F79B5000-F79B8000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) F77D5000-F77DA000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F72B0000-F72D4000 (147456 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) F77ED000-F77F5000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) F75D5000-F75E0000 (45056 bytes)
Module \SystemRoot\System32\Drivers\AFS2K.SYS (Audio File System/Oak Technology Inc.) F75E5000-F75EE000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) F75F5000-F7605000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) F7605000-F7614000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation) F728D000-F72B0000 (143360 bytes)
Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F784D000-F7853000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F7615000-F7622000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) F7875000-F787B000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) F725E000-F728D000 (192512 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) F7A33000-F7A35000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) F78B5000-F78BB000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\bcmwl5.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corporation) F71F6000-F725E000 (425984 bytes)
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) F7625000-F7632000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) F79CD000-F79D0000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) F71DF000-F71F6000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) F7635000-F7640000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) F7645000-F7651000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) F780D000-F7812000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) F71CE000-F71DF000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) F7655000-F765E000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F7835000-F783A000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) F7845000-F784A000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) F719E000-F71CE000 (196608 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) F7665000-F766F000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) F7A39000-F7A3B000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) F7140000-F719E000 (385024 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) F79F5000-F79F9000 (16384 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation) F7675000-F767F000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) F7685000-F7694000 (61440 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) F7A41000-F7A43000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) F7BF1000-F7BF2000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) F7A45000-F7A47000 (8192 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) F77F5000-F77FB000 (24576 bytes)
Module \SystemRoot\System32\drivers\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) F703C000-F7050000 (81920 bytes)
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) F7A49000-F7A4B000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) F781D000-F7822000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) F782D000-F7835000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) F72EC000-F72EF000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) F7009000-F701C000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) F6FB0000-F7009000 (364544 bytes)
Module \SystemRoot\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) F6F88000-F6FB0000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) F6F62000-F6F88000 (155648 bytes)
Module \SystemRoot\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) F6F40000-F6F62000 (139264 bytes)
Module \SystemRoot\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) F7695000-F769E000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) F6F15000-F6F40000 (176128 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) F6EA5000-F6F15000 (458752 bytes)
Module \SystemRoot\System32\Drivers\Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) F6E81000-F6EA5000 (147456 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) BF800000-BF9C4000 (1851392 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) F7060000-F7063000 (12288 bytes)
Module \SystemRoot\System32\watchdog.sys (Watchdog Driver/Microsoft Corporation) F791D000-F7922000 (20480 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) BF9C4000-BF9D6000 (73728 bytes)
Module \SystemRoot\System32\drivers\dxgthk.sys (DirectX Graphics Driver Thunk/Microsoft Corporation) F7C77000-F7C78000 (4096 bytes)
Module \SystemRoot\System32\framebuf.dll (Framebuffer Display Driver/Microsoft Corporation) BFF50000-BFF53000 (12288 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \SystemRoot\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) F6AF1000-F6AF5000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) F691A000-F6971000 (356352 bytes)
Module \SystemRoot\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) F6D39000-F6D3D000 (16384 bytes)
Module \??\C:\DOCUME~1\KRISTE~1\LOCALS~1\Temp\fwldqpoc.sys (GMER) F66AB000-F66C2000 (94208 bytes)
Module \SystemRoot\System32\Drivers\Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) F6A69000-F6A79000 (65536 bytes)
Module \WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 7C900000-7C9B2000 (729088 bytes)

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process C:\WINDOWS\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation) 500
Library C:\WINDOWS\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation) 0x48580000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000

Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 556
Library C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x4A680000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x75B40000
Library C:\WINDOWS\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x75B50000
Library C:\WINDOWS\system32\winsrv.dll (Windows Server DLL/Microsoft Corporation) 0x75B60000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x7E720000

Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 580
Library C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\NDdeApi.dll (Network DDE Share Management APIs/Microsoft Corporation) 0x75940000
Library C:\WINDOWS\system32\PROFMAP.dll (Userenv/Microsoft Corporation) 0x75930000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\REGAPI.dll (Registry Configuration APIs/Microsoft Corporation) 0x76BC0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\MSGINA.dll (Windows NT Logon GINA DLL/Microsoft Corporation) 0x75970000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x74320000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\odbcint.dll (Microsoft Data Access - ODBC Resources/Microsoft Corporation) 0x00640000
Library C:\WINDOWS\system32\SHSVCS.dll (Windows Shell Services Dll/Microsoft Corporation) 0x776E0000
Library C:\WINDOWS\system32\sfc.dll (Windows File Protection/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\sfc_os.dll (Windows File Protection/Microsoft Corporation) 0x76C60000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\WINSCARD.DLL (Microsoft Smart Card API/Microsoft Corporation) 0x723D0000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware WinLogon Processor/SUPERAntiSpyware.com) 0x10000000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\Ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.) 0x00DF0000
Library C:\WINDOWS\system32\cscdll.dll (Offline Network Agent/Microsoft Corporation) 0x76600000
Library C:\WINDOWS\System32\dimsntfy.dll (DIMS Notification Handler/Microsoft Corporation) 0x47020000
Library C:\WINDOWS\system32\WlNotify.dll (Common DLL to receive Winlogon notifications/Microsoft Corporation) 0x75950000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A20000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x015A0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74EF0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74ED0000
Library C:\WINDOWS\system32\wbem\fastprox.dll (WMI/Microsoft Corporation) 0x75690000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000

