Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need some help...


  • This topic is locked This topic is locked
37 replies to this topic

#1 LouieSchwann

LouieSchwann

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 19 August 2012 - 03:03 PM

I'll be more active again. I won't be idle. I'll check out my post often. So sorry for the past posts. Here's my DDS log file and GMER log file. I made a new one.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 PM

Posted 24 August 2012 - 03:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465816 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 25 August 2012 - 02:47 AM

Thanks for your bot, Bleeping Computer. :D

I made a new scan again.. but while scanning.. a wild Blue Screen appeared. I was surprised upon seeing it.. But it haven't done anything.. I guess. After that, I booted to safe mode to make new GMER and DDS scans. I also copied the text message box that appear after I experienced that Blue Screen. Right now, I'm experiencing system lag, sometimes application crash like for example, Google Chrome. It's so weird. I think I'm really under attack now. Our netbook wasn't this slow before.

I'll post the GMER log file on my next reply

I just included that Blue Screen error message to help you guys understand my netbook more. It's just that.. this netbook is only the one that we are using. Thanks for all of the help.

Attached Files


Edited by LouieSchwann, 25 August 2012 - 02:47 AM.


#4 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 25 August 2012 - 02:52 AM

Here's the part 1 of the GMER log file, it's too long. @_@

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-25 15:28:12
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHZ2160BH_G2 rev.00000009
Running: gmer.exe; Driver: C:\Users\lenovo\AppData\Local\Temp\pxdirpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x81A8EB3E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x818DFFA4]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x81AC6F48]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x8190BB5E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x81AA92A3]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x8194B972]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x81B35E57]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x81B35EA0]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x81AB2D7D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x81B4F512]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddDriverEntry [0x81B50767]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x81A20F3E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x81AC017A]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlertResumeThread [0x81B29319]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlertThread [0x81AB19B5]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x81AAD243]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateReserveObject [0x819E2533]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x81B1B4FE]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x81A26F62]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateVirtualMemory [0x81A5EEA5]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcAcceptConnectPort [0x81AA4971]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCancelMessage [0x81A1F121]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcConnectPort [0x81A721A3]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreatePort [0x81ABAB00]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreatePortSection [0x81AB2A73]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateResourceReserve [0x81A3C6CA]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateSectionView [0x81AB2853]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcCreateSecurityContext [0x81A7C085]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeletePortSection [0x81AB391D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteResourceReserve [0x81B1655B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteSectionView [0x81A9489E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDeleteSecurityContext [0x81A86565]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcDisconnectPort [0x81AA4F89]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcImpersonateClientOfPort [0x81A71AC8]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcOpenSenderProcess [0x81A9A72D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcOpenSenderThread [0x81AB3A15]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcQueryInformation [0x81A2E6F7]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcQueryInformationMessage [0x81A9A24B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcRevokeSecurityContext [0x81B16683]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcSendWaitReceivePort [0x81AA1B6B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlpcSetInformation [0x81A8BCFD]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwApphelpCacheControl [0x81A859F4]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x81A17092]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x81ACA664]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x818B2278]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x81A12A36]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFileEx [0x81AA9AE0]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelSynchronousIoFile [0x81B034C4]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x8190C22C]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x81AC395A]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x81A99776]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x81A83322]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCommitComplete [0x81B3D896]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCommitEnlistment [0x81B3D5B6]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCommitTransaction [0x81AE0C53]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x81AE804D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x81AA9650]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x81AC4FBC]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x81AE82BB]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwConnectPort [0x81A8E9EC]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x8188E37C]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x81AF8E8B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x81A40692]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEnlistment [0x81AD157F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x81A81A33]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x81B55220]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x81AA050F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x81ABFAFD]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x81A3FA1F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x81B2B0A0]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x81A797C6]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyedEvent [0x81A9C3E7]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyTransacted [0x81AE2DB1]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x81A40F60]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMutant [0x81AC107E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x81AC4637]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x819D73DA]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x81ABFBE7]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePrivateNamespace [0x81A1A475]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x81B27789]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x81B277D4]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x81B55CAF]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfileEx [0x81B55C75]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateResourceManager [0x819E7BC4]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x81AA877E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x81A80355]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x81A4010D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThread [0x81B27592]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThreadEx [0x81AB06A7]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x81A8EA19]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x81AA51D6]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTransaction [0x81A18E91]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTransactionManager [0x819E88CE]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateUserProcess [0x81A78B1E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x819E954F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWorkerFactory [0x81A87FE3]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugActiveProcess [0x81AF9D48]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x81AFA409]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x81A53CEA]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x81A3B110]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteBootEntry [0x81B4F543]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteDriverEntry [0x81B5079B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x819E4A97]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x81A2D0C0]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x81AD84C0]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeletePrivateNamespace [0x81ADD76D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x81A32D70]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x81A62DD5]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDisableLastKnownGood [0x81B133EC]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x81B4D787]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDrawText [0x81961F74]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateObject [0x81AAC75B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x81ABB6D0]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnableLastKnownGood [0x81B134CD]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateBootEntries [0x81B4F745]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateDriverEntries [0x81B5099B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x81A7A862]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x81B4F325]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateTransactionObject [0x81B3E3D6]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x81A98AE8]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwExtendSection [0x81B19865]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFilterToken [0x81A22722]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFindAtom [0x81AA208E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushBuffersFile [0x81A79ACD]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstallUILanguage [0x819DF3B8]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstructionCache [0x81AAD17E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushKey [0x81A347AF]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushProcessWriteBuffers [0x81882255]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushVirtualMemory [0x81A1F967]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushWriteBuffer [0x81B1C5E3]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x81B1BC9F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeVirtualMemory [0x818D232F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreezeRegistry [0x8191BBCA]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreezeTransactions [0x81B3E826]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFsControlFile [0x81A98DC8]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetContextThread [0x81AE311F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetCurrentProcessorNumber [0x81A1F523]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetDevicePowerState [0x81B247AF]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetMUIRegistryInfo [0x81AC303B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetNextProcess [0x81B29510]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetNextThread [0x81ADA1F8]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetNlsSectionPtr [0x81A9F67B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetNotificationResourceManager [0x81B3E986]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetPlugPlayEvent [0x81A10A32]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetWriteWatch [0x81939463]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x81AA50DC]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateClientOfPort [0x81B156A5]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateThread [0x81A830F8]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeNlsFiles [0x81AC1C65]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeRegistry [0x819E45D1]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitiatePowerAction [0x81AD79DC]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsProcessInJob [0x81ADC414]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x81B24796]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsUILanguageComitted [0x819E034A]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwListenPort [0x819DA6CD]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadDriver [0x819F63C4]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey [0x819DEEBB]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey2 [0x819C9A2A]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKeyEx [0x819EB67C]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockFile [0x81A40A70]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockProductActivationKeys [0x819C3AE2]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockRegistryKey [0x819BF1CD]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockVirtualMemory [0x818EA886]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakePermanentObject [0x81B1E6F5]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakeTemporaryObject [0x81A374AD]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapCMFModule [0x81AB1191]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPages [0x81B1A989]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x81B1AE83]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapViewOfSection [0x81A8BA13]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwModifyBootEntry [0x81B4F714]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwModifyDriverEntry [0x81B5096C]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x81A9D3C9]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeKey [0x81AAF4BE]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x81A95C27]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeSession [0x819FF1E0]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenDirectoryObject [0x81A67C64]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEnlistment [0x81B3CE1D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEvent [0x81A81E1C]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEventPair [0x81B55321]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenFile [0x81AAB77E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenIoCompletion [0x81B031B9]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenJobObject [0x81B2AA17]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x81AA5D3F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyEx [0x81AA1CCF]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyedEvent [0x81B55657]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyTransacted [0x81ADE37D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyTransactedEx [0x81ADE758]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenMutant [0x81AA282A]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x81A1CE52]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenPrivateNamespace [0x81A207B8]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcess [0x81A6DE3F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessToken [0x81AAB103]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessTokenEx [0x81A9687D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenResourceManager [0x819C925D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSection [0x81ABA8A0]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSemaphore [0x81A2312C]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSession [0x81A118E2]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x81AB8484]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThread [0x81AC39A8]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadToken [0x81AA26B4]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadTokenEx [0x81A7C68D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTimer [0x81B54FC7]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTransaction [0x81B3DB7B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTransactionManager [0x81B3EE1B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPlugPlayControl [0x81A2982F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPowerInformation [0x81A61663]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrepareComplete [0x81B3D726]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrepareEnlistment [0x81B3D444]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrePrepareComplete [0x81B3D7DE]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrePrepareEnlistment [0x81B3D4FE]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeCheck [0x81A3F760]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x81A107E1]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x81A33F5A]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPropagationComplete [0x81B3F576]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPropagationFailed [0x81B3F63E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwProtectVirtualMemory [0x81A92329]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPulseEvent [0x81ADD389]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryAttributesFile [0x81AAC4CE]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryBootEntryOrder [0x81B4FBE6]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryBootOptions [0x81B50029]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDebugFilterState [0x818E0874]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultLocale [0x81AC1BED]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x819EE76D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryFile [0x81AAC332]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryObject [0x81A67F90]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDriverEntryOrder [0x81B50527]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEaFile [0x819DF72B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEvent [0x81AC7078]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryFullAttributesFile [0x81AC444F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationAtom [0x81A3B138]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationEnlistment [0x81B3D028]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationFile [0x81A6F7D5]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationJobObject [0x81AD96EC]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationPort [0x81B156D8]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationProcess [0x81A51565]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationResourceManager [0x81B3EA90]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationThread [0x81A53D85]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationToken [0x81A6B956]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationTransaction [0x81B3DD6E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationTransactionManager [0x819C8D65]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationWorkerFactory [0x81962BB3]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInstallUILanguage [0x81A2FF03]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIntervalProfile [0x81B5601F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIoCompletion [0x81B0327C]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x81A7E16B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryLicenseValue [0x81A91478]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMultipleValueKey [0x81AB1BE6]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMutant [0x81B55736]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryObject [0x81A41309]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeys [0x81AE7B3F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeysEx [0x81ACFE7D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPerformanceCounter [0x81AC196C]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPortInformationProcess [0x81B27C54]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x81B0485D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySection [0x81A80244]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityAttributesToken [0x81AC9A8A]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityObject [0x81ABDA50]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySemaphore [0x81B4E5A2]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x81A988C2]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x81B4E77B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x81B4ED71]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformation [0x81A4D7FD]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformationEx [0x81A9BA57]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemTime [0x81AC2F29]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimer [0x81B55086]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimerResolution [0x81A3710C]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x81AB4F0A]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVirtualMemory [0x81A93306]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x81ABD4A4]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThread [0x81A3C911]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThreadEx [0x81A3C7FF]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseException [0x8188E3C4]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseHardError [0x81A1E42F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFile [0x81A5A2F6]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFileScatter [0x819E2652]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadOnlyEnlistment [0x81B3DA06]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadRequestData [0x81B157BD]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadVirtualMemory [0x81AB221A]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverEnlistment [0x81B3CFCE]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverResourceManager [0x819E948D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRecoverTransactionManager [0x819E7E69]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterProtocolAddressInformation [0x81B3F3CA]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x81B28A50]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseKeyedEvent [0x81A8D915]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseMutant [0x81A53BEE]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseSemaphore [0x81A73CDF]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseWorkerFactoryWorker [0x818BBB37]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletion [0x81AA9960]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletionEx [0x81A704D7]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveProcessDebug [0x81AF9E93]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRenameKey [0x81AE7D85]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRenameTransactionManager [0x81B3F066]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplaceKey [0x81AE78D2]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplacePartitionUnit [0x81925977]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyPort [0x81A9457C]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePort [0x81AB0AB8]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x81A64F67]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReplyPort [0x81B15989]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestPort [0x81A93BCF]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWaitReplyPort [0x81A70475]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetEvent [0x81A34E82]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x81939A50]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRestoreKey [0x81ADBFC2]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeProcess [0x81B292B3]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeThread [0x81A7DD9B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackComplete [0x81B3DABE]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackEnlistment [0x81B3D66E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRollbackTransaction [0x819E9740]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRollforwardTransactionManager [0x81B3F1C8]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKey [0x81ADC1C0]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKeyEx [0x81ADC4CC]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveMergedKeys [0x81AE6BF7]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSecureConnectPort [0x81A80456]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSerializeBoot [0x819D6941]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetBootEntryOrder [0x81B4FE25]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetBootOptions [0x81B50311]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetContextThread [0x81B28697]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDebugFilterState [0x819BC4B5]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x819DB910]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultLocale [0x819EE4F2]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultUILanguage [0x819EF60F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDriverEntryOrder [0x81B50D9F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEaFile [0x81B042EE]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEvent [0x81A5C106]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEventBoostPriority [0x81B4E24F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighEventPair [0x81B555ED]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x81B5551F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationDebugObject [0x81AFA5CF]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationEnlistment [0x81B3D26E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationFile [0x81A8C9A5]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationJobObject [0x81AA9C0E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationKey [0x81AE73E7]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationObject [0x81A79CCA]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationProcess [0x81A5C1CF]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationResourceManager [0x81B3EC9E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationThread [0x81A74967]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationToken [0x81A97311]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationTransaction [0x81B3E5D0]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationTransactionManager [0x81B3F28D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationWorkerFactory [0x818BD8A5]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIntervalProfile [0x81B55FFC]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletion [0x81A28D90]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletionEx [0x81B033A2]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLdtEntries [0x81B2A6D7]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowEventPair [0x81B5558A]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x81B554B4]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetQuotaInformationFile [0x81B04E73]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSecurityObject [0x81A9EA1E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x81B4EA77]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValueEx [0x81B4F089]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemInformation [0x81A3959C]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemPowerState [0x81B6BE0A]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemTime [0x81AD809D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetThreadExecutionState [0x81AE4269]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimer [0x818BBDA4]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerEx [0x818C1D11]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerResolution [0x81ACA415]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetUuidSeed [0x819FE4EC]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetValueKey [0x81AB7775]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetVolumeInformationFile [0x81B04E8D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownSystem [0x81B4D745]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownWorkerFactory [0x81AC8D1F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x819128E5]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSinglePhaseReject [0x81B3D94E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStartProfile [0x81B55D38]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStopProfile [0x81B55F2F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendProcess [0x81B29253]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendThread [0x81AE31E3]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSystemDebugControl [0x81A3D924]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateJobObject [0x81ACAC3F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateProcess [0x81A6E31E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateThread [0x81A857DC]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTestAlert [0x81AB04BA]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwThawRegistry [0x8191BC2D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwThawTransactions [0x81B3E906]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTraceControl [0x81ABA261]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTraceEvent [0x818CAE8B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTranslateFilePath [0x81B50FA3]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUmsThreadYield [0x81B1564F]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadDriver [0x81B0565B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey [0x81AD075E]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey2 [0x81ACF864]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKeyEx [0x81AE6D8D]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockFile [0x81AC496B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockVirtualMemory [0x818E3BBE]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnmapViewOfSection [0x81AAE3AE]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwVdmControl [0x81B42BFF]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForDebugEvent [0x81AFA0ED]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForKeyedEvent [0x81AA6416]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects [0x81A537B0]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects32 [0x81B1F174]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForSingleObject [0x81A51451]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForWorkViaWorkerFactory [0x818BB7B3]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitHighEventPair [0x81B5544B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitLowEventPair [0x81B553E2]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWorkerFactoryWorkerReady [0x818F3C27]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFile [0x81A6F0DA]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFileGather [0x819E9A11]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteRequestData [0x81B1582A]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteVirtualMemory [0x81A9E13B]
SSDT \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Part 2. @_@

