Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis Log: Please Help Diagnose


  • This topic is locked This topic is locked
36 replies to this topic

#1 mavericktwo

mavericktwo

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 11 October 2012 - 10:11 AM

Computer has been compromised, I can only open certain files, McAfee, Windows firewall,Ie shutdown, can't dowload, no taskbar visible, desktop hijacked, etc., shortcut keys don't work, cmd does not work, FireFox works can download anything but everything dowloaded cannot be installed, all help is appreciated.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:28:27 PM, on 10/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\WINNT\system32\imapi.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
G:\Utilities\HijackThis.exe
C:\Program Files\Bible Explorer 4\BibleExplorer.exe
C:\WINNT\system32\ctfmon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee McItInfo] C:\DOCUME~1\C539393\LOCALS~1\Temp\mcitinfo_1349760792.exe /itinsfin:C:\DOCUME~1\C539393\LOCALS~1\Temp\mcininfo_1349760792.ini
O4 - HKCU\..\RunOnce: [109_220021562] "C:\Documents and Settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp_r.bat"
O4 - HKCU\..\RunOnce: [109_224539021562] "C:\Documents and Settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0003.tmp_r.bat"
O4 - HKCU\..\RunOnce: [109_221467121562] "C:\Documents and Settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0005.tmp_r.bat"
O4 - HKCU\..\RunOnce: [109_224667121562] "C:\Documents and Settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp_r.bat"
O4 - HKUS\S-1-5-21-1392601173-2568633547-2117899640-1007\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1392601173-2568633547-2117899640-1007\..\Run: [McAfee McItInfo] C:\DOCUME~1\C539393\LOCALS~1\Temp\mcitinfo_1349760792.exe /itinsfin:C:\DOCUME~1\C539393\LOCALS~1\Temp\mcininfo_1349760792.ini (User '?')
O4 - HKUS\S-1-5-21-1392601173-2568633547-2117899640-1007\..\RunOnce: [109_220021562] "C:\Documents and Settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp_r.bat" (User '?')
O4 - HKUS\S-1-5-21-1392601173-2568633547-2117899640-1007\..\RunOnce: [109_224667121562] "C:\Documents and Settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp_r.bat" (User '?')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://palmvidserver.dyndns.org:81/Cam/cab/OCXChecker_8120.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LogMeIn Rescue (67d6deaa-f9b9-4899-8257-8a760547511d) (LMIRescue_67d6deaa-f9b9-4899-8257-8a760547511d) - Unknown owner - C:\Documents and Settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_InstantChat_srv.exe (file missing)
O23 - Service: LogMeIn Rescue (9f7b1284-de02-4884-812c-c5dc60a95457) (LMIRescue_9f7b1284-de02-4884-812c-c5dc60a95457) - Unknown owner - C:\Documents and Settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_InstantChat_srv.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: WMDM PMSP Service - Unknown owner - C:\WINNT\system32\MsPMSPSv.exe (file missing)

--
End of file - 8268 bytes

Edited by mavericktwo, 12 October 2012 - 09:48 AM.


BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 13 October 2012 - 09:41 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, mavericktwo

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 13 October 2012 - 09:42 AM

Hello there,

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
===================================================

Posted Image
  • Please download GMER from one of the following locations, and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zip Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Extract the contents of the zipped file to desktop (applicable only to Zip mirror) .
  • Double click Posted Image or Posted Image on your desktop.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    Posted Image

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


===================================================

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================================

On your next reply please post :
DDS log
GMER log
Checkup log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 mavericktwo

mavericktwo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 14 October 2012 - 03:38 PM