Process C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 624
Library C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5F770000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\SCESRV.dll (Windows Security Configuration Editor Engine/Microsoft Corporation) 0x7DBD0000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\umpnpmgr.dll (User-mode Plug-and-Play Service/Microsoft Corporation) 0x7DBA0000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcAdProc.dll (Windows Compatibility DLL/Microsoft Corporation) 0x47260000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\eventlog.dll (Event Logging Service/Microsoft Corporation) 0x77B70000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 636
Library C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation) 0x75730000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\SAMSRV.dll (SAM Server DLL/Microsoft Corporation) 0x74440000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\msprivs.dll (Microsoft Privilege Translations/Microsoft Corporation) 0x4D200000
Library C:\WINDOWS\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x71CF0000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\netlogon.dll (Net Logon Services DLL/Microsoft Corporation) 0x744B0000
Library C:\WINDOWS\system32\w32time.dll (Windows Time Service/Microsoft Corporation) 0x767C0000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767F0000
Library C:\WINDOWS\system32\wdigest.dll (Microsoft Digest Access/Microsoft Corporation) 0x7DFC0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\scecli.dll (Windows Security Configuration Editor Client Engine/Microsoft Corporation) 0x74410000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\dssenh.dll (Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider/Microsoft Corporation) 0x68100000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 784
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x76A80000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x00810000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library c:\windows\system32\termsrv.dll (Terminal Server Service/Microsoft Corporation) 0x760F0000
Library c:\windows\system32\ICAAPI.dll (DLL Interface to TermDD Device Driver/Microsoft Corporation) 0x74F70000
Library c:\windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library c:\windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library c:\windows\system32\mstlsapi.dll (Microsoft® Terminal Server Licensing/Microsoft Corporation) 0x75110000
Library c:\windows\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x77CC0000
Library c:\windows\system32\adsldpc.dll (ADs LDAP Provider C DLL/Microsoft Corporation) 0x76E10000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\WINDOWS\system32\REGAPI.dll (Registry Configuration APIs/Microsoft Corporation) 0x76BC0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 868
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x76A80000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x00810000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000

Process C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Performs virus scanning and disinfection functions/Sophos Plc) 988
Library C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Performs virus scanning and disinfection functions/Sophos Plc) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\Program Files\Sophos\Sophos Anti-Virus\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3A0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x00900000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\Program Files\Sophos\Sophos Anti-Virus\ComponentManager.dll (ComponentManager component/Sophos Plc) 0x56460000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x7E720000
Library C:\Program Files\Sophos\Sophos Anti-Virus\AuthorisedLists.dll (Manages lists of authorised and/or blocked applications and files/Sophos Plc) 0x55290000
Library C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanning.dll (Background (silent) scanning components/Sophos Plc) 0x564C0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\BHOManagement.dll (Browser Helper Object management components/Sophos Plc) 0x553E0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\Configuration.dll (Configuration Node, Manager and other components/Sophos Plc) 0x563A0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\Localisation.dll (Components for localisation support/Sophos Plc) 0x55DD0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\Logging.dll (Logging and messaging components/Sophos Plc) 0x55C80000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\ThreatManagement.dll (Threat Management components/Sophos Plc) 0x55590000
Library C:\Program Files\Sophos\Sophos Anti-Virus\DCManagement.dll (Device control management/Sophos Plc) 0x55270000
Library C:\Program Files\Sophos\Sophos Anti-Virus\DriveProcessor.dll (Drive processing components/Sophos Plc) 0x56220000
Library C:\Program Files\Sophos\Sophos Anti-Virus\ICProcessors.dll (SAVOnAccess Processors/Sophos Plc) 0x55EC0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\FilterProcessors.dll (Exclusion and Extension Filter/Sophos Plc) 0x56100000
Library C:\Program Files\Sophos\Sophos Anti-Virus\FSDecomposer.dll (File system decomposer (directory walker)/Sophos Plc) 0x560A0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\ICManagement.dll (On access scanning management components/Sophos Plc) 0x55F80000
Library C:\Program Files\Sophos\Sophos Anti-Virus\ScanManagement.dll (Components that control scan start/stop and issue important events/Sophos Plc) 0x55860000
Library C:\Program Files\Sophos\Sophos Anti-Virus\Persistance.dll (Persistance support components/Sophos Plc) 0x55C20000
Library C:\Program Files\Sophos\Sophos Anti-Virus\VirusDetection.dll (Virus Detection components/Sophos Plc) 0x55410000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\Program Files\Sophos\Sophos Anti-Virus\ScanEditFacade.dll (Components that help setting up scans/Sophos Plc) 0x55920000
Library C:\Program Files\Sophos\Sophos Anti-Virus\ThreatDetection.dll (Threat Detection core components/Sophos Plc) 0x55650000
Library C:\Program Files\Sophos\Sophos Anti-Virus\SIPSManagement.dll (SIPS management components/Sophos Plc) 0x55350000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\SystemInformation.dll (Supplies information about SAV version, virus data version, etc./Sophos Plc) 0x55740000
Library C:\Program Files\Sophos\Sophos Anti-Virus\Translators.dll (Configuration translators make handling of configuration data easier/Sophos Plc) 0x554D0000
Library c:\WINDOWS\system32\msxml4.dll (MSXML 4.0 SP 2/Microsoft Corporation) 0x69B10000
Library C:\Program Files\Sophos\Sophos Anti-Virus\Security.dll (User access handling components/Sophos Plc) 0x55800000
Library C:\Program Files\Sophos\Sophos Anti-Virus\EEConsumer.dll (ES Events/Sophos Plc) 0x561C0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\LegacyConsumers.dll (Legacy alerting components/Sophos Plc) 0x55E30000
Library C:\WINDOWS\system32\wsnmp32.dll (Microsoft WinSNMP v2.0 Manager API/Microsoft Corporation) 0x72010000
Library C:\Program Files\Sophos\Sophos Anti-Virus\SAVI.dll (Sophos Anti-Virus interface DLL/Sophos Group) 0x58EB0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\OSDP.DLL (Sophos Anti-Virus O/S support DLL/Sophos Group) 0x58FA0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\VEEX.DLL (Sophos Anti-Virus detection engine DLL/Sophos Group) 0x589A0000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\Program Files\Sophos\Sophos Anti-Virus\ICAdapter.dll (On access scanning interface components/Sophos Plc) 0x56040000

Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1176
Library C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\BROWSEUI.dll (Shell Browser UI Library/Microsoft Corporation) 0x75F80000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\SHDOCVW.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x7E290000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x754D0000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\wsock32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (GrooveShellExtensions Module/Microsoft Corporation) 0x00CB0000
Library C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL (GrooveUtil Module/Microsoft Corporation) 0x68EF0000

GMER LOG PART III


Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL (GrooveNew Module/Microsoft Corporation) 0x68FF0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL (ATL Module for Windows (Unicode)/Microsoft Corporation) 0x7C630000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\MSImg32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76380000
Library C:\WINDOWS\System32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A20000
Library C:\WINDOWS\System32\CSCDLL.dll (Offline Network Agent/Microsoft Corporation) 0x76600000
Library C:\WINDOWS\system32\themeui.dll (Windows Theme API/Microsoft Corporation) 0x5BA60000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x01100000
Library C:\WINDOWS\system32\msutb.dll (MSUTB Server DLL/Microsoft Corporation) 0x5FC10000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\WINDOWS\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x76980000
Library C:\WINDOWS\system32\ntshrui.dll (Shell extensions for sharing/Microsoft Corporation) 0x76990000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (GrooveSystemServices Module/Microsoft Corporation) 0x65E50000
Library C:\WINDOWS\system32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x74980000
Library C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll (GrooveMisc Module/Microsoft Corporation) 0x66B50000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x7E1E0000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINDOWS\System32\drprov.dll (Microsoft Terminal Server Network Provider/Microsoft Corporation) 0x75F60000
Library C:\WINDOWS\System32\ntlanman.dll (Microsoft® Lan Manager/Microsoft Corporation) 0x71C10000
Library C:\WINDOWS\System32\NETUI0.dll (NT LM UI Common Code - GUI Classes/Microsoft Corporation) 0x71CD0000
Library C:\WINDOWS\System32\NETUI1.dll (NT LM UI Common Code - Networking classes/Microsoft Corporation) 0x71C90000
Library C:\WINDOWS\System32\NETRAP.dll (Net Remote Admin Protocol DLL/Microsoft Corporation) 0x71C80000
Library C:\WINDOWS\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\System32\davclnt.dll (Web DAV Client DLL/Microsoft Corporation) 0x75F70000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x7E720000
Library C:\WINDOWS\system32\shdoclc.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x71800000
Library C:\WINDOWS\system32\browselc.dll (Shell Browser UI Library/Microsoft Corporation) 0x71600000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1364
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\wsock32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x008D0000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library c:\windows\system32\dhcpcsvc.dll (DHCP Client Service/Microsoft Corporation) 0x7D4B0000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library c:\windows\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\atl.dll (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library c:\windows\system32\wzcsvc.dll (Wireless Zero Configuration Service/Microsoft Corporation) 0x7DB10000
Library c:\windows\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E80000
Library c:\windows\system32\WMI.dll (WMI DC and DP functionality/Microsoft Corporation) 0x76D30000
Library c:\windows\system32\EapolQec.dll (Microsoft EAPOL NAP Enforcement Client/Microsoft Corporation) 0x72810000
Library c:\windows\system32\QUtil.dll (Quarantine Utilities/Microsoft Corporation) 0x726C0000
Library c:\windows\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library c:\windows\system32\dot3api.dll (802.3 Autoconfiguration API/Microsoft Corporation) 0x478C0000
Library c:\windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library c:\windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library c:\windows\system32\ESENT.dll (Server Database Storage Engine/Microsoft Corporation) 0x606B0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\System32\rastls.dll (Remote Access PPP EAP-TLS/Microsoft Corporation) 0x76B70000
Library C:\WINDOWS\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x754D0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x76D40000
Library C:\WINDOWS\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x77CC0000
Library C:\WINDOWS\system32\adsldpc.dll (ADs LDAP Provider C DLL/Microsoft Corporation) 0x76E10000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\RASAPI32.dll (Remote Access API/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E90000
Library C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation) 0x76EB0000
Library C:\WINDOWS\system32\SCHANNEL.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767F0000
Library C:\WINDOWS\system32\WinSCard.dll (Microsoft Smart Card API/Microsoft Corporation) 0x723D0000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\System32\raschap.dll (Remote Access PPP CHAP/Microsoft Corporation) 0x76BD0000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library c:\windows\system32\wkssvc.dll (Workstation Service DLL/Microsoft Corporation) 0x76E40000
Library c:\windows\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\System32\WZCSAPI.DLL (Wireless Zero Configuration service API/Microsoft Corporation) 0x73030000
Library c:\windows\system32\cryptsvc.dll (Cryptographic Services/Microsoft Corporation) 0x76CE0000
Library c:\windows\system32\certcli.dll (Microsoft® Certificate Services Client/Microsoft Corporation) 0x77B90000
Library c:\windows\system32\wbem\wmisvc.dll (WMI/Microsoft Corporation) 0x59490000
Library C:\WINDOWS\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x753E0000
Library c:\windows\system32\srsvc.dll (System Restore Service/Microsoft Corporation) 0x751A0000
Library c:\windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74AD0000
Library c:\windows\system32\netman.dll (Network Connections Manager/Microsoft Corporation) 0x77D00000