INT 0x00 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188B630
INT 0x01 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188B7C0
INT 0x03 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188BC30
INT 0x04 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188BDB8
INT 0x05 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188BF18
INT 0x06 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188C08C
INT 0x07 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188C688
INT 0x09 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188CAE8
INT 0x0A \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188CC0C
INT 0x0B \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188CD4C
INT 0x0C \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188CFAC
INT 0x0D \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188D29C
INT 0x0E \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188D96C
INT 0x0F \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x10 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DE44
INT 0x11 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DF84
INT 0x13 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188E0F0
INT 0x14 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x15 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x16 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x17 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x18 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x19 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x1A \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x1B \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x1C \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x1D \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x1E \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81838AF8
INT 0x2A \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188ACAA
INT 0x2B \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188AE30
INT 0x2C \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188AF6C
INT 0x2D \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188BB08
INT 0x2E \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A65E
INT 0x2F \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188DD20
INT 0x30 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889D20
INT 0x31 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889D2A
INT 0x32 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889D34
INT 0x33 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889D3E
INT 0x34 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889D48
INT 0x35 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889D52
INT 0x36 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889D5C
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81838104
INT 0x38 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889D70
INT 0x39 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889D7A
INT 0x3A \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889D84
INT 0x3B \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889D8E
INT 0x3C \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889D98
INT 0x3D \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889DA2
INT 0x3E \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889DAC
INT 0x3F \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889DB6
INT 0x40 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889DC0
INT 0x41 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889DCA
INT 0x42 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889DD4
INT 0x43 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889DDE
INT 0x44 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889DE8
INT 0x45 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889DF2
INT 0x46 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889DFC
INT 0x47 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E06
INT 0x48 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E10
INT 0x49 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E1A
INT 0x4A \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E24
INT 0x4B \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E2E
INT 0x4C \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E38
INT 0x4D \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E42
INT 0x4E \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E4C
INT 0x4F \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E56
INT 0x50 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E60
INT 0x52 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E74
INT 0x53 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E7E
INT 0x54 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E88
INT 0x55 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E92
INT 0x56 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889E9C
INT 0x57 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889EA6
INT 0x58 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889EB0
INT 0x59 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889EBA
INT 0x5A \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889EC4
INT 0x5B \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889ECE
INT 0x5C \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889ED8
INT 0x5D \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889EE2
INT 0x5E \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889EEC
INT 0x5F \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889EF6
INT 0x60 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F00
INT 0x62 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F14
INT 0x63 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F1E
INT 0x64 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F28
INT 0x65 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F32
INT 0x66 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F3C
INT 0x67 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F46
INT 0x68 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F50
INT 0x69 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F5A
INT 0x6A \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F64
INT 0x6B \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F6E
INT 0x6C \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F78
INT 0x6D \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F82
INT 0x6E \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F8C
INT 0x6F \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889F96
INT 0x70 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889FA0
INT 0x72 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889FB4
INT 0x73 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889FBE
INT 0x74 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889FC8
INT 0x75 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889FD2
INT 0x76 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889FDC
INT 0x77 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889FE6
INT 0x78 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889FF0
INT 0x79 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81889FFA
INT 0x7A \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A004
INT 0x7B \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A00E
INT 0x7C \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A018
INT 0x7D \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A022
INT 0x7E \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A02C
INT 0x7F \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A036
INT 0x80 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A040
INT 0x81 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A04A
INT 0x83 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A05E
INT 0x84 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A068
INT 0x85 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A072
INT 0x86 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A07C
INT 0x87 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A086
INT 0x88 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A090
INT 0x89 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A09A
INT 0x8A \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A0A4
INT 0x8B \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A0AE
INT 0x8C \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A0B8
INT 0x8D \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A0C2
INT 0x8E \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A0CC
INT 0x8F \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A0D6
INT 0x90 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A0E0
INT 0x91 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A0EA
INT 0x93 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A0FE
INT 0x94 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A108
INT 0x95 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A112
INT 0x96 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A11C
INT 0x97 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A126
INT 0x98 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A130
INT 0x99 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A13A
INT 0x9A \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A144
INT 0x9B \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A14E
INT 0x9C \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A158
INT 0x9D \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A162
INT 0x9E \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A16C
INT 0x9F \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A176
INT 0xA0 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A180
INT 0xA1 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A18A
INT 0xA3 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A19E
INT 0xA4 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A1A8
INT 0xA5 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A1B2
INT 0xA6 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A1BC
INT 0xA7 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A1C6
INT 0xA8 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A1D0
INT 0xA9 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A1DA
INT 0xAA \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A1E4
INT 0xAB \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A1EE
INT 0xAC \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A1F8
INT 0xAD \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A202
INT 0xAE \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A20C
INT 0xAF \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A216
INT 0xB0 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A220
INT 0xB3 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A23E
INT 0xB4 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A248
INT 0xB5 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A252
INT 0xB6 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A25C
INT 0xB7 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A266
INT 0xB8 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A270
INT 0xB9 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A27A
INT 0xBA \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A284
INT 0xBB \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A28E
INT 0xBC \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A298
INT 0xBD \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A2A2
INT 0xBE \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A2AC
INT 0xBF \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A2B6
INT 0xC0 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A2C0
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 818383F4
INT 0xC2 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A2D4
INT 0xC3 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A2DE
INT 0xC4 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A2E8
INT 0xC5 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A2F2
INT 0xC6 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A2FC
INT 0xC7 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A306
INT 0xC8 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A310
INT 0xC9 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A31A
INT 0xCA \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A324
INT 0xCB \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A32E
INT 0xCC \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A338
INT 0xCD \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A342
INT 0xCE \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A34C
INT 0xCF \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A356
INT 0xD0 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A360
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81820634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81820898
INT 0xD3 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A37E
INT 0xD4 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A388
INT 0xD5 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A392
INT 0xD6 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A39C
INT 0xD7 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A3A6
INT 0xD8 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A3B0
INT 0xD9 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A3BA
INT 0xDA \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A3C4
INT 0xDB \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A3CE
INT 0xDC \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A3D8
INT 0xDD \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A3E2
INT 0xDE \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A3EC
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 818381DC
INT 0xE0 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A400
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81838958
INT 0xE2 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A414
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 818386F8
INT 0xE4 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A428
INT 0xE5 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A432
INT 0xE6 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A43C
INT 0xE7 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A446
INT 0xE8 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A450
INT 0xE9 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A45A
INT 0xEA \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A464
INT 0xEB \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A46E
INT 0xEC \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A478
INT 0xED \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A482
INT 0xEE \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A489
INT 0xEF \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A490
INT 0xF0 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A497
INT 0xF1 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A49E
INT 0xF2 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A4A5
INT 0xF3 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A4AC
INT 0xF4 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A4B3
INT 0xF5 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A4BA
INT 0xF6 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A4C1
INT 0xF7 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A4C8
INT 0xF8 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A4CF
INT 0xF9 \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A4D6
INT 0xFA \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A4DD
INT 0xFB \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A4E4
INT 0xFC \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A4EB
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 81838F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 818391A8
INT 0xFF \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 8188A500

SYSENTER \SystemRoot\system32\ntoskrnl.exe 8188A730

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!RtlPrefetchMemoryNonTemporal 818874C8 1 Byte [90]
.text ntoskrnl.exe!ZwSaveKey + 13CD 8188A9A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 818AA4E2 1 Byte [E0]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 818AA4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KiDispatchInterrupt + 5B7 818AA4F7 1 Byte [D9]
.text ntoskrnl.exe!KiDispatchInterrupt + 5BF 818AA4FF 1 Byte [00]

---- User code sections - GMER 1.0.15 ----

UPX1 C:\Users\lenovo\Desktop\gmer.exe[340] C:\Users\lenovo\Desktop\gmer.exe entry point in "UPX1" section [0x004B8360]
.text C:\Windows\Explorer.EXE[1144] GROOVEEX.DLL!DllCanUnloadNow + 5640

Part 3. @_@:

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \
Device \Driver\KSecDD \Device\KsecDD ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NDIS \Device\Ndis ndis.sys (NDIS 6.20 driver/Microsoft Corporation)
Device \Driver\WudfPf \Device\WUDFLpcDevice WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000032
Device \Device\00000025
Device \Device\00000019
Device \Device\00000033
Device \Device\00000026
Device \Driver\PnpManager \Device\00000040 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000040 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000040 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Device\00000034
Device \Device\00000027
Device \Driver\kbdclass \Device\KeyboardClass0 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\kbdclass \Device\KeyboardClass0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\PnpManager \Device\00000041 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000041 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000041 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video0
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\Wdf01000 \Device\KMDF0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
Device \Driver\Wdf01000 \Device\KMDF0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIAdminDevice ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIAdminDevice ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000035
Device \Device\00000028
Device \Driver\kbdclass \Device\KeyboardClass1 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\kbdclass \Device\KeyboardClass1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\WudfPf \Device\ProcessManagement WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000042 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000042 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000042 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000036
Device \Device\00000029
Device \Driver\mouclass \Device\PointerClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\mouclass \Device\PointerClass0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Device\00000050
Device \Driver\PnpManager \Device\00000043 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000043 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000043 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000037
Device \Device\0000000a
Device \Driver\mouclass \Device\PointerClass1 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\mouclass \Device\PointerClass1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Device\00000051
Device \Driver\PnpManager \Device\00000044 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000044 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000044 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000038
Device \Device\0000000b
Device \Driver\WMIxWDM \Device\WMIDataDevice ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\PointerClass2
Device \Driver\usbuhci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000045 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000045 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000045 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000052
Device \FileSystem\RAW \Device\RawTape ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000039
Device \Device\0000000c
Device \Driver\usbuhci \Device\USBPDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000053 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\NTPNP_PCI0000
Device \Driver\ACPI_HAL \Device\00000046 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Device\0000001a
Device \Device\0000000d
Device \Driver\usbuhci \Device\USBPDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-3 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000060 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000060 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000054
Device \Device\NTPNP_PCI0001
Device \Device\00000047
Device \Device\0000001b
Device \Device\0000000e
Device \Driver\usbehci \Device\USBPDO-4 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-4 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000061 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000061 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000055
Device \Device\NTPNP_PCI0002
Device \Device\00000048
Device \Device\0000001c
Device \Device\0000000f
Device \Driver\usbhub \Device\USBPDO-5 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-5 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000062 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000062 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000056
Device \Driver\pci \Device\NTPNP_PCI0010 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0010 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0003 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0003 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000049 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\0000001d
Device \Device\USBPDO-6
Device \Driver\SynTP \Device\00000063 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
Device \Driver\Tcpip \Device\eQoS tcpip.sys (TCP/IP Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\eQoS ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000057
Device \Driver\pci \Device\NTPNP_PCI0011 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0011 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\NTPNP_PCI0004
Device \Device\0000002a
Device \Device\0000001e
Device \Driver\volmgr \Device\HarddiskVolume1 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Device\00000064
Device \Device\00000058
Device \Driver\pci \Device\NTPNP_PCI0012 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0012 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\NTPNP_PCI0005
Device \Device\0000002b
Device \Device\0000001f
Device \Driver\volmgr \Device\HarddiskVolume2 volmgr.sys (Volume Manager Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\usbccgp \Device\00000065 usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000065 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\Termdd termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\blbdrive \Device\BlbControl blbdrive.sys (BLB Drive Driver/Microsoft Corporation)
Device \Device\00000059
Device \Device\NTPNP_PCI0013
Device \Device\NTPNP_PCI0006
Device \Device\0000002c
Device \Driver\atapi \Device\Ide\IdePort0 ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort2 ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\msahci \Device\Ide\PciIde1Channel0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\msahci \Device\Ide\PciIde1Channel0 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 ataport.SYS (ATAPI Driver Extension/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\msahci \Device\Ide\PciIde1Channel2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\msahci \Device\Ide\PciIde1Channel2 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Driver\intelide \Device\Ide\PciIde0Channel0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\intelide \Device\Ide\PciIde0Channel0 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Device\Ide\PciIde0
Device \Device\Ide\PciIde1
Device \Device\i
Device \Driver\pci \Device\NTPNP_PCI0014 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0014 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\CNG \Device\CNG cng.sys (Kernel Cryptography, Next Generation/Microsoft Corporation)
Device \Driver\CNG \Device\CNG ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0008 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0008 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo0 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0009 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pci \Device\NTPNP_PCI0009 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo10 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo1 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo11 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo2 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\ACPIVPC \Device\EnergyDrv AcpiVpc.sys (ACPI Virtual Power Controller Driver/Lenovo Corporation)
Device \Driver\ACPIVPC \Device\EnergyDrv ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004a ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo12 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo3 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\WFP tcpip.sys (TCP/IP Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\WFP ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo13 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo4 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005a ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo14 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo5 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004d ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\mountmgr \Device\MountPointManager mountmgr.sys (Mount Point Manager/Microsoft Corporation)
Device \Driver\mountmgr \Device\MountPointManager ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo15 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo6 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004e ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo7 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \FileSystem\Mup \Device\Mup mup.sys (Multiple UNC Provider Driver/Microsoft Corporation)
Device \Driver\partmgr \Device\PartmgrControl partmgr.sys (Partition Management Driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo8 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005e usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005e ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\RemoteVideo9 termdd.sys (Remote Desktop Server Driver/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005f usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000005f ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Tcpip \Device\NXTIPSEC tcpip.sys (TCP/IP Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\NXTIPSEC ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000004 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000004 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000004 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000005 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000005 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000005 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-3 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-4 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-4 ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\FileInfo \Device\FileInfo fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation)
Device \FileSystem\FileInfo \Device\FileInfo ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pxdirpog \Device\pxdirpog pxdirpog.sys
Device \Driver\pxdirpog \Device\pxdirpog ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\pcw \Device\PcwDrv pcw.sys (Performance Counters for Windows Driver/Microsoft Corporation)
Device \Driver\pcw \Device\PcwDrv ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Tcpip \Device\WfpAle tcpip.sys (TCP/IP Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\WfpAle ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\rdyboost \Device\RdyBoost rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\rdyboost \Device\RdyBoost rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPSECDOSP tcpip.sys (TCP/IP Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPSECDOSP ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \SystemRoot\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 81855000-81C58000 (4206592 bytes)
Module \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8181E000-81855000 (225280 bytes)
Module \SystemRoot\system32\kdcom.dll (Serial Kernel Debugger/Microsoft Corporation) 817A3000-817AB000 (32768 bytes)
Module \SystemRoot\system32\mcupdate_GenuineIntel.dll (Intel Microcode Update Library/Microsoft Corporation) 86812000-86897000 (544768 bytes)
Module \SystemRoot\system32\PSHED.dll (Platform Specific Hardware Error Driver/Microsoft Corporation) 86897000-868A8000 (69632 bytes)
Module \SystemRoot\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) 868A8000-868B0000 (32768 bytes)
Module \SystemRoot\system32\CLFS.SYS (Common Log File System Driver/Microsoft Corporation) 868B0000-868F2000 (270336 bytes)
Module \SystemRoot\system32\CI.dll (Code Integrity Module/Microsoft Corporation) 868F2000-8699D000 (700416 bytes)
Module \SystemRoot\system32\drivers\Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) 8699D000-86A0E000 (462848 bytes)
Module \SystemRoot\system32\drivers\WDFLDR.SYS (Kernel Mode Driver Framework Loader/Microsoft Corporation) 86A0E000-86A1C000 (57344 bytes)
Module \SystemRoot\system32\drivers\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) 86A1C000-86A64000 (294912 bytes)
Module \SystemRoot\system32\drivers\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) 86A64000-86A6D000 (36864 bytes)
Module \SystemRoot\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) 86A6D000-86A75000 (32768 bytes)
Module \SystemRoot\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) 86A75000-86A9F000 (172032 bytes)
Module \SystemRoot\system32\drivers\vdrvroot.sys (Virtual Drive Root Enumerator/Microsoft Corporation) 86A9F000-86AAA000 (45056 bytes)
Module \SystemRoot\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) 86AAA000-86ABB000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) 86ABB000-86AC3000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\BATTC.SYS (Battery Class Driver/Microsoft Corporation) 86AC3000-86ACE000 (45056 bytes)
Module \SystemRoot\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) 86ACE000-86ADE000 (65536 bytes)
Module \SystemRoot\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) 86ADE000-86B29000 (307200 bytes)
Module \SystemRoot\system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) 86B29000-86B30000 (28672 bytes)
Module \SystemRoot\system32\drivers\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) 86B30000-86B3E000 (57344 bytes)
Module \SystemRoot\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) 86B3E000-86B54000 (90112 bytes)
Module \SystemRoot\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) 86B54000-86B5D000 (36864 bytes)
Module \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 86B5D000-86B80000 (143360 bytes)
Module \SystemRoot\system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) 86B80000-86B8A000 (40960 bytes)
Module \SystemRoot\system32\drivers\amdxata.sys (Storage Filter Driver/Advanced Micro Devices) 86B8A000-86B93000 (36864 bytes)
Module \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) 86B93000-86BC7000 (212992 bytes)
Module \SystemRoot\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) 86BC7000-86BD8000 (69632 bytes)
Module \SystemRoot\System32\Drivers\Ntfs.sys (NT File System Driver/Microsoft Corporation) 86C26000-86D55000 (1241088 bytes)
Module \SystemRoot\System32\Drivers\msrpc.sys (Kernel Remote Procedure Call Provider/Microsoft Corporation) 86D55000-86D80000 (176128 bytes)
Module \SystemRoot\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) 86D80000-86D93000 (77824 bytes)
Module \SystemRoot\System32\Drivers\cng.sys (Kernel Cryptography, Next Generation/Microsoft Corporation) 86D93000-86DF0000 (380928 bytes)
Module \SystemRoot\System32\drivers\pcw.sys (Performance Counters for Windows Driver/Microsoft Corporation) 86DF0000-86DFE000 (57344 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation) 86DFE000-86E07000 (36864 bytes)
Module \SystemRoot\system32\drivers\ndis.sys (NDIS 6.20 driver/Microsoft Corporation) 86E07000-86EBE000 (749568 bytes)
Module \SystemRoot\system32\drivers\NETIO.SYS (Network I/O Subsystem/Microsoft Corporation) 86EBE000-86EFC000 (253952 bytes)
Module \SystemRoot\System32\Drivers\ksecpkg.sys (Kernel Security Support Provider Interface Packages/Microsoft Corporation) 86EFC000-86F21000 (151552 bytes)
Module \SystemRoot\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) 8702B000-87175000 (1351680 bytes)
Module \SystemRoot\System32\drivers\fwpkclnt.sys (FWP/IPsec Kernel-Mode API/Microsoft Corporation) 87175000-871A6000 (200704 bytes)
Module \SystemRoot\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) 871A6000-871E5000 (258048 bytes)
Module \SystemRoot\System32\drivers\rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) 871ED000-8721A000 (184320 bytes)
Module \SystemRoot\System32\Drivers\mup.sys (Multiple UNC Provider Driver/Microsoft Corporation) 8721A000-8722A000 (65536 bytes)
Module \SystemRoot\System32\drivers\hwpolicy.sys (Hardware Policy Driver/Microsoft Corporation) 8722A000-87232000 (32768 bytes)
Module \SystemRoot\System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) 87232000-87264000 (204800 bytes)
Module \SystemRoot\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) 87264000-87275000 (69632 bytes)
Module \SystemRoot\system32\drivers\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) 87275000-8729A000 (151552 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) 872CD000-872D4000 (28672 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) 872D4000-872DB000 (28672 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) 872DB000-872E7000 (49152 bytes)
Module \SystemRoot\System32\drivers\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) 872E7000-87308000 (135168 bytes)
Module \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) 87308000-87315000 (53248 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) 87315000-87320000 (45056 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) 87320000-8732E000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) 8732E000-8734D000 (126976 bytes)
Module \SystemRoot\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) 8734D000-87358000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 87358000-873A3000 (307200 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) 873A3000-873B2000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\AcpiVpc.sys (ACPI Virtual Power Controller Driver/Lenovo Corporation) 873B2000-873C1000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) 873C1000-873D9000 (98304 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) 873D9000-873E6000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics Incorporated) 86F21000-86F53000 (204800 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) 873E6000-873E8000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) 873E8000-873F5000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) 87000000-8700E000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\CompositeBus.sys (Multi-Transport Composite Bus Enumerator/Microsoft Corporation) 8700E000-8701B000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 8701B000-87025000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys (Remote Desktop Server Driver/Microsoft Corporation) 86F53000-86F64000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) 87025000-87027000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation) 86F64000-86F98000 (212992 bytes)
Module \SystemRoot\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) 86F98000-86FA6000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) 86FA6000-86FEA000 (278528 bytes)
Module \SystemRoot\System32\Drivers\crashdmp.sys (Crash Dump Driver/Microsoft Corporation) 8729A000-872A7000 (53248 bytes)
Module \SystemRoot\System32\Drivers\dump_dumpata.sys 872A7000-872B2000 (45056 bytes)
Module \SystemRoot\System32\Drivers\dump_msahci.sys 872B2000-872BC000 (40960 bytes)
Module \SystemRoot\System32\Drivers\dump_dumpfve.sys 872BC000-872CD000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) 873F5000-87400000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\HIDCLASS.SYS (Hid Class Library/Microsoft Corporation) 86FEA000-86FFD000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\HIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation) 871E5000-871EC000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) 86C00000-86C0B000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) 86C0B000-86C22000 (94208 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) 8D8A0000-8DAF0000 (2424832 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) 86BD8000-86BE2000 (40960 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) 8DAF0000-8DB07000 (94208 bytes)
Module \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation) 8DB20000-8DB29000 (36864 bytes)
Module \SystemRoot\System32\framebuf.dll (Framebuffer Display Driver/Microsoft Corporation) 8DBA0000-8DBA8000 (32768 bytes)
Module \SystemRoot\system32\drivers\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) 86BE2000-86BFC000 (106496 bytes)
Module \??\C:\Users\lenovo\AppData\Local\Temp\pxdirpog.sys (GMER) 98027000-98040000 (102400 bytes)
Module \Windows\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 77710000-7784C000 (1294336 bytes)
Module \Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation) 47FB0000-47FC3000 (77824 bytes)
Module \Windows\System32\apisetschema.dll (ApiSet Schema DLL/Microsoft Corporation) 77950000-779A0000 (327680 bytes)
Module \Windows\System32\autochk.exe (Auto Check Utility/Microsoft Corporation)

#5 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 25 August 2012 - 02:56 AM

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process C:\Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation) 264
Library C:\Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation) 0x47FB0000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 336
Library C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x49980000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x75900000
Library C:\Windows\system32\basesrv.DLL (Windows NT BASE API Server DLL/Microsoft Corporation) 0x758F0000
Library C:\Windows\system32\winsrv.DLL (Multi-User Windows Server DLL/Microsoft Corporation) 0x758C0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\SYSTEM32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\sxssrv.DLL (Windows SxS Server DLL/Microsoft Corporation) 0x758B0000
Library C:\Windows\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x75800000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000

Process C:\Users\lenovo\Desktop\gmer.exe 340
Library C:\Users\lenovo\Desktop\gmer.exe 0x00400000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.DLL (Common Controls Library/Microsoft Corporation) 0x72460000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\VERSION.DLL (Version Checking and File Installation Libraries/Microsoft Corporation) 0x74850000

Process C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 372
Library C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 0x00CC0000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\profapi.dll (User Profile Basic API/Microsoft Corporation) 0x758A0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\system32\RpcRtRemote.dll (Remote RPC Extension/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76FA0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77930000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x750B0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75090000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 380
Library C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x49980000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x75900000
Library C:\Windows\system32\basesrv.DLL (Windows NT BASE API Server DLL/Microsoft Corporation) 0x758F0000
Library C:\Windows\system32\winsrv.DLL (Multi-User Windows Server DLL/Microsoft Corporation) 0x758C0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\SYSTEM32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\sxssrv.DLL (Windows SxS Server DLL/Microsoft Corporation) 0x758B0000
Library C:\Windows\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x75800000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000

Process C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 428
Library C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 0x00390000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75860000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\profapi.dll (User Profile Basic API/Microsoft Corporation) 0x758A0000
Library C:\Windows\system32\RpcRtRemote.dll (Remote RPC Extension/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\UXINIT.dll (Windows User Experience Session Initialization Dll/Microsoft Corporation) 0x73B30000
Library C:\Windows\system32\wkscli.dll (Workstation Service Client DLL/Microsoft Corporation) 0x750F0000
Library C:\Windows\system32\netjoin.dll (Domain Join DLL/Microsoft Corporation) 0x751D0000
Library C:\Windows\system32\netutils.dll (Net Win32 API Helpers DLL/Microsoft Corporation) 0x74E60000
Library C:\Windows\system32\SspiCli.dll (Security Support Provider Interface/Microsoft Corporation) 0x757D0000
Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x75220000

Process C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 468
Library C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 0x00310000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\SspiCli.dll (Security Support Provider Interface/Microsoft Corporation) 0x757D0000
Library C:\Windows\system32\profapi.dll (User Profile Basic API/Microsoft Corporation) 0x758A0000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\scext.dll (Service Control Manager Extension DLL for non-minwin/Microsoft Corporation) 0x757C0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757B0000
Library C:\Windows\system32\SCESRV.dll (Windows Security Configuration Editor Engine/Microsoft Corporation) 0x75760000
Library C:\Windows\system32\srvcli.dll (Server Service Client DLL/Microsoft Corporation) 0x75740000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\system32\RpcRtRemote.dll (Remote RPC Extension/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\credssp.dll (Credential Delegation Security Package/Microsoft Corporation) 0x74D80000
Library C:\Windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x754E0000
Library C:\Windows\system32\UBPM.dll (Unified Background Process Manager DLL/Microsoft Corporation) 0x74D50000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76FA0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77930000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x750B0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75090000
Library C:\Windows\system32\WTSAPI32.dll (Windows Remote Desktop Session Host Server SDK APIs/Microsoft Corporation) 0x74840000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75860000

Process C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 492
Library C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 0x00650000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\SspiSrv.dll (LSA SSPI RPC interface DLL/Microsoft Corporation) 0x75730000
Library C:\Windows\system32\lsasrv.dll (LSA Server DLL/Microsoft Corporation) 0x75630000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\SspiCli.dll (Security Support Provider Interface/Microsoft Corporation) 0x757D0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\SAMSRV.dll (SAM Server DLL/Microsoft Corporation) 0x75580000
Library C:\Windows\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x75560000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75910000
Library C:\Windows\system32\wevtapi.dll (Eventing Consumption and Configuration API/Microsoft Corporation) 0x75510000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\system32\cngaudit.dll (Windows Cryptographic Next Generation audit library/Microsoft Corporation) 0x75500000
Library C:\Windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x754E0000
Library C:\Windows\system32\ncrypt.dll (Windows cryptographic library/Microsoft Corporation) 0x75430000
Library C:\Windows\system32\bcrypt.dll (Windows Cryptographic Primitives Library/Microsoft Corporation) 0x75410000
Library C:\Windows\system32\msprivs.DLL (Microsoft Privilege Translations/Microsoft Corporation) 0x75200000
Library C:\Windows\system32\netjoin.dll (Domain Join DLL/Microsoft Corporation) 0x751D0000
Library C:\Windows\system32\negoexts.DLL (NegoExtender Security Package/Microsoft Corporation) 0x751B0000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757B0000
Library C:\Windows\system32\cryptbase.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\kerberos.DLL (Kerberos Security Package/Microsoft Corporation) 0x75120000
Library C:\Windows\system32\CRYPTSP.dll (Cryptographic Service Provider API/Microsoft Corporation) 0x75100000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76FA0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77930000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x750B0000
Library C:\Windows\System32\wship6.dll (Winsock2 Helper DLL (TL/IPv6)/Microsoft Corporation) 0x750A0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75090000
Library C:\Windows\system32\msv1_0.DLL (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x75040000
Library C:\Windows\system32\netlogon.DLL (Net Logon Services DLL/Microsoft Corporation) 0x74FB0000
Library C:\Windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x74F60000
Library C:\Windows\system32\logoncli.dll (Net Logon Client DLL/Microsoft Corporation) 0x74F30000
Library C:\Windows\system32\schannel.DLL (TLS / SSL Security Provider/Microsoft Corporation) 0x74EF0000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75A50000
Library C:\Windows\system32\wdigest.DLL (Microsoft Digest Access/Microsoft Corporation) 0x74EC0000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74E80000
Library C:\Windows\system32\tspkg.DLL (Web Service Security Package/Microsoft Corporation) 0x74E40000
Library C:\Windows\system32\pku2u.DLL (Pku2u Security Package/Microsoft Corporation) 0x74E00000
Library C:\Windows\system32\bcryptprimitives.dll (Windows Cryptographic Primitives Library/Microsoft Corporation) 0x74DC0000
Library C:\Windows\system32\RpcRtRemote.dll (Remote RPC Extension/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\efslsaext.dll (LSA extension for EFS/Microsoft Corporation) 0x74E70000
Library C:\Windows\system32\scecli.DLL (Windows Security Configuration Editor Client Engine/Microsoft Corporation) 0x74D90000
Library C:\Windows\system32\credssp.dll (Credential Delegation Security Package/Microsoft Corporation) 0x74D80000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75860000
Library C:\Windows\system32\keyiso.dll (CNG Key Isolation Service/Microsoft Corporation) 0x73C00000
Library C:\Windows\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x71FE0000
Library C:\Windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x71FD0000
Library C:\Windows\system32\netutils.dll (Net Win32 API Helpers DLL/Microsoft Corporation) 0x74E60000