DDS (Ver_2012-10-14.05) - NTFS_x86 DSREPAIR
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by C539393 at 12:50:57 on 2012-10-14
.
============== Running Processes ================
.
C:\WINNT\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\WINNT\system32\imapi.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe -k DcomLaunch
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
C:\WINNT\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [McAfee McItInfo] c:\docume~1\c539393\locals~1\temp\mcitinfo_1349760792.exe /itinsfin:c:\docume~1\c539393\locals~1\temp\mcininfo_1349760792.ini
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://palmvidserver.dyndns.org:81/Cam/cab/OCXChecker_8120.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} - hxxp://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\c539393\application data\mozilla\firefox\profiles\1bcg20gq.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\c539393\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\winnt\system32\npacrx.dll
FF - plugin: c:\winnt\system32\npDeployJava1.dll
FF - plugin: c:\winnt\system32\npptools.dll
FF - plugin: c:\winnt\system32\npwmsdrm.dll
FF - ExtSQL: 2012-10-01 23:12; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files\common files\mcafee\SystemCore
FF - ExtSQL: !HIDDEN! 2009-09-02 07:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? BDLLWQSJAK;BDLLWQSJAK
R? BTCFilterService;USB Networking Driver Filter Service
R? Cdr4vsd;Cdr4vsd
R? cfwids;McAfee Inc. cfwids
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? DAWVZCOZG;DAWVZCOZG
R? GNIWKC;GNIWKC
R? LMIRescue_67d6deaa-f9b9-4899-8257-8a760547511d;LogMeIn Rescue (67d6deaa-f9b9-4899-8257-8a760547511d)
R? LMIRescue_9f7b1284-de02-4884-812c-c5dc60a95457;LogMeIn Rescue (9f7b1284-de02-4884-812c-c5dc60a95457)
R? MBAMSwissArmy;MBAMSwissArmy
R? McMPFSvc;McAfee Personal Firewall Service
R? McNaiAnn;McAfee VirusScan Announcer
R? McProxy;McAfee Proxy Service
R? McShield;McAfee McShield
R? mfeavfk;McAfee Inc. mfeavfk
R? mfebopk;McAfee Inc. mfebopk
R? mfefire;McAfee Firewall Core Service
R? mfefirek;McAfee Inc. mfefirek
R? mfehidk;McAfee Inc. mfehidk
R? mfendisk;McAfee Core NDIS Intermediate Filter
R? mferkdet;McAfee Inc. mferkdet
R? mfevtp;McAfee Validation Trust Protection Service
R? MOBKFilter;MOBKFilter
R? motccgp;Motorola USB Composite Device Driver
R? motccgpfl;MotCcgpFlService
R? MotoHelper;MotoHelper Service
R? Motousbnet;Motorola USB Networking Driver Service
R? motusbdevice;Motorola USB Dev Driver
R? MozillaMaintenance;Mozilla Maintenance Service
R? mv2;mv2
R? NPF;NetGroup Packet Filter Driver
R? RFWSXP;RFWSXP
R? TeamViewer6;TeamViewer 6
R? U2VSvr;U2VSvr
R? WDC_SAM;WD SCSI Pass Thru driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? EPSON_EB_RPCV4_04;EPSON V5 Service4(04)
S? EPSON_PM_RPCV4_04;EPSON V3 Service4(04)
S? mfetdi2k;McAfee Inc. mfetdi2k
S? MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver
S? PfDetNT;PfDetNT
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Seagate Sync Service;Seagate Sync Service
S? T1PExGrp;T1PExGrp
S? T1PMrGrp;T1PMrGrp
S? t1pusb;Trigger 1+ Graphics Card
.
=============== File Associations ===============
.
ShellExec: MediaConverter.exe: open="c:\program files\sandisk\sansa media converter\uMediaConverter.exe" "%1"
.
=============== Created Last 30 ================
.
2012-10-09 04:34:34 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2012-10-09 04:34:28 -------- d-----w- c:\program files\Security Task Manager
2012-10-09 02:05:13 -------- d-----w- c:\program files\Tweaking.com
2012-10-07 04:36:51 -------- dc----w- C:\rei
2012-10-07 04:36:41 -------- d-----w- c:\program files\Reimage
2012-10-07 04:26:37 -------- d-----w- c:\documents and settings\c539393\application data\SpeedyPC Software
2012-10-07 04:26:29 -------- d-----w- c:\program files\SpeedyPC Software
2012-10-07 04:26:29 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-10-06 22:03:52 -------- dcs-a-r- C:\cmdcons
2012-10-06 22:01:30 98816 ----a-w- c:\winnt\sed.exe
2012-10-06 22:01:30 256000 ----a-w- c:\winnt\PEV.exe
2012-10-06 22:01:30 208896 ----a-w- c:\winnt\MBR.exe
2012-10-06 19:38:42 77312 ----a-w- c:\winnt\system32\ztvunace26.dll
2012-10-06 19:38:42 75264 ----a-w- c:\winnt\system32\unacev2.dll
2012-10-06 19:38:42 69632 ----a-w- c:\winnt\system32\ztvcabinet.dll
2012-10-06 19:38:42 162304 ----a-w- c:\winnt\system32\ztvunrar36.dll
2012-10-06 19:38:41 153088 ----a-w- c:\winnt\system32\UNRAR3.dll
2012-10-06 19:38:38 -------- d-----w- c:\program files\Trojan Remover