Library c:\windows\system32\netshell.dll (Network Connections Shell/Microsoft Corporation) 0x76400000
Library c:\windows\system32\credui.dll (Credential Manager User Interface/Microsoft Corporation) 0x76C00000
Library c:\windows\system32\dot3dlg.dll (802.3 UI Helper/Microsoft Corporation) 0x736D0000
Library c:\windows\system32\OneX.DLL (IEEE 802.1X supplicant library/Microsoft Corporation) 0x5DCA0000
Library c:\windows\system32\eappcfg.dll (Eap Peer Config/Microsoft Corporation) 0x745B0000
Library c:\windows\system32\eappprxy.dll (Microsoft EAPHost Peer Client DLL/Microsoft Corporation) 0x5DCD0000
Library c:\windows\system32\srvsvc.dll (Server Service DLL/Microsoft Corporation) 0x75090000
Library c:\windows\pchealth\helpctr\binaries\pchsvc.dll (Microsoft PCHealth Service Holder/Microsoft Corporation) 0x74F40000
Library c:\windows\system32\dmserver.dll (Logical Disk Manager service dll/Microsoft Corp.) 0x74F90000
Library c:\windows\system32\ipnathlp.dll (Microsoft NAT Helper Components/Microsoft Corporation) 0x66460000
Library c:\windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library C:\WINDOWS\system32\winspool.drv (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library c:\windows\system32\browser.dll (Computer Browser Service DLL/Microsoft Corporation) 0x76DA0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINDOWS\System32\Wbem\wbemcore.dll (WMI/Microsoft Corporation) 0x762C0000
Library C:\WINDOWS\System32\Wbem\esscli.dll (WMI/Microsoft Corporation) 0x75310000
Library C:\WINDOWS\System32\Wbem\FastProx.dll (WMI/Microsoft Corporation) 0x75690000
Library C:\WINDOWS\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x75020000
Library C:\WINDOWS\system32\wbem\repdrvfs.dll (WMI/Microsoft Corporation) 0x75200000
Library C:\WINDOWS\system32\wbem\wmiprvsd.dll (WMI/Microsoft Corporation) 0x3F1E0000
Library C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5F770000
Library C:\WINDOWS\system32\wbem\wbemess.dll (WMI/Microsoft Corporation) 0x75390000
Library C:\WINDOWS\system32\netcfgx.dll (Network Configuration Objects/Microsoft Corporation) 0x755F0000
Library C:\WINDOWS\system32\CLUSAPI.dll (Cluster API Library/Microsoft Corporation) 0x76D10000
Library C:\WINDOWS\system32\rasmans.dll (Remote Access Connection Manager/Microsoft Corporation) 0x7DF30000
Library C:\WINDOWS\system32\Sens.dll (System Event Notification Service (SENS)/Microsoft Corporation) 0x722D0000
Library C:\WINDOWS\system32\WINIPSEC.DLL (Windows IPSec SPD Client DLL/Microsoft Corporation) 0x74370000
Library C:\WINDOWS\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x5F740000
Library C:\WINDOWS\system32\mlang.dll (Multi Language Support DLL/Microsoft Corporation) 0x75CF0000
Library C:\WINDOWS\System32\xmlprovi.dll (Network Provisioning Service Client API/Microsoft Corporation) 0x4CB90000
Library C:\WINDOWS\system32\shdocvw.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x7E290000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x7E720000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x7E1E0000
Library C:\WINDOWS\system32\shdoclc.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x71800000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\mshtml.dll (Microsoft ® HTML Viewer/Microsoft Corporation) 0x7DC30000
Library C:\WINDOWS\system32\msls31.dll (Microsoft Line Services library file/Microsoft Corporation) 0x746C0000
Library C:\WINDOWS\system32\JScript.dll (Microsoft ® JScript/Microsoft Corporation) 0x75C50000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\ImgUtil.dll (IE plugin image decoder support DLL/Microsoft Corporation) 0x66880000
Library C:\WINDOWS\system32\ddrawex.dll (Direct Draw Ex/Microsoft Corporation) 0x6D430000
Library C:\WINDOWS\system32\DDRAW.dll (Microsoft DirectDraw/Microsoft Corporation) 0x73760000
Library C:\WINDOWS\system32\DCIMAN32.dll (DCI Manager/Microsoft Corporation) 0x73BC0000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74ED0000
Library C:\WINDOWS\system32\dssenh.dll (Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider/Microsoft Corporation) 0x68100000
Library C:\WINDOWS\system32\cryptnet.dll (Crypto Network Related API/Microsoft Corporation) 0x75E60000
Library C:\WINDOWS\system32\SensApi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x722B0000
Library C:\WINDOWS\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x4D4F0000
Library C:\WINDOWS\system32\Cabinet.dll (Microsoft® Cabinet File API/Microsoft Corporation) 0x75150000
Library C:\WINDOWS\system32\xpsp3res.dll (Service Pack 3 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\wmp.dll (Windows Media Player Core/Microsoft Corporation) 0x05980000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x4EC50000
Library C:\WINDOWS\system32\MSVFW32.dll (Microsoft Video for Windows DLL/Microsoft Corporation) 0x75A70000
Library C:\WINDOWS\system32\wmploc.dll (Windows Media Player/Microsoft Corporation) 0x08270000
Library C:\WINDOWS\system32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x74980000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINDOWS\system32\mscoree.dll (Microsoft .NET Runtime Execution Engine/Microsoft Corporation) 0x79000000
Library c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll (Microsoft .NET IE MIME Filter/Microsoft Corporation) 0x63F00000
Library C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx (Adobe Flash Player 9.0 r46/Adobe Systems, Inc.) 0x30000000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\mshtmled.dll (Microsoft ® HTML Editing Component/Microsoft Corporation) 0x76200000
Library C:\WINDOWS\system32\pngfilt.dll (IE PNG plugin image decoder/Microsoft Corporation) 0x5E310000
Library C:\WINDOWS\system32\VBScript.dll (Microsoft ® VBScript/Microsoft Corporation) 0x73300000
Library C:\WINDOWS\system32\Macromed\Common\SwSupport.dll (Director Support/Adobe Systems, Inc.) 0x69000000
Library C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll (Microsoft Vector Graphics Rendering(VML)/Microsoft Corporation) 0x5DE30000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1424
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library c:\windows\system32\dnsrslvr.dll (DNS Caching Resolver Service/Microsoft Corporation) 0x76770000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library c:\windows\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1436
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x00810000
Library c:\windows\system32\lmhsvc.dll (TCPIP NetBios Transport Services DLL/Microsoft Corporation) 0x74C40000
Library c:\windows\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000

Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 1588
Library C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\WINDOWS\system32\MSUTB.dll (MSUTB Server DLL/Microsoft Corporation) 0x5FC10000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000

Process C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 1736
Library C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x60490000
Library C:\Program Files\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x60210000
Library C:\Program Files\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft ® C/C++ Runtime Library/Mozilla Foundation) 0x60000000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\Program Files\Mozilla Firefox\js3250.dll (Netscape 32-bit JavaScript Module/Netscape Communications Corporation) 0x60100000
Library C:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x600B0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x60420000
Library C:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x60340000
Library C:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x603E0000
Library C:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x600F0000
Library C:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x600E0000
Library C:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x60400000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINDOWS\system32\COMDLG32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\IMM32.dll (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76380000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\Program Files\Mozilla Firefox\xpcom.dll (Mozilla Foundation) 0x60E00000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\dbghelp.dll (Windows Image Helper/Microsoft Corporation) 0x59A60000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll (Mozilla Foundation) 0x601B0000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\rasapi32.dll (Remote Access API/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E90000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation) 0x76EB0000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E80000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x01C00000
Library C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll (Mozilla Foundation) 0x601C0000
Library C:\WINDOWS\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (GrooveShellExtensions Module/Microsoft Corporation) 0x02300000
Library C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL (GrooveUtil Module/Microsoft Corporation) 0x68EF0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL (GrooveNew Module/Microsoft Corporation) 0x68FF0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL (ATL Module for Windows (Unicode)/Microsoft Corporation) 0x7C630000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (GrooveSystemServices Module/Microsoft Corporation) 0x65E50000
Library C:\WINDOWS\system32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x74980000
Library C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (ShellExecuteHook/SuperAdBlocker.com) 0x10000000
Library C:\Program Files\Mozilla Firefox\softokn3.dll (NSS PKCS #11 Library/Mozilla Foundation) 0x602F0000
Library C:\Program Files\Mozilla Firefox\nssdbm3.dll (Legacy Database Driver/Mozilla Foundation) 0x60320000
Library C:\Program Files\Mozilla Firefox\freebl3.dll (NSS freebl Library/Mozilla Foundation) 0x60440000
Library C:\Program Files\Mozilla Firefox\nssckbi.dll (NSS Builtin Trusted Root CAs/Mozilla Foundation) 0x602A0000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\shdocvw.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x7E290000
Library C:\WINDOWS\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x754D0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\System32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A20000
Library C:\WINDOWS\System32\CSCDLL.dll (Offline Network Agent/Microsoft Corporation) 0x76600000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x7E1E0000

Process C:\Documents and Settings\Kristen l\Desktop\cuphgwh3.exe 1832
Library C:\Documents and Settings\Kristen l\Desktop\cuphgwh3.exe 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x771B0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\COMCTL32.DLL (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\VERSION.DLL (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000