Process C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 500
Library C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 0x00250000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\SYSNTFY.dll (Windows Notifications Dynamic Link Library/Microsoft Corporation) 0x75620000
Library C:\Windows\system32\WMsgAPI.dll (WinLogon IPC Client/Microsoft Corporation) 0x75610000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\pcwum.dll (Performance Counters for Windows Native DLL/Microsoft Corporation) 0x749C0000
Library C:\Windows\system32\RpcRtRemote.dll (Remote RPC Extension/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757B0000
Library C:\Windows\system32\SSPICLI.DLL (Security Support Provider Interface/Microsoft Corporation) 0x757D0000
Library C:\Windows\system32\credssp.dll (Credential Delegation Security Package/Microsoft Corporation) 0x74D80000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 596
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00330000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library c:\windows\system32\umpnpmgr.dll (User-mode Plug-and-Play Service/Microsoft Corporation) 0x74D00000
Library c:\windows\system32\SPINF.dll (Windows SPINF/Microsoft Corporation) 0x74CE0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library c:\windows\system32\DEVRTL.dll (Device Management Run Time Library/Microsoft Corporation) 0x74CD0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\system32\RpcRtRemote.dll (Remote RPC Extension/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x74A10000
Library C:\Windows\system32\profapi.dll (User Profile Basic API/Microsoft Corporation) 0x758A0000
Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x749F0000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library c:\windows\system32\umpo.dll (User-mode Power Service/Microsoft Corporation) 0x749D0000
Library c:\windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75860000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77540000
Library C:\Windows\system32\CFGMGR32.dll (Configuration Manager DLL/Microsoft Corporation) 0x75B70000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x75FB0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\DEVOBJ.dll (Device Information Set DLL/Microsoft Corporation) 0x75920000
Library c:\windows\system32\pcwum.DLL (Performance Counters for Windows Native DLL/Microsoft Corporation) 0x749C0000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x74960000
Library c:\windows\system32\SspiCli.dll (Security Support Provider Interface/Microsoft Corporation) 0x757D0000
Library C:\Windows\system32\credssp.dll (Credential Delegation Security Package/Microsoft Corporation) 0x74D80000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76040000
Library C:\Windows\system32\ntmarta.dll (Windows NT MARTA provider/Microsoft Corporation) 0x73ED0000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77860000
Library C:\Windows\system32\wbem\wmidcprv.dll (WMI/Microsoft Corporation) 0x73440000
Library C:\Windows\system32\wbem\FastProx.dll (WMI Custom Marshaller/Microsoft Corporation) 0x733A0000
Library C:\Windows\system32\wbemcomn.dll (WMI/Microsoft Corporation) 0x73B40000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76FA0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77930000
Library C:\Windows\system32\NTDSAPI.dll (Active Directory Domain Services API/Microsoft Corporation) 0x73380000
Library C:\Windows\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x73370000
Library C:\Windows\system32\CRYPTSP.dll (Cryptographic Service Provider API/Microsoft Corporation) 0x75100000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74E80000
Library C:\Windows\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x75470000
Library C:\Windows\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x75250000
Library C:\Windows\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x759D0000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75A50000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75910000
Library C:\Windows\system32\WTSAPI32.dll (Windows Remote Desktop Session Host Server SDK APIs/Microsoft Corporation) 0x74840000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 664
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00330000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library c:\windows\system32\rpcepmap.dll (RPC Endpoint Mapper/Microsoft Corporation) 0x74950000
Library C:\Windows\system32\RpcRtRemote.dll (Remote RPC Extension/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757B0000
Library C:\Windows\system32\SSPICLI.DLL (Security Support Provider Interface/Microsoft Corporation) 0x757D0000
Library C:\Windows\system32\credssp.dll (Credential Delegation Security Package/Microsoft Corporation) 0x74D80000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x74960000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library C:\Windows\system32\CRYPTSP.dll (Cryptographic Service Provider API/Microsoft Corporation) 0x75100000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74E80000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76FA0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77930000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x750B0000
Library C:\Windows\system32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75090000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76040000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x75FB0000
Library C:\Windows\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x6E910000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x75C00000
Library C:\Windows\system32\msiltcfg.dll (Windows Installer Configuration API Stub/Microsoft Corporation) 0x6EB50000
Library C:\Windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x74850000
Library C:\Windows\system32\SFC.DLL (Windows File Protection/Microsoft Corporation) 0x72B30000
Library C:\Windows\system32\sfc_os.DLL (Windows File Protection/Microsoft Corporation) 0x72B20000
Library C:\Windows\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation)

Process c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Antimalware Service Executable/Microsoft Corporation) 732
Library c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Antimalware Service Executable/Microsoft Corporation) 0x00E10000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library c:\Program Files\Microsoft Security Client\Antimalware\MpSvc.dll (Service Module/Microsoft Corporation) 0x74860000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x74850000
Library C:\Windows\system32\WTSAPI32.dll (Windows Remote Desktop Session Host Server SDK APIs/Microsoft Corporation) 0x74840000
Library c:\Program Files\Microsoft Security Client\Antimalware\MpClient.dll (Client Interface/Microsoft Corporation) 0x747B0000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x75FB0000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x74A10000
Library C:\Windows\system32\profapi.dll (User Profile Basic API/Microsoft Corporation) 0x758A0000
Library C:\Windows\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x759D0000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75A50000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75910000
Library C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x76330000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x75C00000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x749F0000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\CRYPTSP.dll (Cryptographic Service Provider API/Microsoft Corporation) 0x75100000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74E80000
Library C:\Windows\system32\ntmarta.dll (Windows NT MARTA provider/Microsoft Corporation) 0x73ED0000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77860000
Library C:\Windows\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x776E0000
Library C:\Windows\system32\ncrypt.dll (Windows cryptographic library/Microsoft Corporation) 0x75430000
Library C:\Windows\system32\bcrypt.dll (Windows Cryptographic Primitives Library/Microsoft Corporation) 0x75410000
Library C:\Windows\system32\bcryptprimitives.dll (Windows Cryptographic Primitives Library/Microsoft Corporation) 0x74DC0000
Library c:\Program Files\Microsoft Security Client\Antimalware\NisIpsPlugin.dll (Nis Ips Plugin in AM Service/Microsoft Corporation) 0x73C40000
Library c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC627BF4-AABF-4071-80C2-30C7650F7CCA}\mpengine.dll (Microsoft Malware Protection Engine/Microsoft Corporation) 0x73470000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76FA0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77930000
Library C:\Windows\system32\secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757B0000
Library C:\Windows\system32\SSPICLI.DLL (Security Support Provider Interface/Microsoft Corporation) 0x757D0000
Library C:\Windows\system32\credssp.dll (Credential Delegation Security Package/Microsoft Corporation) 0x74D80000
Library C:\Windows\system32\RpcRtRemote.dll (Remote RPC Extension/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\wscapi.dll (Windows Security Center API/Microsoft Corporation) 0x6F0C0000
Library C:\Windows\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x760D0000
Library C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x770B0000
Library C:\Windows\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x76210000
Library C:\Windows\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x761F0000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76040000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 812
Library C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00330000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\System32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library c:\windows\system32\wevtsvc.dll (Event Logging Service/Microsoft Corporation) 0x73FE0000
Library C:\Windows\System32\RpcRtRemote.dll (Remote RPC Extension/Microsoft Corporation) 0x75890000
Library C:\Windows\System32\secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757B0000
Library C:\Windows\System32\SSPICLI.DLL (Security Support Provider Interface/Microsoft Corporation) 0x757D0000
Library C:\Windows\System32\credssp.dll (Credential Delegation Security Package/Microsoft Corporation) 0x74D80000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76FA0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77930000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x750B0000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x75090000
Library C:\Windows\System32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x749F0000
Library C:\Windows\System32\ntmarta.dll (Windows NT MARTA provider/Microsoft Corporation) 0x73ED0000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77860000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 856
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00330000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library c:\windows\system32\profsvc.dll (ProfSvc/Microsoft Corporation) 0x73DB0000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x75FB0000
Library c:\windows\system32\SYSNTFY.dll (Windows Notifications Dynamic Link Library/Microsoft Corporation) 0x75620000
Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x74A10000
Library c:\windows\system32\profapi.dll (User Profile Basic API/Microsoft Corporation) 0x758A0000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x75C00000
Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x73C90000
Library C:\Windows\system32\RpcRtRemote.dll (Remote RPC Extension/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76040000
Library C:\Windows\system32\CRYPTSP.dll (Cryptographic Service Provider API/Microsoft Corporation) 0x75100000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74E80000
Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x749F0000
Library c:\windows\system32\wbem\wmisvc.dll (WMI/Microsoft Corporation) 0x73BA0000
Library C:\Windows\system32\wbemcomn.dll (WMI/Microsoft Corporation) 0x73B40000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76FA0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77930000
Library C:\Windows\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x71EB0000
Library C:\Windows\system32\VssTrace.DLL (Microsoft® Volume Shadow Copy Service Tracing Library/Microsoft Corporation) 0x754D0000
Library C:\Windows\system32\SspiCli.dll (Security Support Provider Interface/Microsoft Corporation) 0x757D0000
Library C:\Windows\system32\ntmarta.dll (Windows NT MARTA provider/Microsoft Corporation) 0x73ED0000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77860000
Library C:\Windows\system32\wbem\wbemcore.dll (Windows Management Instrumentation/Microsoft Corporation) 0x74C00000
Library C:\Windows\system32\wbem\esscli.dll (WMI/Microsoft Corporation) 0x75480000
Library C:\Windows\system32\wbem\FastProx.dll (WMI Custom Marshaller/Microsoft Corporation) 0x733A0000
Library C:\Windows\system32\NTDSAPI.dll (Active Directory Domain Services API/Microsoft Corporation) 0x73380000
Library C:\Windows\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x75470000
Library C:\Windows\system32\authZ.dll (Authorization Framework/Microsoft Corporation) 0x754E0000
Library C:\Windows\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x75250000
Library C:\Windows\system32\wbem\repdrvfs.dll (WMI Repository Driver/Microsoft Corporation) 0x74BB0000
Library C:\Windows\system32\wbem\wmiprvsd.dll (WMI/Microsoft Corporation) 0x74A60000
Library C:\Windows\system32\NCObjAPI.DLL (Microsoft Corporation) 0x74A50000
Library C:\Windows\system32\wbem\wbemess.dll (WMI/Microsoft Corporation) 0x73E70000
Library C:\Windows\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x72AB0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 912
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00330000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library c:\windows\system32\wudfsvc.dll (Windows Driver Foundation - User-mode Driver Framework Service/Microsoft Corporation) 0x73C60000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77540000
Library C:\Windows\system32\CFGMGR32.dll (Configuration Manager DLL/Microsoft Corporation) 0x75B70000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x75FB0000
Library C:\Windows\system32\DEVOBJ.dll (Device Information Set DLL/Microsoft Corporation) 0x75920000
Library c:\windows\system32\WUDFPlatform.dll (Windows Driver Foundation - User-mode Platform Library/Microsoft Corporation) 0x73C10000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76200000
Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x74850000
Library c:\windows\system32\wevtapi.dll (Eventing Consumption and Configuration API/Microsoft Corporation) 0x75510000
Library C:\Windows\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x759D0000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75A50000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75910000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 976
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00330000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library c:\windows\system32\cryptsvc.dll (Cryptographic Services/Microsoft Corporation) 0x73BD0000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75A50000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75910000
Library C:\Windows\system32\RpcRtRemote.dll (Remote RPC Extension/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\ESENT.dll (Extensible Storage Engine for Microsoft® Windows®/Microsoft Corporation) 0x6E2B0000
Library C:\Windows\system32\psapi.dll (Process Status Helper/Microsoft Corporation) 0x76200000