2012-10-06 19:38:38 -------- d-----w- c:\documents and settings\c539393\application data\Simply Super Software
2012-10-06 19:38:38 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2012-10-05 03:48:09 40776 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2012-10-04 23:23:34 -------- d-----w- c:\program files\Uniblue
2012-10-04 03:00:31 -------- d-----w- c:\documents and settings\c539393\application data\DriverCure
2012-10-04 03:00:30 -------- d-----w- c:\documents and settings\c539393\application data\PC Utility Kit
2012-10-04 03:00:09 -------- d-----w- c:\program files\PC Utility Kit
2012-10-04 03:00:09 -------- d-----w- c:\program files\common files\PC Utility Kit
2012-10-04 03:00:09 -------- d-----w- c:\documents and settings\all users\application data\PC Utility Kit
2012-10-04 02:50:01 -------- d-----w- c:\program files\Citrix
2012-10-01 00:37:07 -------- d-----w- c:\program files\New Folder
2012-10-01 00:36:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-30 20:49:09 -------- d-----w- c:\documents and settings\c539393\local settings\application data\Sun
2012-09-30 06:19:46 821736 ----a-w- c:\winnt\system32\npDeployJava1.dll
2012-09-30 05:51:59 9608 ----a-w- c:\winnt\system32\drivers\mfeclnk.sys
2012-09-30 05:51:43 87656 ----a-w- c:\winnt\system32\drivers\mferkdet.sys
2012-09-30 05:51:43 83856 ----a-w- c:\winnt\system32\drivers\mfendisk.sys
2012-09-30 05:51:43 59456 ----a-w- c:\winnt\system32\drivers\mfebopk.sys
2012-09-30 05:51:43 57600 ----a-w- c:\winnt\system32\drivers\cfwids.sys
2012-09-30 05:51:43 340920 ----a-w- c:\winnt\system32\drivers\mfefirek.sys
2012-09-30 05:51:43 180848 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
2012-09-30 05:51:31 -------- d-----w- c:\program files\common files\Mcafee
2012-09-30 05:51:28 -------- d-----w- c:\program files\McAfee.com
2012-09-30 05:51:12 -------- d-----w- c:\program files\McAfee
2012-09-30 05:40:55 166320 ----a-w- c:\winnt\system32\mfevtps.exe
2012-09-30 04:54:41 -------- d-----w- c:\documents and settings\c539393\local settings\application data\LogMeIn Rescue Applet
2012-09-29 20:45:09 116224 ----a-w- c:\winnt\system32\dllcache\xrxwiadr.dll
2012-09-29 20:45:08 23040 ----a-w- c:\winnt\system32\dllcache\xrxwbtmp.dll
2012-09-29 20:45:07 4608 ----a-w- c:\winnt\system32\dllcache\xrxflnch.exe
2012-09-29 20:45:07 27648 ----a-w- c:\winnt\system32\dllcache\xrxftplt.exe
2012-09-29 20:45:07 18944 ----a-w- c:\winnt\system32\dllcache\xrxscnui.dll
2012-09-29 20:45:03 99865 ----a-w- c:\winnt\system32\dllcache\xlog.exe
2012-09-29 20:45:03 16970 ----a-w- c:\winnt\system32\dllcache\xem336n5.sys
2012-09-29 20:45:01 19455 ----a-w- c:\winnt\system32\dllcache\wvchntxx.sys
2012-09-29 20:43:58 26112 ----a-w- c:\winnt\system32\dllcache\usbser.sys
2012-09-29 20:42:59 58368 ----a-w- c:\winnt\system32\dllcache\smiminib.sys
2012-09-29 20:41:57 19584 ----a-w- c:\winnt\system32\dllcache\rasirda.sys
2012-09-29 20:40:59 87040 ----a-w- c:\winnt\system32\dllcache\nm6wdm.sys
2012-09-29 20:39:59 8320 ----a-w- c:\winnt\system32\dllcache\memcard.sys
2012-09-29 20:38:58 44032 ----a-w- c:\winnt\system32\dllcache\imekrmig.exe
2012-09-29 20:37:58 7040 ----a-w- c:\winnt\system32\dllcache\exabyte2.sys
2012-09-29 20:36:59 4096 ----a-w- c:\winnt\system32\dllcache\ctwdm32.dll
2012-09-29 20:35:59 871388 ----a-w- c:\winnt\system32\dllcache\bcmdm.sys
2012-09-29 20:34:54 66048 ----a-w- c:\winnt\system32\dllcache\s3legacy.dll
2012-09-29 13:37:32 -------- d-----w- c:\documents and settings\c539393\application data\SUPERAntiSpyware.com
2012-09-29 13:36:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-29 12:02:32 -------- d-----w- c:\winnt\system32\wbem\repository\FS
2012-09-29 12:02:32 -------- d-----w- c:\winnt\system32\wbem\Repository
2012-09-17 03:27:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2012-09-15 23:00:06 -------- d-----w- c:\program files\McAfee Online Backup
.
==================== Find3M ====================
.
2012-10-09 05:20:57 15600 ----a-w- c:\winnt\system32\drivers\???????
2012-09-30 06:19:14 93672 ----a-w- c:\winnt\system32\WindowsAccessBridge.dll
2012-09-30 06:19:02 143872 ----a-w- c:\winnt\system32\javacpl.cpl
2012-09-30 04:49:14 73136 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2012-09-30 04:49:14 696240 ----a-w- c:\winnt\system32\FlashPlayerApp.exe
2012-07-17 20:09:10 91168 ----a-w- c:\winnt\system32\drivers\mfetdi2k.sys
2012-07-17 20:07:00 554048 ----a-w- c:\winnt\system32\drivers\mfehidk.sys
2012-07-17 20:04:46 127992 ----a-w- c:\winnt\system32\drivers\mfeapfk.sys
2003-08-27 20:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
.
============= FINISH: 12:52:23.06 ===============