---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service C:\WINDOWS\system32\DRIVERS\ACPIEC.sys (ACPI Embedded Controller Driver/Microsoft Corporation) [BOOT] ACPIEC
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service (Audio File System/Oak Technology Inc.) [SYSTEM] AFS2K
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service C:\WINDOWS\system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [BOOT] AliIde
Service C:\WINDOWS\system32\DRIVERS\AmdK8.sys (AMD Processor Driver/Advanced Micro Devices) [SYSTEM] AmdK8
Service [DISABLED] amsint
Service C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service C:\WINDOWS\system32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) [MANUAL] Arp1394
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASP.NET
Service ASP.NET_1.1.4322
Service ASP.NET_2.0.50727
Service Aspi32
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) [AUTO] Ati HotKey Poller
Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) [MANUAL] ati2mtag
Service Atierecord
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service (Battery Class Driver/Microsoft Corporation) BattC
Service C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corporation) [MANUAL] BCM43XX
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service C:\WINDOWS\System32\Drivers\btwusb.sys (Driver for Bluetooth USB Devices/Broadcom Corporation.) [MANUAL] BTWUSB
Service C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant WDM AC97 Audio Driver/Conexant Systems Inc.) [MANUAL] CAMCAUD
Service C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant AmcHal Driver/Conexant Systems Inc.) [MANUAL] CAMCHALA
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [DISABLED] ClipSrv
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service C:\WINDOWS\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt
Service [DISABLED] CmdIde
Service C:\WINDOWS\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service DcCam
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe (Logical Disk Manager service process/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [BOOT] dmload
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\WINDOWS\system32\drivers\EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) [SYSTEM] eabfiltr
Service C:\WINDOWS\system32\drivers\eabusb.sys (QLB USB Keyboard filter driver/Hewlett-Packard Development Company, L.P.) [MANUAL] eabusb
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\WINDOWS\eHome\ehRecvr.exe (Media Center Receiver Service/Microsoft Corporation) [AUTO] ehRecvr
Service C:\WINDOWS\eHome\ehSched.exe (Media Center Scheduler Service/Microsoft Corporation) [AUTO] ehSched
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service (Floppy Disk Controller Driver/Microsoft Corporation) [SYSTEM] Fdc
Service (FIPS Crypto Driver/Microsoft Corporation) [SYSTEM] Fips
Service (Floppy Driver/Microsoft Corporation) [SYSTEM] Flpydisk
Service C:\WINDOWS\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (FT Disk Driver/Microsoft Corporation) [BOOT] Ftdisk
Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] HidServ
Service C:\WINDOWS\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc
Service [DISABLED] hpn
Service C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (hpqwmiex Module/Hewlett-Packard Development Company, L.P.) [AUTO] hpqwmiex
Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412
Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12
Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12
Service C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys (HSFHWATI WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWATI
Service C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DP
Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\WINDOWS\system32\IcdSptSv.exe (IcdSptSv Module/Sony Corporation) [MANUAL] ICDSPTSV
Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service C:\WINDOWS\system32\DRIVERS\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [BOOT] IntelIde
Service C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Update Service/Intuit Inc.) [AUTO] IntuitUpdateService
Service C:\WINDOWS\system32\drivers\ip6fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw
Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java™ Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) [AUTO] LightScribeService
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:\WINDOWS\ehome\mcrdsvc.exe (MCRD Device Service/Microsoft Corporation) [AUTO] McrdSvc
Service C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface DRIVER/Conexant) [AUTO] mdmxsdk
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] MHN
Service C:\WINDOWS\system32\DRIVERS\mhndrv.sys (Microsoft Multimedia Home Network (MHN) Support Driver/Microsoft Corporation) [MANUAL] MHNDRV
Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:\WINDOWS\system32\mnmsrvc.exe (NetMeeting Remote Desktop Sharing/Microsoft Corporation) [MANUAL] mnmsrvc
Service (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] Mouclass
Service C:\WINDOWS\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service C:\WINDOWS\system32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) [MANUAL] NIC1394
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service nm
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] NtmsSvc
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv
Service C:\WINDOWS\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [BOOT] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service Outlook
Service (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM Parallel Driver/Microsoft Corporation) [DISABLED] ParVdm
Service C:\WINDOWS\system32\DRIVERS\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] PCIIde
Service C:\WINDOWS\system32\DRIVERS\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [BOOT] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] PlugPlay
Service C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) [MANUAL] Pml Driver HPZ12
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\WINDOWS\system32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] Processor
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:\WINDOWS\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\qv2kux.sys (USBSTOR LowerFilter Driver for Qv-2000ux/Microsoft Corporation) [MANUAL] QV2KUX
Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe (Microsoft® Remote Desktop Help Session Manager/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) [SYSTEM] redbook
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry
Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023xp
Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek RTL8139 NDIS 5.0 Driver/Realtek Semiconductor Corporation) [MANUAL] rtl8139
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASDIFSV
Service C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASKUTIL
Service C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Administrator Service/Sophos Plc) [AUTO] SAVAdminService
Service C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) [SYSTEM] SAVOnAccessControl
Service C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc) [SYSTEM] SAVOnAccessFilter
Service C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Performs virus scanning and disinfection functions/Sophos Plc) [AUTO] SAVService
Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service C:\WINDOWS\system32\drivers\scsiport.sys (SCSI Port Driver/Microsoft Corporation) ScsiPort
Service C:\WINDOWS\system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) [MANUAL] sdbus
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service (Serial Device Driver/Microsoft Corporation) [BOOT] Serial
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service SMSvcHost 3.0.0.0
Service C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos AutoUpdate Service./Sophos Plc) [AUTO] Sophos AutoUpdate Service
Service C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys (Sophos Boot Driver, XP/2003_Server (x86)/Sophos Plc) [DISABLED] SophosBootDriver
Service [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\WINDOWS\system32\DRIVERS\sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) [BOOT] sr
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SSDPSRV
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc
Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service swwd
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP
Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe (Performance Logs and Alerts Service/Microsoft Corporation) [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service C:\WINDOWS\system32\drivers\tifm21.sys (tifm21.sys/Texas Instruments) [MANUAL] tifm21
Service C:\WINDOWS\system32\tlntsvr.exe (Telnet/Microsoft Corporation) [DISABLED] TlntSvr
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\system32\wdfmgr.exe (Windows User Mode Driver Manager/Microsoft Corporation) [MANUAL] UMWdf
Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service C:\WINDOWS\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio
Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service C:\WINDOWS\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\WINDOWS\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde
Service (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient
Service C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf
Service Windows Workflow Foundation 3.0.0.0
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi
Service C:\WINDOWS\system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [SYSTEM] WmiAcpi
Service WmiApRpl
Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (WMI Performance Adapter Service/Microsoft Corporation) [MANUAL] WmiApSrv
Service (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service {30D1CB41-CE09-4736-AECC-94DF5033266C}
Service {D5330AF8-1D0C-418D-8AC3-371CE3F5FFB9}
Service {EA027B51-6232-4C61-89B0-FA72C5FEE344}