Process C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1144
Library C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation) 0x004A0000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x75C00000
Library C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x76330000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x75FB0000
Library C:\Windows\system32\EXPLORERFRAME.dll (ExplorerFrame/Microsoft Corporation) 0x71D40000
Library C:\Windows\system32\DUser.dll (Windows DirectUser Engine/Microsoft Corporation) 0x740F0000
Library C:\Windows\system32\DUI70.dll (Windows DirectUI Engine/Microsoft Corporation) 0x74120000
Library C:\Windows\system32\IMM32.dll (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x74370000
Library C:\Windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74AF0000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77540000
Library C:\Windows\system32\CFGMGR32.dll (Configuration Manager DLL/Microsoft Corporation) 0x75B70000
Library C:\Windows\system32\DEVOBJ.dll (Device Information Set DLL/Microsoft Corporation) 0x75920000
Library C:\Windows\system32\dwmapi.dll (Microsoft Desktop Window Manager API/Microsoft Corporation) 0x73F30000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75210000
Library C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x741E0000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757B0000
Library C:\Windows\system32\SSPICLI.DLL (Security Support Provider Interface/Microsoft Corporation) 0x757D0000
Library C:\Windows\system32\PROPSYS.dll (Microsoft Property System/Microsoft Corporation) 0x743B0000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75860000
Library C:\Windows\system32\CRYPTBASE.dll (Base cryptographic API DLL/Microsoft Corporation) 0x757F0000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x75270000
Library C:\Windows\system32\WindowsCodecs.dll (Microsoft Windows Codecs Library/Microsoft Corporation) 0x73CB0000
Library C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x74B60000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76040000
Library C:\Windows\system32\EhStorShell.dll (Windows Enhanced Storage Shell Extension DLL/Microsoft Corporation) 0x74B20000
Library C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft SharePoint Workspace Extensions/Microsoft Corporation) 0x71930000
Library C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCR90.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x71880000
Library C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\MSVCP90.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x73DE0000
Library C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.DLL (ATL Module for Windows (Unicode)/Microsoft Corporation) 0x71850000
Library C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf 0x71430000
Library C:\PROGRA~1\MICROS~3\Office14\1033\GrooveIntlResource.dll 0x70BC0000
Library C:\Windows\system32\ntshrui.dll (Shell extensions for sharing/Microsoft Corporation) 0x70B50000
Library C:\Windows\system32\srvcli.dll (Server Service Client DLL/Microsoft Corporation) 0x75740000
Library C:\Windows\system32\cscapi.dll (Offline Files Win32 API/Microsoft Corporation) 0x75240000
Library C:\Windows\system32\IconCodecService.dll (Converts a PNG part of the icon to a legacy bmp icon/Microsoft Corporation) 0x74A30000
Library C:\Windows\system32\profapi.dll (User Profile Basic API/Microsoft Corporation) 0x758A0000
Library C:\Windows\system32\CRYPTSP.dll (Cryptographic Service Provider API/Microsoft Corporation) 0x75100000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74E80000
Library C:\Windows\system32\RpcRtRemote.dll (Remote RPC Extension/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\wkscli.dll (Workstation Service Client DLL/Microsoft Corporation) 0x750F0000
Library C:\Windows\system32\netjoin.dll (Domain Join DLL/Microsoft Corporation) 0x751D0000
Library C:\Windows\system32\netutils.dll (Net Win32 API Helpers DLL/Microsoft Corporation) 0x74E60000
Library C:\Windows\system32\themeui.dll (Windows Theme API/Microsoft Corporation) 0x707B0000
Library C:\Windows\system32\SndVolSSO.DLL (SCA Volume/Microsoft Corporation) 0x73FA0000
Library C:\Windows\system32\HID.DLL (Hid User Library/Microsoft Corporation) 0x73F90000
Library C:\Windows\System32\MMDevApi.dll (MMDevice API/Microsoft Corporation) 0x73F50000
Library C:\Windows\system32\timedate.cpl (Time Date Control Panel Applet/Microsoft Corporation) 0x70730000
Library C:\Windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x73C90000
Library C:\Windows\system32\WINBRAND.dll (Windows Branding Resources/Microsoft Corporation) 0x73C80000
Library C:\Windows\system32\ntmarta.dll (Windows NT MARTA provider/Microsoft Corporation) 0x73ED0000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x77860000
Library C:\Windows\System32\shdocvw.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x706D0000
Library C:\Windows\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x706C0000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x74A10000
Library C:\Windows\System32\shacct.dll (Shell Accounts Classes/Microsoft Corporation) 0x744D0000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x744B0000
Library C:\Windows\system32\samcli.dll (Security Accounts Manager Client DLL/Microsoft Corporation) 0x73360000
Library C:\Windows\System32\gameux.dll (Games Explorer/Microsoft Corporation) 0x70440000
Library C:\Windows\System32\XmlLite.dll (Microsoft XmlLite Library/Microsoft Corporation) 0x73F00000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x75A50000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75910000
Library C:\Windows\System32\wer.dll (Windows Error Reporting DLL/Microsoft Corporation) 0x70A70000
Library C:\Windows\system32\msls31.dll (Microsoft Line Services library file/Microsoft Corporation) 0x70370000
Library C:\Windows\system32\authui.dll (Windows Authentication UI/Microsoft Corporation) 0x745F0000
Library C:\Windows\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x744F0000
Library C:\Windows\system32\thumbcache.dll (Microsoft Thumbnail Cache/Microsoft Corporation) 0x70350000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76200000
Library C:\Windows\system32\stobject.dll (Systray shell service object/Microsoft Corporation) 0x70310000
Library C:\Windows\system32\BatMeter.dll (Battery Meter Helper DLL/Microsoft Corporation) 0x70250000
Library C:\Windows\system32\WTSAPI32.dll (Windows Remote Desktop Session Host Server SDK APIs/Microsoft Corporation) 0x74840000
Library C:\Windows\system32\es.dll (COM+/Microsoft Corporation) 0x70200000
Library C:\Windows\system32\prnfldr.dll (prnfldr dll/Microsoft Corporation) 0x70190000
Library C:\Windows\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x70130000
Library C:\Windows\system32\dxp.dll (Device Stage Shell Extension/Microsoft Corporation) 0x700C0000
Library C:\Windows\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x760D0000
Library C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x770B0000
Library C:\Windows\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x76210000
Library C:\Windows\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x761F0000
Library C:\Windows\system32\Syncreg.dll (Microsoft Synchronization Framework Registration/Microsoft Corporation) 0x700B0000
Library C:\Windows\System32\HelpPaneProxy.dll (Microsoft® Help Proxy/Microsoft Corporation) 0x70090000
Library C:\Windows\System32\AltTab.dll (Windows Shell Alt Tab/Microsoft Corporation) 0x70080000
Library C:\Windows\System32\pnidui.dll (Network System Icon/Microsoft Corporation) 0x6FD20000
Library C:\Windows\System32\QUtil.dll (Quarantine Utilities/Microsoft Corporation) 0x6FD00000
Library C:\Windows\System32\wevtapi.dll (Eventing Consumption and Configuration API/Microsoft Corporation) 0x75510000
Library C:\Windows\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x71FE0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x77930000
Library C:\Windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x71FD0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x76FA0000
Library C:\Windows\system32\credssp.dll (Credential Delegation Security Package/Microsoft Corporation) 0x74D80000
Library C:\Windows\system32\Wlanapi.dll (Windows WLAN AutoConfig Client Side API DLL/Microsoft Corporation) 0x6FCE0000
Library C:\Windows\system32\wlanutil.dll (Windows Wireless LAN 802.11 Utility DLL/Microsoft Corporation) 0x6FCD0000
Library C:\Windows\system32\wwanapi.dll (Mbnapi/Microsoft Corporation) 0x6FBD0000
Library C:\Windows\system32\wwapi.dll (WWAN API/Microsoft Corporation) 0x6FBC0000
Library C:\Windows\System32\QAgent.dll (Quarantine Agent Proxy/Microsoft Corporation) 0x6FB90000
Library C:\Windows\System32\bthprops.cpl (Bluetooth Control Panel Applet/Microsoft Corporation) 0x6FAE0000
Library C:\Windows\System32\ieframe.dll (Internet Browser/Microsoft Corporation) 0x6F190000
Library C:\Windows\System32\OLEACC.dll (Active Accessibility Core Component/Microsoft Corporation) 0x6F000000
Library C:\Windows\system32\NetworkExplorer.dll (Network Explorer/Microsoft Corporation) 0x6EE60000
Library C:\Windows\System32\Actioncenter.dll (Action Center/Microsoft Corporation) 0x6EDA0000
Library C:\Windows\system32\msiltcfg.dll (Windows Installer Configuration API Stub/Microsoft Corporation) 0x6EB50000
Library C:\Windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x74850000
Library C:\Windows\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x6E910000
Library C:\Windows\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75800000
Library C:\Windows\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x759D0000
Library C:\Windows\System32\UIAnimation.dll (Windows Animation Manager/Microsoft Corporation) 0x6F0A0000
Library C:\Windows\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x6F060000
Library C:\Windows\system32\wdmaud.drv (Winmm audio system driver/Microsoft Corporation) 0x6ED70000
Library C:\Windows\system32\ksuser.dll (User CSA Library/Microsoft Corporation) 0x6F050000
Library C:\Windows\system32\AVRT.dll (Multimedia Realtime Runtime/Microsoft Corporation) 0x6F040000
Library C:\Windows\system32\fxsst.dll (Fax Service/Microsoft Corporation) 0x6DC70000
Library C:\Windows\system32\FXSAPI.dll (Microsoft Fax API Support DLL/Microsoft Corporation) 0x6EB90000
Library C:\Windows\system32\FXSRESM.DLL (Microsoft Fax Resource DLL/Microsoft Corporation) 0x6DB80000
Library C:\Windows\System32\netshell.dll (Network Connections Shell/Microsoft Corporation) 0x730F0000
Library C:\Windows\System32\nlaapi.dll (Network Location Awareness 2/Microsoft Corporation) 0x730E0000
Library C:\Windows\system32\wpdshserviceobj.dll (Windows Portable Device Shell Service Object/Microsoft Corporation) 0x730C0000
Library C:\Windows\system32\PortableDeviceTypes.dll (Windows Portable Device (Parameter) Types Component/Microsoft Corporation) 0x73090000
Library C:\Windows\system32\PortableDeviceApi.dll (Windows Portable Device API Components/Microsoft Corporation) 0x73000000
Library C:\Windows\System32\srchadmin.dll (Indexing Options/Microsoft Corporation) 0x72FB0000
Library C:\Windows\system32\taskschd.dll (Task Scheduler COM API/Microsoft Corporation) 0x72F30000
Library C:\Windows\System32\SyncCenter.dll (Microsoft Sync Center/Microsoft Corporation) 0x72D20000
Library C:\Windows\system32\imapi2.dll (Image Mastering API v2/Microsoft Corporation) 0x72CB0000
Library C:\Windows\System32\mstask.dll (Task Scheduler interface DLL/Microsoft Corporation) 0x72C70000
Library C:\Windows\System32\hgcpl.dll (HomeGroup Control Panel/Microsoft Corporation) 0x72C20000
Library C:\Windows\System32\provsvc.dll (Windows HomeGroup/Microsoft Corporation) 0x72BF0000
Library C:\Windows\system32\actxprxy.dll (ActiveX Interface Marshaling Library/Microsoft Corporation) 0x72BA0000
Library C:\Windows\System32\netprofm.dll (Network List Manager/Microsoft Corporation) 0x72B40000
Library C:\Windows\system32\SearchFolder.dll (SearchFolder/Microsoft Corporation) 0x72810000
Library C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll (Microsoft Office Shell Extension Handlers/Microsoft Corporation) 0x72360000
Library C:\Windows\System32\msxml6.dll (MSXML 6.0 SP3/Microsoft Corporation) 0x728B0000
Library C:\Windows\system32\SFC.DLL (Windows File Protection/Microsoft Corporation) 0x72B30000
Library C:\Windows\system32\sfc_os.DLL (Windows File Protection/Microsoft Corporation) 0x72B20000
Library C:\Windows\system32\DEVRTL.dll (Device Management Run Time Library/Microsoft Corporation) 0x74CD0000
Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x75220000
Library C:\Windows\system32\MsftEdit.dll (Rich Text Edit Control, v4.1/Microsoft Corporation) 0x6E1E0000
Library C:\Windows\System32\StructuredQuery.dll (Structured Query/Microsoft Corporation) 0x72AC0000
Library C:\Windows\System32\NaturalLanguage6.dll (Natural Language Development Platform 6/Microsoft Corporation) 0x726B0000
Library C:\Windows\System32\NLSData0009.dll (Microsoft English Natural Language Server Data and Code/Microsoft Corporation) 0x6E460000
Library C:\Windows\System32\NLSLexicons0009.dll (Microsoft English Natural Language Server Data and Code/Microsoft Corporation) 0x720D0000
Library C:\Windows\system32\tquery.dll (tquery.dll/Microsoft Corporation) 0x72530000
Library C:\Program Files\Common Files\System\Ole DB\oledb32.dll (OLE DB Core Services/Microsoft Corporation) 0x6FFA0000
Library C:\Windows\system32\MSDART.DLL (OLE DB Runtime Routines/Microsoft Corporation) 0x72A20000
Library C:\Windows\system32\bcrypt.dll (Windows Cryptographic Primitives Library/Microsoft Corporation) 0x75410000
Library C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL (OLE DB Core Services Resources/Microsoft Corporation) 0x727F0000
Library C:\Windows\system32\MLANG.dll (Multi Language Support DLL/Microsoft Corporation) 0x727A0000
Library C:\Program Files\Internet Explorer\ieproxy.dll (IE ActiveX Interface Marshaling Library/Microsoft Corporation) 0x724F0000

Process C:\Windows\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 1256
Library C:\Windows\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 0x00AF0000
Library C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x77710000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75E20000
Library C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75A00000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77000000
Library C:\Windows\system32\MsCtfMonitor.DLL (MsCtfMonitor DLL/Microsoft Corporation) 0x70AE0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x77310000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x75CB0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75C60000
Library C:\Windows\system32\LPK.dll (Language Pack/Microsoft Corporation) 0x77850000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x77270000
Library C:\Windows\system32\IMM32.dll (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x76FE0000
Library C:\Windows\system32\MSUTB.dll (MSUTB Server DLL/Microsoft Corporation) 0x70700000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75F00000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x75860000
Library C:\Windows\system32\WTSAPI32.dll (Windows Remote Desktop Session Host Server SDK APIs/Microsoft Corporation) 0x74840000
Library C:\Windows\SYSTEM32\sechost.dll (Host for SCM/SDDL/LSA Lookup APIs/Microsoft Corporation) 0x76F80000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75D80000