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BC4F1D0-C954-B15A-C247-27EF0FA54527}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BC4F1D0-C954-B15A-C247-27EF0FA54527}@ialhhnpiiimakdglof 0x69 0x61 0x6C 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BC4F1D0-C954-B15A-C247-27EF0FA54527}@hajhjnolgipecgof 0x69 0x61 0x6C 0x67 ...

---- EOF - GMER 1.0.15 ----

#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 31 May 2010 - 09:29 PM

Hello, State Or Die.
Yes, running those scans in safe mode is fine. You can even perform the following combofix run in Safe Mode. Once combofix has been run, hopefully you should be able to boot into normal mode.
P2P Program Warning!

Limewire

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
Here

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall the programs listed above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 State Or Die

State Or Die
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 01 June 2010 - 06:48 AM

Good Morning AOM,

Here is the ComboFix log:

ComboFix 10-05-31.03 - Kristen l 06/01/2010 7:32.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.595 [GMT -4:00]
Running from: c:\documents and settings\Kristen l\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
D:\Autorun.inf

Infected copy of c:\windows\system32\drivers\disk.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))
.

2010-06-01 10:40 . 2010-06-01 10:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-01 09:17 . 2010-06-01 09:17 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-06-01 00:07 . 2010-06-01 00:07 -------- d-----w- c:\program files\trend micro
2010-06-01 00:07 . 2010-06-01 00:07 -------- d-----w- C:\rsit
2010-05-28 12:52 . 2010-05-28 12:52 503808 ----a-w- c:\documents and settings\Kristen l\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b4cf946-n\msvcp71.dll
2010-05-28 12:52 . 2010-05-28 12:52 499712 ----a-w- c:\documents and settings\Kristen l\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b4cf946-n\jmc.dll
2010-05-28 12:52 . 2010-05-28 12:52 348160 ----a-w- c:\documents and settings\Kristen l\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b4cf946-n\msvcr71.dll
2010-05-28 12:07 . 2010-05-28 12:07 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-05-28 02:07 . 2010-05-28 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-27 14:11 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-05-27 14:11 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-05-27 14:11 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-05-27 14:11 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-05-27 10:28 . 2010-05-28 01:03 -------- d-----w- c:\documents and settings\Kristen l\Local Settings\Application Data\uccgxahqx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 12:34 . 2010-04-16 23:20 439816 ----a-w- c:\documents and settings\Kristen l\Application Data\Real\Update\setup3.10\setup.exe
2010-05-28 02:08 . 2009-10-09 01:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-28 02:07 . 2009-10-09 01:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-28 01:51 . 2006-04-13 11:41 -------- d-----w- c:\program files\CONEXANT
2010-05-28 01:13 . 2008-11-16 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-12 10:37 . 2009-06-02 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-03 10:43 . 2008-12-11 01:58 59 ----a-w- c:\windows\wpd99.drv
2010-05-03 10:43 . 2008-12-11 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-04-29 19:39 . 2008-11-16 20:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-11-16 20:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 11:09 . 2004-08-10 15:00 430080 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-15 185784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-6-11 245760]
hp psc 1000 series.lnk - c:\program files\HP\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-11-11 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2005-12-12 18:39 94208 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-09-15 00:15 185784 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [8/14/2008 7:24 PM 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [8/14/2008 7:24 PM 38528]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/5/2009 7:22 AM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [8/21/2008 9:04 AM 98304]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [11/15/2008 12:19 PM 14976]
.
Contents of the 'Scheduled Tasks' folder

2010-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2008-10-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8215016801.job
- c:\program files\HP\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 04:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Kristen l\Application Data\Mozilla\Firefox\Profiles\52hk3u6l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80229&language=en&qkw=
FF - plugin: c:\documents and settings\Kristen l\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CSmileys - c:\progra~1\Crawler\Smileys\CSmileysIM.exe
AddRemove-ComcastHSI - c:\program files\support.com\uninstall\chsi_uninstaller.exe
AddRemove-HijackThis - f:\ultimate\IT Additions\Hijack This\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 07:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????,?n??|?P???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3323312531-471674604-1727699992-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5BC4F1D0-C954-B15A-C247-27EF0FA54527}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialhhnpiiimakdglof"=hex:69,61,6c,67,65,69,64,69,69,6a,63,61,6e,66,61,6f,63,66,
00,00
"hajhjnolgipecgof"=hex:69,61,6c,67,65,69,64,69,69,6a,63,61,6e,66,61,6f,63,66,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-06-01 07:42:44
ComboFix-quarantined-files.txt 2010-06-01 11:42

Pre-Run: 38,195,204,096 bytes free
Post-Run: 38,496,133,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - C2D5CCBD94AE7C0A3E55412A675ED91D



Thanks!

#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 01 June 2010 - 03:03 PM

Hello, State Or Die.
Looks good. Are you still getting those popups? Any other issues? If not, please proceed with the below:

We need to update your version of Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  2. Look for "JDK 6 Update 20 (JDK or JRE)".
  3. Click the Download JRE button to the right.
  4. Select your Platform: "Windows".
  5. Select your Language: "Multi-language".
  6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
  7. Click Continue and the page will refresh.
  8. Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  9. Close any programs you may have running - especially your web browser.
  10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  12. Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  13. Repeat as many times as necessary to remove each Java versions.
  14. Reboot your computer once all Java components are removed.
  15. Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please make sure you turn on the Java Automatic Update Feature

Then you will not have to remember to update it when Java introduces a new version.
Java is updated very frequently, and the old versions are malware magnets.

Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.

NEXT:

We need to run an ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the ESET Online Scanner button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the Eset Smart Installer icon on your desktop.
  4. Check the "YES, I accept the Terms of Use"
  5. Click the Start button.
  6. Accept any security warnings from your browser.
  7. Check Scan archives
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push "List of found threats"
  11. Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the "< button.
  13. Push Finish

In your next reply, please include the following:
  • Eset Scan Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 03 June 2010 - 11:03 PM

Hello State Or Die
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 State Or Die

State Or Die
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 04 June 2010 - 06:38 AM

QUOTE(aommaster @ Jun 4 2010, 12:03 AM) View Post
Hello State Or Die
Are you still with us?


yes, sorry! i was out of town for work for a couple of days and am getting back to it now - i have updated JAVA and am running the ESET scan now. I will post the log as soon as I get back from work... thanks!!


#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 04 June 2010 - 03:36 PM

Okay, thanks for letting me know smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 State Or Die

State Or Die
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 04 June 2010 - 05:14 PM

Hi AOM -

Below is the ESET scan log:

C:\Documents and Settings\Kristen MacKool\Application Data\Sun\Java\Deployment\cache\6.0\5\8827e85-2406bad8 a variant of Java/TrojanDownloader.Agent.NAX trojan deleted - quarantined
C:\Documents and Settings\Kristen MacKool\Application Data\Sun\Java\Deployment\cache\6.0\56\2d475f78-39759931 multiple threats deleted - quarantined
C:\Documents and Settings\Kristen MacKool\Application Data\Sun\Java\Deployment\cache\6.0\7\249f2ec7-22fa4a30 a variant of Java/Exploit.Agent.F trojan deleted - quarantined


Also -
I am getting various pop-up messages from Sophos:

it keeps identifying:
Mal/TDSSRt-A and Troj/Virtum-Gen



#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 04 June 2010 - 08:14 PM

Hello, State Or Die.
Those Sophos detections should be coming from the Qoobox folder. Once you've uninstalled combofix, they should disappear. If not, please provide me with the path of the files being detected.

We need to uninstall Combofix
  1. Click on your Start Menu, then Run....
  2. Now type combofix /uninstall in the runbox and click OK. Notice the space between the "x" and "/".




Your Log looks Clean please take the time to read below to secure your machine and take the necessary steps to keep it clean smile.gif

There are many ways to reduce the chance of getting infected in the future. Below, I have listed a few:
  1. Practice Safe Internet
    • Be weary about attachments in emails. Avoid opening .exe, .com, .bat, or .pif files.
    • Watch out for Foistware. More info can be found on Foistware, And how to avoid it.
    • Do not fall for Rogue/Suspect Anti-Spyware Products & Web Sites
    • Do not go to adult sites.
    • When using an Instant Messaging program be cautious about clicking on links people send to you.
    • Stay away from Warez and Crack sites. In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Use McAfee Siteadvisor to look up info on a site if you are not sure whether it is legitimate
    • Do not install any software without first reading the End User License Agreement, otherwise known as the EULA.
  2. Make Internet Explorer more secure
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt

        When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Make Firefox more secure
    Firefox is a relatively safe browser compared to Internet Explorer. However, if you'd still like to enhance security, consider some of these extensions:
    • NoScript: Add-on which automatically blocks Javascript and Java from running on sites.
    • Firekeeper: Add-on which aims to protect your from malicious websites which may exploit browser and code security flaws.
    • KeyScrambler: Add-on that protects your passwords from being detected by keyloggers.
  4. Keep Windows updated
    Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer. Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install.
  5. Install and update the following programs frequently
    1. An outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here
    2. An antivirus software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats. Three good antivirus programs free for non-commercial home use are Avast! and Antivir and AVG Antivirus
    3. An antispyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates. SUPERAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    4. SpywareBlaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    5. MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  6. Keep your other software updated too
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

Some more links you might find of interest:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 State Or Die

State Or Die
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 04 June 2010 - 10:00 PM

oops, double post deleted

Edited by State Or Die, 04 June 2010 - 10:05 PM.


#14 State Or Die

State Or Die
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 04 June 2010 - 10:02 PM

Hi AOM,

yes, one of them was coming from that folder... however, the Virtum-Gen one says it is coming from "C:\windows\system32\jakolihe.dll", "C:\windows\system32\neruvowu.dll" and "C:\windows\system32\refizubu.dll"

perhaps it is an old message?

Anyway, i have uninstalled combofix - do you think anything else is necessary?

Thanks again for all your help!!

#15 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:09:27 AM

Posted 05 June 2010 - 12:54 PM

Hi!

They seem to be remnants of an old infection (your logs don't show those DLL's as loading). You can simply navigate through and delete them manually. If you'd like me to have a look to make sure nothing else is remaining, you can post up an RSIT log (however, I'm pretty sure nothing is left)

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users