---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] 1394hub
Service C:\Windows\system32\drivers\1394ohci.sys (1394 OpenHCI Driver/Microsoft Corporation) [MANUAL] 1394ohci
Service C:\Windows\system32\drivers\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service C:\Windows\system32\drivers\acpipmi.sys (ACPI Power Metering Driver/Microsoft Corporation) [MANUAL] AcpiPmi
Service C:\Windows\system32\DRIVERS\AcpiVpc.sys (ACPI Virtual Power Controller Driver/Lenovo Corporation) [MANUAL] ACPIVPC
Service C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/Adobe Systems Incorporated) [AUTO] AdobeARMservice
Service C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 11.3 r300/Adobe Systems Incorporated) [MANUAL] AdobeFlashPlayerUpdateSvc
Service C:\Windows\system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [MANUAL] adp94xx
Service C:\Windows\system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [MANUAL] adpahci
Service C:\Windows\system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver/Adaptec, Inc.) [MANUAL] adpu320
Service adsi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AeLookupSvc
Service C:\Windows\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service C:\Windows\system32\drivers\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440
Service C:\Windows\system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [MANUAL] aic78xx
Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service C:\Windows\system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [MANUAL] aliide
Service C:\Windows\system32\drivers\amdagp.sys (AMD NT AGP Filter/Microsoft Corporation) [MANUAL] amdagp
Service C:\Windows\system32\drivers\amdide.sys (AMD IDE Driver/Microsoft Corporation) [MANUAL] amdide
Service C:\Windows\system32\drivers\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8
Service C:\Windows\system32\drivers\amdppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdPPM
Service C:\Windows\system32\drivers\amdsata.sys (AHCI 1.2 Device Driver/Advanced Micro Devices) [MANUAL] amdsata
Service C:\Windows\system32\drivers\amdsbs.sys (AMD Technology AHCI Compatible Controller Driver for Windows family/AMD Technologies Inc.) [MANUAL] amdsbs
Service C:\Windows\system32\drivers\amdxata.sys (Storage Filter Driver/Advanced Micro Devices) [BOOT] amdxata
Service C:\Windows\system32\drivers\appid.sys (AppID Driver/Microsoft Corporation) [MANUAL] AppID
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AppIDSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo
Service C:\Windows\system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [MANUAL] arc
Service C:\Windows\system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [MANUAL] arcsas
Service C:\Windows\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\Windows\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Audiosrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AxInstSV
Service C:\Windows\system32\drivers\bxvbdx.sys (Broadcom NetXtreme II GigE VBD/Broadcom Corporation) [MANUAL] b06bdrv
Service C:\Windows\system32\DRIVERS\b57nd60x.sys (Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver./Broadcom Corporation) [MANUAL] b57nd60x
Service (Battery Class Driver/Microsoft Corporation) BattC
Service C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corporation) [MANUAL] BCM43XX
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] BDESVC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] BITS
Service C:\Windows\system32\DRIVERS\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [SYSTEM] blbdrive
Service C:\Windows\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
Service C:\Windows\system32\drivers\BrFiltLo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service C:\Windows\system32\drivers\BrFiltUp.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Browser
Service C:\Windows\System32\Drivers\Brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [MANUAL] Brserid
Service C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm
Service C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm
Service C:\Windows\System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service C:\Windows\system32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM
Service BTHPORT
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] bthserv
Service C:\Windows\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
Service C:\Windows\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc
Service C:\Windows\system32\ChgService.exe [AUTO] Change Modem Device Service
Service C:\Windows\system32\drivers\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [MANUAL] circlass
Service C:\Windows\System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service C:\Windows\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt
Service C:\Windows\system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [MANUAL] cmdide
Service C:\Windows\system32\DRIVERS\cmnsusbser.sys (USB Modem/Serial Device Driver/QUALCOMM Incorporated) [MANUAL] cmnsusbser
Service C:\Windows\System32\Drivers\cng.sys (Kernel Cryptography, Next Generation/Microsoft Corporation) [BOOT] CNG
Service C:\Windows\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt
Service C:\Windows\system32\DRIVERS\CompositeBus.sys (Multi-Transport Composite Bus Enumerator/Microsoft Corporation) [MANUAL] CompositeBus
Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service C:\Windows\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [DISABLED] crcdisk
Service crypt32
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc
Service DCLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] defragsvc
Service C:\Windows\System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\Windows\System32\drivers\discache.sys (System Indexer/Cache Driver/Microsoft Corporation) [SYSTEM] discache
Service C:\Windows\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS
Service C:\Windows\system32\drivers\drmkaud.sys (Microsoft Trusted Audio Drivers/Microsoft Corporation) [MANUAL] drmkaud
Service C:\Windows\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\Windows\system32\drivers\evbdx.sys (Broadcom NetXtreme II 10 GigE VBD/Broadcom Corporation) [MANUAL] ebdrv
Service C:\Windows\System32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] EFS
Service C:\Windows\system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [MANUAL] elxstor
Service C:\Windows\system32\drivers\errdev.sys (Error Device Driver/Microsoft Corporation) [MANUAL] ErrDev
Service ESENT
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] eventlog
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem
Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat
Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat
Service C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation) [MANUAL] Fax
Service C:\Windows\system32\drivers\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] fdc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] fdPHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] FDResPub
Service C:\Windows\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo
Service C:\Windows\system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace
Service C:\Windows\system32\drivers\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk
Service C:\Windows\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FontCache
Service C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service C:\Windows\System32\drivers\FsDepends.sys (File System Dependency Manager Mini Filter Driver/Microsoft Corporation) [MANUAL] FsDepends
Service (File System Recognizer Driver/Microsoft Corporation) [BOOT] Fs_Rec
Service C:\Windows\System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) [BOOT] fvevol
Service C:\Windows\system32\drivers\gagp30kx.sys (MS Generic AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] gagp30kx
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] gpsvc
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [AUTO] gupdate
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [MANUAL] gupdatem
Service C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge WinTV 885 Consumer IR Driver for eHome/Hauppauge Computer Works, Inc.) [MANUAL] hcw85cir
Service C:\Windows\system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService
Service C:\Windows\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus
Service C:\Windows\system32\drivers\HidBatt.sys (Hid Battery Driver/Microsoft Corporation) [MANUAL] HidBatt
Service C:\Windows\system32\drivers\hidbth.sys (Bluetooth Miniport Driver for HID Devices/Microsoft Corporation) [MANUAL] HidBth
Service C:\Windows\system32\drivers\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidIr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hidserv
Service C:\Windows\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hkmsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] HomeGroupListener
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] HomeGroupProvider
Service C:\Windows\system32\drivers\HpSAMD.sys (Smart Array SAS/SATA Controller Media Driver/Hewlett-Packard Company) [MANUAL] HpSAMD
Service C:\Windows\system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\Windows\System32\drivers\hwpolicy.sys (Hardware Policy Driver/Microsoft Corporation) [BOOT] hwpolicy
Service C:\Windows\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [MANUAL] i8042prt
Service ialm
Service C:\Windows\system32\drivers\iaStorV.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation) [MANUAL] iaStorV
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) [MANUAL] igfx
Service C:\Windows\system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [MANUAL] iirsp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] IKEEXT
Service inetaccs
Service C:\Windows\system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [BOOT] intelide
Service C:\Windows\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] IPBusEnum
Service C:\Windows\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] iphlpsvc
Service C:\Windows\system32\drivers\IPMIDrv.sys (WMI IPMI DRIVER/Microsoft Corporation) [MANUAL] IPMIDRV
Service C:\Windows\System32\drivers\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT
Service C:\Windows\system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service C:\Windows\system32\drivers\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [MANUAL] isapnp
Service C:\Windows\system32\drivers\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt
Service C:\Windows\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [MANUAL] kbdclass
Service C:\Windows\system32\drivers\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation) [MANUAL] kbdhid
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso
Service C:\Windows\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\Windows\System32\Drivers\ksecpkg.sys (Kernel Security Support Provider Interface Packages/Microsoft Corporation) [BOOT] KSecPkg
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] KtmRm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation
Service ldap
Service C:\Windows\system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts
Service Lsa
Service C:\Windows\system32\drivers\lsi_fc.sys (LSI Fusion-MPT FC Driver (StorPort)/LSI Corporation) [MANUAL] LSI_FC
Service C:\Windows\system32\drivers\lsi_sas.sys (LSI Fusion-MPT SAS Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS
Service C:\Windows\system32\drivers\lsi_sas2.sys (LSI SAS Gen2 Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS2
Service C:\Windows\system32\drivers\lsi_scsi.sys (LSI Fusion-MPT SCSI Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SCSI
Service C:\Windows\system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv
Service C:\??\C:\Windows\system32\drivers\mbamswissarmy.sys [MANUAL] MBAMSwissArmy
Service C:\Windows\system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows 7 for x86/LSI Corporation) [MANUAL] megasas
Service C:\Windows\system32\drivers\MegaSR.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [MANUAL] MegaSR
Service C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft SharePoint Workspace/Microsoft Corporation) [MANUAL] Microsoft SharePoint Workspace Audit Service
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS
Service C:\Windows\system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\Windows\system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
Service C:\Windows\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [MANUAL] mouclass
Service C:\Windows\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service C:\Windows\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [BOOT] mountmgr
Service C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) [MANUAL] MozillaMaintenance
Service C:\Windows\system32\DRIVERS\MpFilter.sys (Microsoft antimalware file system filter driver/Microsoft Corporation) [SYSTEM] MpFilter
Service C:\Windows\system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [MANUAL] mpio
Service C:\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC627BF4-AABF-4071-80C2-30C7650F7CCA}\MpKsl0b718445.sys [SYSTEM] MpKsl0b718445
Service C:\Windows\system32\DRIVERS\MpNWMon.sys (Network monitor driver/Microsoft Corporation) [MANUAL] MpNWMon
Service C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc
Service C:\Windows\system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\Windows\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
Service C:\Windows\system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
Service C:\Windows\system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
Service C:\Windows\system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [BOOT] msahci
Service C:\Windows\system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [MANUAL] msdsm
Service C:\Windows\System32\msdtc.exe (Microsoft Distributed Transaction Coordinator Service/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\Windows\System32\drivers\mshidkmdf.sys (Pass-through HID to KMDF Filter Driver/Microsoft Corporation) [MANUAL] mshidkmdf
Service C:\Windows\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] msiserver
Service C:\Windows\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Antimalware Service Executable/Microsoft Corporation) [AUTO] MsMpSvc
Service C:\Windows\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\Windows\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC
Service MSSCNTRS
Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [SYSTEM] mssmbios
Service C:\Windows\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service C:\Windows\system32\drivers\MTConfig.sys (Microsoft Multi-Touch HID Driver/Microsoft Corporation) [MANUAL] MTConfig
Service C:\Windows\System32\Drivers\mup.sys (Multiple UNC Provider Driver/Microsoft Corporation) [BOOT] Mup
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent
Service C:\Windows\system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP
Service C:\Windows\system32\drivers\ndis.sys (NDIS 6.20 driver/Microsoft Corporation) [BOOT] NDIS
Service C:\Windows\system32\DRIVERS\ndiscap.sys (NDIS Packet Capture Filter Driver/Microsoft Corporation) [MANUAL] NdisCap
Service C:\Windows\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\Windows\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\Windows\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\Windows\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\Windows\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Netman
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] netprofm
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service Network Inspection System
Service C:\Windows\system32\drivers\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [MANUAL] nfrd960
Service C:\Windows\system32\DRIVERS\NisDrvWFP.sys (Microsoft Network Inspection System Driver/Microsoft Corporation) [MANUAL] NisDrv
Service c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Network Inspection System/Microsoft Corporation) [MANUAL] NisSrv
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] NlaSvc
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] nsi
Service C:\Windows\system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy
Service NTDS
Service (NT File System Driver/Microsoft Corporation) [MANUAL] Ntfs
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\Windows\system32\drivers\nvraid.sys (NVIDIA® nForce™ RAID Driver/NVIDIA Corporation) [MANUAL] nvraid
Service C:\Windows\system32\drivers\nvstor.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) [MANUAL] nvstor
Service C:\Windows\system32\drivers\nv_agp.sys (NForce NT AGP Filter/Microsoft Corporation) [MANUAL] nv_agp
Service C:\Windows\system32\drivers\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Office Software Protection Platform Service/Microsoft Corporation) [MANUAL] osppsvc
Service Outlook
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2pimsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2psvc
Service C:\Windows\system32\drivers\parport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
Service C:\Windows\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr
Service C:\Windows\system32\drivers\parvdm.sys (VDM Parallel Driver/Microsoft Corporation) [AUTO] Parvdm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PcaSvc
Service C:\Windows\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] pci
Service C:\Windows\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [MANUAL] pciide
Service C:\Windows\system32\drivers\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [MANUAL] pcmcia
Service C:\Windows\System32\drivers\pcw.sys (Performance Counters for Windows Driver/Microsoft Corporation) [BOOT] pcw
Service C:\Windows\system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] pla
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PlugPlay
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPAutoReg
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PolicyAgent
Service PortProxy
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Power
Service C:\Windows\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\Windows\system32\drivers\processr.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] Processor
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ProfSvc
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage
Service C:\Windows\system32\DRIVERS\pacer.sys (QoS Packet Scheduler/Microsoft Corporation) [SYSTEM] Psched
Service C:\Windows\system32\drivers\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [MANUAL] ql2300
Service C:\Windows\system32\drivers\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [MANUAL] ql40xx
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] QWAVE
Service C:\Windows\system32\drivers\qwavedrv.sys (Microsoft Quality Windows Audio Video Experience (qWave) Support Driver/Microsoft Corporation) [MANUAL] QWAVEdrv
Service C:\Windows\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [MANUAL] RasAcd
Service C:\Windows\system32\DRIVERS\AgileVpn.sys (RAS Agile Vpn Miniport Call Manager/Microsoft Corporation) [MANUAL] RasAgileVpn
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\Windows\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\Windows\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\Windows\system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp
Service C:\Windows\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] rdbss
Service C:\Windows\system32\drivers\rdpbus.sys (Microsoft RDP Bus Device driver/Microsoft Corporation) [MANUAL] rdpbus
Service C:\Windows\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Encoder Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
Service RDPNP
Service C:\Windows\system32\drivers\rdprefmp.sys (RDP Reflector Driver Miniport/Microsoft Corporation) [SYSTEM] RDPREFMP
Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD
Service C:\Windows\System32\drivers\rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) [BOOT] rdyboost
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RemoteRegistry
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcEptMapper
Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\Windows\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
Service C:\Windows\System32\Drivers\RtsUStor.sys (Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7/Realtek Semiconductor Corp.) [MANUAL] RSUSBSTOR
Service C:\Windows\system32\DRIVERS\Rt86win7.sys (Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver /Realtek ) [MANUAL] RTL8167
Service system32\DRIVERS\Rts516xIR.sys [MANUAL] RtsUIR
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs
Service C:\Windows\system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [MANUAL] sbp2port
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\Windows\System32\DRIVERS\scfilter.sys (Microsoft Smart Card Reader Filter Driver/Microsoft Corporation) [MANUAL] scfilter
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Schedule
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCPolicySvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SDRSVC
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] seclogon
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SENS
Service C:\Windows\system32\drivers\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum
Service C:\Windows\system32\drivers\serial.sys (Serial Device Driver/Microsoft Corporation) [MANUAL] Serial
Service C:\Windows\system32\drivers\sermouse.sys (Serial Mouse Filter Driver/Microsoft Corporation) [MANUAL] sermouse
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SessionEnv
Service C:\Windows\system32\drivers\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk
Service C:\Windows\system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc
Service C:\Windows\system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
Service C:\Windows\system32\drivers\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [MANUAL] sfloppy
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] SharedAccess
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service C:\Windows\system32\drivers\sisagp.sys (SIS NT AGP Filter/Microsoft Corporation) [MANUAL] sisagp
Service C:\Windows\system32\drivers\SiSRaid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [MANUAL] SiSRaid2
Service C:\Windows\system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [MANUAL] SiSRaid4
Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype C2C Service/Skype Technologies S.A.) [AUTO] Skype C2C Service
Service C:\Program Files\Skype\Updater\Updater.exe (Skype Updater Service/Skype Technologies) [AUTO] SkypeUpdate
Service C:\Windows\system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [MANUAL] Smb
Service SMSvcHost 3.0.0.0
Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP
Service (loader for security processor/Microsoft Corporation) [BOOT] spldr
Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\Windows\system32\sppsvc.exe (Microsoft Software Protection Platform Service/Microsoft Corporation) [AUTO] sppsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] sppuinotify
Service C:\Windows\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv
Service C:\Windows\System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2
Service C:\Windows\System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SstpSvc
Service C:\Windows\system32\drivers\stexstor.sys (Promise SuperTrak EX Series Driver for Windows /Promise Technology) [MANUAL] stexstor
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] StiSvc
Service C:\Windows\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv
Service C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics Incorporated) [MANUAL] SynTP
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain
Service C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe (System Repair Application/Lenovo Group Limited) [AUTO] System_Repair_UpdateMonitor
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TabletInputService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TBS
Service C:\Windows\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [BOOT] Tcpip
Service C:\Windows\system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] TCPIP6
Service TCPIP6TUNNEL
Service C:\Windows\System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg
Service TCPIPTUNNEL
Service C:\Windows\system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service C:\Windows\system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\Windows\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx
Service C:\Windows\system32\DRIVERS\termdd.sys (Remote Desktop Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TermService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller
Service TSDDD
Service C:\Windows\System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv
Service C:\Windows\System32\drivers\tsusbflt.sys (Remote Desktop USB Hub Filter Driver/Microsoft Corporation) [MANUAL] TsUsbFlt
Service C:\Windows\system32\drivers\TsUsbGD.sys (Remote Desktop Generic USB Driver/Microsoft Corporation) [MANUAL] TsUsbGD
Service C:\Windows\system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel
Service C:\Windows\system32\DRIVERS\tvtumon.sys (Windows Update Monitor Driver/Lenovo) [AUTO] tvtumon
Service C:\Windows\system32\drivers\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35
Service C:\Windows\system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs
Service UGatherer
Service UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect
Service C:\Windows\system32\drivers\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx
Service C:\Windows\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus
Service C:\Windows\system32\drivers\umpass.sys (Generic pass-through driver/Microsoft Corporation) [MANUAL] UmPass
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] upnphost
Service C:\Windows\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service system32\DRIVERS\RtsUCcid.sys [MANUAL] USBCCID
Service C:\Windows\system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [MANUAL] usbcir
Service C:\Windows\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\Windows\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\Windows\system32\drivers\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service C:\Windows\system32\drivers\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\Windows\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\Windows\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:\Windows\System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation) [MANUAL] usbvideo
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] UxSms
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] VaultSvc
Service C:\Windows\system32\drivers\vdrvroot.sys (Virtual Drive Root Enumerator/Microsoft Corporation) [BOOT] vdrvroot
Service C:\Windows\System32\vds.exe (Virtual Disk Service/Microsoft Corporation) [MANUAL] vds
Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service C:\Windows\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service C:\Windows\system32\drivers\vhdmp.sys (VHD Miniport Driver/Microsoft Corporation) [MANUAL] vhdmp
Service C:\Windows\system32\drivers\viaagp.sys (VIA NT AGP Filter/Microsoft Corporation) [MANUAL] viaagp
Service C:\Windows\system32\drivers\viac7.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] ViaC7
Service C:\Windows\system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [MANUAL] viaide
Service C:\Windows\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr
Service C:\Windows\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) [BOOT] volmgrx
Service C:\Windows\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] volsnap
Service C:\Windows\system32\drivers\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [MANUAL] vsmraid
Service C:\Windows\system32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service C:\Windows\system32\DRIVERS\vwifibus.sys (Virtual WiFi Bus Driver/Microsoft Corporation) [MANUAL] vwifibus
Service C:\Windows\system32\DRIVERS\vwififlt.sys (Virtual WiFi Filter Driver/Microsoft Corporation) [SYSTEM] vwififlt
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] W32Time
Service W3SVC
Service C:\Windows\system32\drivers\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [MANUAL] WacomPen
Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] WANARP
Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6
Service C:\Windows\system32\wbengine.exe (Microsoft® Block Level Backup Engine Service EXE/Microsoft Corporation) [MANUAL] wbengine
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WbioSrvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wcncsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WcsPlugInService
Service C:\Windows\system32\drivers\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [MANUAL] Wd
Service C:\Windows\system32\drivers\Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) [BOOT] Wdf01000
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiServiceHost
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiSystemHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WebClient
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Wecsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wercplsupport
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WerSvc
Service C:\Windows\system32\DRIVERS\wfplwf.sys (WFP NDIS 6.20 Lightweight Filter Driver/Microsoft Corporation) [SYSTEM] WfpLwf
Service C:\Windows\system32\drivers\wimmount.sys (Wim file system Driver/Microsoft Corporation) [MANUAL] WIMMount
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinDefend
Service Windows Workflow Foundation 3.0.0.0
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Winmgmt
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Wlansvc
Service C:\Windows\system32\drivers\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [MANUAL] WmiAcpi
Service WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv
Service C:\Program Files\Windows Media Player\wmpnetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPCSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPDBusEnum
Service C:\Windows\system32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] ws2ifsl
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) [AUTO] WSearch
Service WSearchIdxPi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\Windows\system32\drivers\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
Service C:\Windows\system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wudfsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WwanSvc
Service xmlprov
Service {3AB21E5E-068E-455A-B5C2-984D1FCE033B}
Service {CFD1CEAC-5E2D-41C4-9670-F7140655F4C5}

---- EOF - GMER 1.0.15 ----

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:11 AM

Posted 25 August 2012 - 08:16 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Can you run aswMBR first

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#7 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 27 August 2012 - 12:23 AM

Okay. So here's the aswMBR log file:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 12:30:14
-----------------------------
12:30:14.991 OS Version: Windows 6.1.7601 Service Pack 1
12:30:14.991 Number of processors: 2 586 0x1C02
12:30:14.991 ComputerName: LENOVO-PC UserName: lenovo
12:31:35.206 Initialize success
12:32:01.991 AVAST engine defs: 12082600
12:32:15.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
12:32:15.033 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 00000009 Size: 152627MB BusType: 11
12:32:15.080 Disk 0 MBR read successfully
12:32:15.095 Disk 0 MBR scan
12:32:15.204 Disk 0 Windows 7 default MBR code
12:32:15.236 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:32:15.454 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
12:32:15.626 Disk 0 scanning sectors +312578048
12:32:15.922 Disk 0 scanning C:\Windows\system32\drivers
12:33:04.563 Service scanning
12:34:00.458 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
12:35:15.275 Modules scanning
12:35:51.764 Disk 0 trace - called modules:
12:35:52.325 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
12:35:52.341 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84046800]
12:35:52.357 3 CLASSPNP.SYS[8725c59e] -> nt!IofCallDriver -> [0x83f7c898]
12:35:52.388 5 ACPI.sys[86a273d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x83f27908]
12:35:56.335 AVAST engine scan C:\Windows
12:36:05.960 AVAST engine scan C:\Windows\system32
12:51:37.145 AVAST engine scan C:\Windows\system32\drivers
12:52:39.654 AVAST engine scan C:\Users\lenovo
13:08:44.152 AVAST engine scan C:\ProgramData
13:10:28.112 Scan finished successfully
13:13:23.412 Disk 0 MBR has been saved successfully to "C:\Users\lenovo\Downloads\MBR.dat"
13:13:23.491 The log file has been saved successfully to "C:\Users\lenovo\Downloads\aswMBR log file.txt"

There's one weird thing there. There's a locked one in that certain file.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:11 AM

Posted 27 August 2012 - 03:57 AM

I suggest that this is not malware but a problem with your machine's memory.

Please go here and follow Billy's instructions to run MemTest
Posted Image
m0le is a proud member of UNITE

#9 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 28 August 2012 - 02:25 AM

This is a netbook, sir. This netbook doesn't even had a CD rom in it. Can I just use a CD emulation software to use this memtest? I do know a software that opens ISO files. Can I do that to proceed with memtest?

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:11 AM

Posted 28 August 2012 - 08:32 PM

Memtest can also be carried out with a USB version. Visit the site

Click the link titled: Download - Auto-installer for USB Key (Win 9x/2k/xp/7) *NEW!* in the first set of links.
Posted Image
m0le is a proud member of UNITE

#11 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 30 August 2012 - 04:03 PM

I have completed the test and it says "Pass 100%." It shows on the lower part of the screen. The test just loops again and again. So what's next sir?

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:11 AM

Posted 30 August 2012 - 06:35 PM

Okay then we need to see if we can diagnose what is wrong. Please run OTL

  • Please download OTL
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.

Posted Image
m0le is a proud member of UNITE

#13 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 30 August 2012 - 11:50 PM

Here's the OTL log file. I scan at safe mode, again. @_@


OTL logfile created on: 8/31/2012 11:56:15 AM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\lenovo\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.95 Mb Total Physical Memory | 626.30 Mb Available Physical Memory | 61.77% Memory free
1.99 Gb Paging File | 1.64 Gb Available in Paging File | 82.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 76.26 Gb Free Space | 51.20% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: lenovo | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/31 11:38:53 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\lenovo\Desktop\OTL.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2012/08/15 04:55:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/30 01:45:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/04 13:25:50 | 000,135,168 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ChgService.exe -- (Change Modem Device Service)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - [2012/05/11 03:23:26 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/21 05:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/21 05:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/01/20 11:28:58 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2009/06/04 01:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/05/19 13:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008/08/28 18:39:08 | 000,048,192 | ---- | M] (Lenovo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/web?l=dis&o=APN10147&gct=hp&apn_dtid=^YYYYYY^YY^PH&apn_ptnrs=^A6E&apn_uid=9207432667204309&p2=^A6E^YYYYYY^YY^PH
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 5C 57 F0 E8 51 CD 01 [binary data]
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://eu.ask.com/web?l=dis&o=APN10147&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^PH&apn_ptnrs=^A6E&apn_uid=9207432667204309&p2=^A6E^YYYYYY^YY^PH&q={searchTerms}
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@g2.com/iggweb3dupdater: C:\Users\lenovo\AppData\Roaming\IGG\Web3D\1.0.0.37\NPIGGWeb3DUpdater.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@g2.com/joyconnectshell: C:\Users\lenovo\AppData\Roaming\IGG\Web3D\1.0.0.37\NPJoyConnectShell.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lenovo\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lenovo\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\lenovo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 01:45:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/07 16:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lenovo\AppData\Roaming\Mozilla\Extensions
[2012/07/26 07:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\6lqnr30d.default\extensions
[2012/06/17 11:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/27 19:20:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/17 11:36:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/30 01:45:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/27 10:52:44 | 000,002,274 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ask.xml
[2011/12/21 12:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 12:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\lenovo\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\lenovo\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\lenovo\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\lenovo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: IGG Web3D Updater NP Plugin for Mozilla (Enabled) = C:\Users\lenovo\AppData\Roaming\IGG\Web3D\1.0.0.37\NPIGGWeb3DUpdater.dll
CHR - plugin: JoyConnect NP Plugin for Mozilla (Enabled) = C:\Users\lenovo\AppData\Roaming\IGG\Web3D\1.0.0.37\NPJoyConnectShell.dll
CHR - Extension: YouTube = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Gmail = C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000..\Run: [Akamai NetSession Interface] C:\Users\lenovo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2630626476-2545431373-2476714586-1000..\Run: [Facebook Update] C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AB21E5E-068E-455A-B5C2-984D1FCE033B}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFD1CEAC-5E2D-41C4-9670-F7140655F4C5}: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\.\ShowModem.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/31 11:38:46 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\lenovo\Desktop\OTL.exe
[2012/08/25 15:06:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/08/15 04:54:47 | 009,826,504 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/08/02 14:18:53 | 000,000,000 | ---D | C] -- C:\TC
[2012/08/01 18:31:56 | 000,000,000 | ---D | C] -- C:\Users\lenovo\Desktop\Library Picture

========== Files - Modified Within 30 Days ==========

[2012/08/31 11:55:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/31 11:55:33 | 797,405,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/31 11:54:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/31 11:41:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2630626476-2545431373-2476714586-1000UA.job
[2012/08/31 11:40:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2630626476-2545431373-2476714586-1000UA.job
[2012/08/31 11:38:53 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\lenovo\Desktop\OTL.exe
[2012/08/31 11:17:32 | 009,588,888 | ---- | M] () -- C:\Users\lenovo\Documents\Krizza Neri- Ba't Di Ko Ba Na Sabi Lyrics.mp3
[2012/08/31 11:16:47 | 006,227,869 | ---- | M] () -- C:\Users\lenovo\Documents\Glad You Came - Glee [HD Full Studio].mp3
[2012/08/31 11:16:28 | 009,300,885 | ---- | M] () -- C:\Users\lenovo\Documents\Black Eyed Peas - Boom Boom Pow ( Lyrics_Songtext ).mp3
[2012/08/31 11:14:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/31 11:14:04 | 014,071,453 | ---- | M] () -- C:\Users\lenovo\Documents\Lady Gaga - Born This Way.mp3
[2012/08/31 11:07:28 | 008,242,584 | ---- | M] () -- C:\Users\lenovo\Documents\Lady Gaga - Judas (Lyrics Video).mp3
[2012/08/31 11:05:38 | 007,894,678 | ---- | M] () -- C:\Users\lenovo\Documents\Willow Smith ft. Nicki Minaj - Fireball.mp3
[2012/08/31 10:43:30 | 000,620,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/31 10:43:30 | 000,105,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/31 05:11:38 | 000,017,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 05:11:38 | 000,017,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 05:04:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/31 04:56:31 | 000,000,046 | -HS- | M] () -- C:\_PartitionInfo
[2012/08/30 17:41:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2630626476-2545431373-2476714586-1000Core.job
[2012/08/26 13:11:31 | 007,877,016 | ---- | M] () -- C:\Users\lenovo\Documents\kung pwede lang by Eurika.mp3
[2012/08/26 13:10:36 | 007,221,911 | ---- | M] () -- C:\Users\lenovo\Documents\One Direction - Forever Young.mp3
[2012/08/26 13:09:40 | 005,138,845 | ---- | M] () -- C:\Users\lenovo\Documents\LMFAO-I'm sexy and I know it.mp3
[2012/08/26 13:07:43 | 007,079,832 | ---- | M] () -- C:\Users\lenovo\Documents\solo-iyaz lyrics.mp3
[2012/08/26 13:07:09 | 007,784,090 | ---- | M] () -- C:\Users\lenovo\Documents\Letter Day Story - Ikaw Pa Rin.mp3
[2012/08/26 13:06:42 | 008,020,381 | ---- | M] () -- C:\Users\lenovo\Documents\_Chammak Challo Official Full Video Song Ra.One_ _ ShahRukh Khan _ Kareena Kapoor.mp3
[2012/08/26 13:02:32 | 009,833,877 | ---- | M] () -- C:\Users\lenovo\Documents\Black Eyed Peas - The Time(Dirty Bit) Lyrics.mp3
[2012/08/26 12:59:42 | 007,387,799 | ---- | M] () -- C:\Users\lenovo\Documents\Ngayong Alam Ko Na - Liezel Garcia (Lyrics) Two Wives OST.mp3
[2012/08/26 12:59:38 | 006,507,671 | ---- | M] () -- C:\Users\lenovo\Documents\Jennifer Lopez - I'm Into You Lyrics.mp3
[2012/08/26 12:58:29 | 008,988,312 | ---- | M] () -- C:\Users\lenovo\Documents\Forevermore - David Archuleta.mp3
[2012/08/26 12:57:43 | 006,378,397 | ---- | M] () -- C:\Users\lenovo\Documents\Carly Rae Jepsen - Call Me Maybe.mp3
[2012/08/26 11:03:13 | 007,795,357 | ---- | M] () -- C:\Users\lenovo\Documents\Jessie J - Domino (Chipettes - Chipmunks) with Lyrics.mp3
[2012/08/26 11:02:19 | 007,920,541 | ---- | M] () -- C:\Users\lenovo\Documents\Jason Mraz - I Won't Give Up (Lyric Video).mp3
[2012/08/26 11:02:08 | 007,483,031 | ---- | M] () -- C:\Users\lenovo\Documents\Domino - Jessie J lyrics.mp3
[2012/08/26 11:01:57 | 007,645,848 | ---- | M] () -- C:\Users\lenovo\Documents\My Humps-BLACK EYED PEAS.. Official Video n2m w33vu Naeem Ivy.mp3
[2012/08/26 10:59:35 | 007,776,925 | ---- | M] () -- C:\Users\lenovo\Documents\1251 - Krissy and Ericka (Lyrics) HQ.mp3
[2012/08/26 10:59:24 | 006,941,341 | ---- | M] () -- C:\Users\lenovo\Documents\Nicki Minaj - Starships (Lyrics)(mp3).mp3
[2012/08/26 10:58:32 | 007,618,968 | ---- | M] () -- C:\Users\lenovo\Documents\Wild Ones Flo Rida ft. Sia Lyrics(mp3).mp3
[2012/08/25 15:16:31 | 000,000,000 | ---- | M] () -- C:\Users\lenovo\Desktop\gmer.reg
[2012/08/25 15:14:52 | 000,000,000 | ---- | M] () -- C:\Users\lenovo\Desktop\gmer.bat
[2012/08/25 15:05:59 | 273,440,010 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/22 19:42:52 | 000,000,018 | ---- | M] () -- C:\Windows\System32\ZUES 2.C
[2012/08/22 05:47:25 | 000,002,420 | ---- | M] () -- C:\Users\lenovo\Desktop\Google Chrome.lnk
[2012/08/21 04:16:37 | 003,429,528 | ---- | M] () -- C:\Users\lenovo\Documents\DJMax Portable Clazziquai Edition - Love Mode.mp3
[2012/08/19 01:40:03 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2630626476-2545431373-2476714586-1000Core.job
[2012/08/16 08:26:05 | 014,551,281 | ---- | M] () -- C:\Users\lenovo\Documents\full metal alchemist brotherhood opening 1 again con letra.flv
[2012/08/15 10:45:42 | 007,928,221 | ---- | M] () -- C:\Users\lenovo\Documents\SIGURO - Yeng Constantino MV.mp3
[2012/08/15 10:45:23 | 009,413,781 | ---- | M] () -- C:\Users\lenovo\Documents\Back to December-Taylor Swift Lyrics.mp3
[2012/08/15 10:43:43 | 005,737,367 | ---- | M] () -- C:\Users\lenovo\Documents\Hannah Montana-Rockstar lyrics.mp3
[2012/08/15 10:43:34 | 006,094,487 | ---- | M] () -- C:\Users\lenovo\Documents\Pumpin Up the Party Now-hannah montana-lyrics.mp3
[2012/08/15 10:43:01 | 006,449,302 | ---- | M] () -- C:\Users\lenovo\Documents\Song Lyrics To Hannah Montana - Nobody's Perfect And Downloa.mp3
[2012/08/15 04:55:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/15 04:55:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/15 04:54:55 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/08/15 03:47:31 | 007,400,605 | ---- | M] () -- C:\Users\lenovo\Documents\Sige na nga by Myrus with lyrics.mp3
[2012/08/15 03:46:16 | 006,941,341 | ---- | M] () -- C:\Users\lenovo\Documents\Nicki Minaj - Starships (Lyrics).mp3
[2012/08/15 03:46:14 | 007,342,488 | ---- | M] () -- C:\Users\lenovo\Documents\jessie j domino chipmunk version.mp3
[2012/08/15 03:45:13 | 007,618,968 | ---- | M] () -- C:\Users\lenovo\Documents\Wild Ones Flo Rida ft. Sia Lyrics.mp3
[2012/08/14 06:11:36 | 006,886,813 | ---- | M] () -- C:\Users\lenovo\Documents\Glee Cast - We Found Love.mp3
[2012/08/14 06:06:41 | 005,366,423 | ---- | M] () -- C:\Users\lenovo\Documents\Glee - How Will I Know (LYRICS)(mp3).mp3
[2012/08/05 09:40:27 | 007,542,151 | ---- | M] () -- C:\Users\lenovo\Documents\SLAM DUNK ANIME OPENING THEME SONG with lyrics on description.mp3
[2012/08/02 14:19:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/08/02 14:19:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/08/01 16:22:09 | 008,393,880 | ---- | M] () -- C:\Users\lenovo\Documents\Glee - My Love Is Your Love (LYRICS).mp3
[2012/08/01 16:13:40 | 006,191,254 | ---- | M] () -- C:\Users\lenovo\Documents\Glee Time Warp Lyrics.mp3

========== Files Created - No Company Name ==========

[2012/08/31 11:14:20 | 006,227,869 | ---- | C] () -- C:\Users\lenovo\Documents\Glad You Came - Glee [HD Full Studio].mp3
[2012/08/31 11:12:48 | 009,588,888 | ---- | C] () -- C:\Users\lenovo\Documents\Krizza Neri- Ba't Di Ko Ba Na Sabi Lyrics.mp3
[2012/08/31 11:12:36 | 009,300,885 | ---- | C] () -- C:\Users\lenovo\Documents\Black Eyed Peas - Boom Boom Pow ( Lyrics_Songtext ).mp3
[2012/08/31 11:03:53 | 014,071,453 | ---- | C] () -- C:\Users\lenovo\Documents\Lady Gaga - Born This Way.mp3
[2012/08/31 11:03:20 | 008,242,584 | ---- | C] () -- C:\Users\lenovo\Documents\Lady Gaga - Judas (Lyrics Video).mp3
[2012/08/31 11:02:51 | 007,894,678 | ---- | C] () -- C:\Users\lenovo\Documents\Willow Smith ft. Nicki Minaj - Fireball.mp3
[2012/08/29 20:39:51 | 000,000,046 | -HS- | C] () -- C:\_PartitionInfo
[2012/08/29 18:36:46 | 000,154,119 | ---- | C] () -- C:\Users\lenovo\Desktop\Memtest86+ USB Installer.exe
[2012/08/26 13:07:44 | 007,221,911 | ---- | C] () -- C:\Users\lenovo\Documents\One Direction - Forever Young.mp3
[2012/08/26 13:07:10 | 005,138,845 | ---- | C] () -- C:\Users\lenovo\Documents\LMFAO-I'm sexy and I know it.mp3
[2012/08/26 13:06:43 | 007,877,016 | ---- | C] () -- C:\Users\lenovo\Documents\kung pwede lang by Eurika.mp3
[2012/08/26 13:04:40 | 007,079,832 | ---- | C] () -- C:\Users\lenovo\Documents\solo-iyaz lyrics.mp3
[2012/08/26 13:02:36 | 007,784,090 | ---- | C] () -- C:\Users\lenovo\Documents\Letter Day Story - Ikaw Pa Rin.mp3
[2012/08/26 12:59:43 | 009,833,877 | ---- | C] () -- C:\Users\lenovo\Documents\Black Eyed Peas - The Time(Dirty Bit) Lyrics.mp3
[2012/08/26 12:59:42 | 008,020,381 | ---- | C] () -- C:\Users\lenovo\Documents\_Chammak Challo Official Full Video Song Ra.One_ _ ShahRukh Khan _ Kareena Kapoor.mp3
[2012/08/26 12:57:44 | 006,507,671 | ---- | C] () -- C:\Users\lenovo\Documents\Jennifer Lopez - I'm Into You Lyrics.mp3
[2012/08/26 12:55:06 | 008,988,312 | ---- | C] () -- C:\Users\lenovo\Documents\Forevermore - David Archuleta.mp3
[2012/08/26 12:54:53 | 006,378,397 | ---- | C] () -- C:\Users\lenovo\Documents\Carly Rae Jepsen - Call Me Maybe.mp3
[2012/08/26 12:54:43 | 007,387,799 | ---- | C] () -- C:\Users\lenovo\Documents\Ngayong Alam Ko Na - Liezel Garcia (Lyrics) Two Wives OST.mp3
[2012/08/26 11:02:00 | 007,795,357 | ---- | C] () -- C:\Users\lenovo\Documents\Jessie J - Domino (Chipettes - Chipmunks) with Lyrics.mp3
[2012/08/26 10:59:37 | 007,920,541 | ---- | C] () -- C:\Users\lenovo\Documents\Jason Mraz - I Won't Give Up (Lyric Video).mp3
[2012/08/26 10:59:35 | 007,483,031 | ---- | C] () -- C:\Users\lenovo\Documents\Domino - Jessie J lyrics.mp3
[2012/08/26 10:59:24 | 007,645,848 | ---- | C] () -- C:\Users\lenovo\Documents\My Humps-BLACK EYED PEAS.. Official Video n2m w33vu Naeem Ivy.mp3
[2012/08/26 10:56:18 | 006,941,341 | ---- | C] () -- C:\Users\lenovo\Documents\Nicki Minaj - Starships (Lyrics)(mp3).mp3
[2012/08/26 10:56:10 | 007,776,925 | ---- | C] () -- C:\Users\lenovo\Documents\1251 - Krissy and Ericka (Lyrics) HQ.mp3
[2012/08/26 10:56:10 | 007,618,968 | ---- | C] () -- C:\Users\lenovo\Documents\Wild Ones Flo Rida ft. Sia Lyrics(mp3).mp3
[2012/08/25 15:16:31 | 000,000,000 | ---- | C] () -- C:\Users\lenovo\Desktop\gmer.reg
[2012/08/25 15:14:52 | 000,000,000 | ---- | C] () -- C:\Users\lenovo\Desktop\gmer.bat
[2012/08/25 15:05:59 | 273,440,010 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/22 19:42:59 | 000,000,018 | ---- | C] () -- C:\Windows\System32\ZUES 2.C
[2012/08/21 04:14:19 | 003,429,528 | ---- | C] () -- C:\Users\lenovo\Documents\DJMax Portable Clazziquai Edition - Love Mode.mp3
[2012/08/16 08:22:58 | 014,551,281 | ---- | C] () -- C:\Users\lenovo\Documents\full metal alchemist brotherhood opening 1 again con letra.flv
[2012/08/15 10:43:35 | 009,413,781 | ---- | C] () -- C:\Users\lenovo\Documents\Back to December-Taylor Swift Lyrics.mp3
[2012/08/15 10:43:03 | 007,928,221 | ---- | C] () -- C:\Users\lenovo\Documents\SIGURO - Yeng Constantino MV.mp3
[2012/08/15 10:41:38 | 005,737,367 | ---- | C] () -- C:\Users\lenovo\Documents\Hannah Montana-Rockstar lyrics.mp3
[2012/08/15 10:41:28 | 006,094,487 | ---- | C] () -- C:\Users\lenovo\Documents\Pumpin Up the Party Now-hannah montana-lyrics.mp3
[2012/08/15 10:41:21 | 006,449,302 | ---- | C] () -- C:\Users\lenovo\Documents\Song Lyrics To Hannah Montana - Nobody's Perfect And Downloa.mp3
[2012/08/15 03:45:16 | 007,400,605 | ---- | C] () -- C:\Users\lenovo\Documents\Sige na nga by Myrus with lyrics.mp3
[2012/08/15 03:42:00 | 007,342,488 | ---- | C] () -- C:\Users\lenovo\Documents\jessie j domino chipmunk version.mp3
[2012/08/15 03:41:53 | 006,941,341 | ---- | C] () -- C:\Users\lenovo\Documents\Nicki Minaj - Starships (Lyrics).mp3
[2012/08/15 03:41:29 | 007,618,968 | ---- | C] () -- C:\Users\lenovo\Documents\Wild Ones Flo Rida ft. Sia Lyrics.mp3
[2012/08/14 06:10:15 | 006,886,813 | ---- | C] () -- C:\Users\lenovo\Documents\Glee Cast - We Found Love.mp3
[2012/08/14 06:05:21 | 005,366,423 | ---- | C] () -- C:\Users\lenovo\Documents\Glee - How Will I Know (LYRICS)(mp3).mp3
[2012/08/02 14:19:31 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/08/02 14:19:31 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/08/01 16:21:06 | 008,393,880 | ---- | C] () -- C:\Users\lenovo\Documents\Glee - My Love Is Your Love (LYRICS).mp3
[2012/08/01 16:12:22 | 006,191,254 | ---- | C] () -- C:\Users\lenovo\Documents\Glee Time Warp Lyrics.mp3
[2012/07/23 02:00:20 | 000,000,000 | ---- | C] () -- C:\Users\lenovo\defogger_reenable
[2012/06/22 14:13:49 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ChgService.exe
[2012/02/06 11:59:19 | 000,000,000 | ---- | C] () -- C:\Users\lenovo\flush
[2012/01/07 15:41:09 | 000,000,124 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini
[2012/01/07 15:01:43 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/07 15:01:40 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/01/07 15:01:40 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/01/07 15:01:40 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== Files - Unicode (All) ==========
[2012/08/21 04:27:03 | 007,613,341 | ---- | M] ()(C:\Users\lenovo\Documents\Megurine Luka - Answer (????).mp3) -- C:\Users\lenovo\Documents\Megurine Luka - Answer (アンサー).mp3
[2012/08/21 04:27:03 | 007,458,977 | ---- | M] ()(C:\Users\lenovo\Documents\?? Kara - Wanna ??.mp3) -- C:\Users\lenovo\Documents\카라 Kara - Wanna 워너.mp3
[2012/08/21 04:25:21 | 007,613,341 | ---- | C] ()(C:\Users\lenovo\Documents\Megurine Luka - Answer (????).mp3) -- C:\Users\lenovo\Documents\Megurine Luka - Answer (アンサー).mp3
[2012/08/21 04:25:02 | 007,458,977 | ---- | C] ()(C:\Users\lenovo\Documents\?? Kara - Wanna ??.mp3) -- C:\Users\lenovo\Documents\카라 Kara - Wanna 워너.mp3
[2012/08/21 04:20:15 | 007,467,421 | ---- | M] ()(C:\Users\lenovo\Documents\? L i z z ? Answer - ???? - ? English ?.mp3) -- C:\Users\lenovo\Documents\【 L i z z 】 Answer - アンサー - 『 English 』.mp3
[2012/08/21 04:18:45 | 008,014,488 | ---- | M] ()(C:\Users\lenovo\Documents\Clazziquai Project (?????) -Love Mode.mp3) -- C:\Users\lenovo\Documents\Clazziquai Project (클래지콰이) -Love Mode.mp3
[2012/08/21 04:18:29 | 007,467,421 | ---- | C] ()(C:\Users\lenovo\Documents\? L i z z ? Answer - ???? - ? English ?.mp3) -- C:\Users\lenovo\Documents\【 L i z z 】 Answer - アンサー - 『 English 』.mp3
[2012/08/21 04:18:27 | 007,626,648 | ---- | M] ()(C:\Users\lenovo\Documents\?Miku-tan?[English] Answer ????? - Just Be Friends Sequel?.mp3) -- C:\Users\lenovo\Documents\【Miku-tan】[English] Answer 『アンサー - Just Be Friends Sequel』.mp3
[2012/08/21 04:14:09 | 008,014,488 | ---- | C] ()(C:\Users\lenovo\Documents\Clazziquai Project (?????) -Love Mode.mp3) -- C:\Users\lenovo\Documents\Clazziquai Project (클래지콰이) -Love Mode.mp3
[2012/08/21 04:13:59 | 007,626,648 | ---- | C] ()(C:\Users\lenovo\Documents\?Miku-tan?[English] Answer ????? - Just Be Friends Sequel?.mp3) -- C:\Users\lenovo\Documents\【Miku-tan】[English] Answer 『アンサー - Just Be Friends Sequel』.mp3
[2012/07/24 08:07:20 | 012,124,399 | ---- | M] ()(C:\Users\lenovo\Documents\???????????? ??LOVE1000%(????).flv) -- C:\Users\lenovo\Documents\うたの☆プリンスさまっ♪ マジLOVE1000%(歌詞つき).flv
[2012/07/24 08:04:43 | 012,124,399 | ---- | C] ()(C:\Users\lenovo\Documents\???????????? ??LOVE1000%(????).flv) -- C:\Users\lenovo\Documents\うたの☆プリンスさまっ♪ マジLOVE1000%(歌詞つき).flv
[2012/02/03 21:10:58 | 008,515,224 | ---- | M] ()(C:\Users\lenovo\Documents\????????????.mp3) -- C:\Users\lenovo\Documents\コネクト【カラオケ字幕】.mp3
[2012/02/03 21:09:26 | 008,515,224 | ---- | C] ()(C:\Users\lenovo\Documents\????????????.mp3) -- C:\Users\lenovo\Documents\コネクト【カラオケ字幕】.mp3
[2012/02/03 21:09:03 | 009,362,845 | ---- | M] ()(C:\Users\lenovo\Documents\Super Junior ?????_Mr.Simple_MUSICVIDEO.mp3) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_Mr.Simple_MUSICVIDEO.mp3
[2012/02/03 21:08:31 | 006,515,869 | ---- | M] ()(C:\Users\lenovo\Documents\Super Junior ?????_SUPERMAN_MUSIC VIDEO.mp3) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_SUPERMAN_MUSIC VIDEO.mp3
[2012/02/03 21:06:03 | 006,515,869 | ---- | C] ()(C:\Users\lenovo\Documents\Super Junior ?????_SUPERMAN_MUSIC VIDEO.mp3) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_SUPERMAN_MUSIC VIDEO.mp3
[2012/02/03 21:06:02 | 006,481,309 | ---- | M] ()(C:\Users\lenovo\Documents\Super Junior ?????_A-CHA_Music Video.mp3) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_A-CHA_Music Video.mp3
[2012/02/03 21:05:38 | 009,362,845 | ---- | C] ()(C:\Users\lenovo\Documents\Super Junior ?????_Mr.Simple_MUSICVIDEO.mp3) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_Mr.Simple_MUSICVIDEO.mp3
[2012/02/03 21:04:28 | 006,481,309 | ---- | C] ()(C:\Users\lenovo\Documents\Super Junior ?????_A-CHA_Music Video.mp3) -- C:\Users\lenovo\Documents\Super Junior 슈퍼주니어_A-CHA_Music Video.mp3
[2012/02/03 20:12:55 | 008,803,992 | ---- | M] ()(C:\Users\lenovo\Documents\[Heartstrings OST- Full Version] Because I Miss You (????) + Mp3 Download and Lyrics.mp3) -- C:\Users\lenovo\Documents\[Heartstrings OST- Full Version] Because I Miss You (그리워서) + Mp3 Download and Lyrics.mp3
[2012/02/03 20:08:24 | 008,803,992 | ---- | C] ()(C:\Users\lenovo\Documents\[Heartstrings OST- Full Version] Because I Miss You (????) + Mp3 Download and Lyrics.mp3) -- C:\Users\lenovo\Documents\[Heartstrings OST- Full Version] Because I Miss You (그리워서) + Mp3 Download and Lyrics.mp3

< End of report >

Edited by LouieSchwann, 30 August 2012 - 11:51 PM.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:11 AM

Posted 31 August 2012 - 10:44 PM

I scan at safe mode, again


Is this because you can't access normal mode or because you chose to?
Posted Image
m0le is a proud member of UNITE

#15 LouieSchwann

LouieSchwann
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 03 September 2012 - 07:39 AM

Well, I have two answers for that. The first one is yes because when I'm using OTL, it really goes into not responding state and the second one is another yes because I just want to scan in safe mode. I'm just double checking or somewhat or whatever you call it.

So what could be the next thing to do sir? :mellow:

Edited by LouieSchwann, 03 September 2012 - 07:40 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users