.
==== Installed Programs ======================
.
Acrobat.com
Adobe Media Player
Adobe Reader 8.1.7
Adobe Reader X (10.1.0)
Ahead Nero BurnRights
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BE Downloadable Edition
Bonjour
BSR Screen Recorder 5
CCleaner
Creative MediaSource
Cypress USB Mass Storage Driver Installation
DoMore
DVD
Epson Event Manager
EPSON NX420 Series Printer Uninstall
EPSON Scan
F-22 Lightning 3
ffdshow [rev 2527] [2008-12-19]
FreeAgent Go Tools
Gateway Drivers and Applications Recovery
Glary Utilities 2.43.0.1419
GoToAssist Corporate
GWCares
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Intel RSX 3D
Intel® 537EP Data Fax Modem
Intel® PRO Network Adapters and Drivers
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 20
Java™ 6 Update 26
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
McAfee Online Backup
Membership Plus 7.0
Membership Plus 7.0 Standard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Learning and Research Plus Support Files
Microsoft LifeCam
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Picture It! Express 7.0
Microsoft Picture It! Photo Premium 9
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Streets and Trips 2004
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotoHelper 2.0.45 Driver 5.0.0
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.0.0
Move Networks Media Player for Internet Explorer
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN Internet Software
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
Napster Burn Engine
Nero OEM
NOOK for PC
Office 2003 Setup Files
Palm Desktop
PC-Doctor for Windows
PC Utility Kit
Pop-Up Stopper Free Edition
Protected Music Converter 1.0.0.12
Quicken 2004
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Reimage Repair
Rhapsody
Roxio Burn Engine
Roxio Easy Media Creator 7
Sansa Media Converter
Sansa Updater
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
SEE2 - TRI-UV100B & UV150 10.17.0607.1159
Segoe UI
Skype™ 5.5
Sound Blaster Audigy 2 ZS
SUPERAntiSpyware
TeamViewer 6
Trojan Remover 6.8.2
Turbo Tax Audit Support Center 3.0
Tweaking.com - Windows Repair (All in One)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
USB Storage Adapter FX (SM1)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Photo Gallery
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 4.0.2
WM Capture
WM Capture 5
WM Recorder
Yahoo! Messenger
.
==== End Of File ===========================

#5 mavericktwo

mavericktwo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 14 October 2012 - 03:40 PM

Upon opening this program, it had this error
AutoIt Error
Line -1:

Error:Variable must be of type "Object" to "ok" and it ran. fyi


Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
McAfee Online Backup
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Trojan Remover 6.8.2
CCleaner
Java™ 6 Update 26
Java™ 6 Update 20
Java 7 Update 7
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader X 10.1.0 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

#6 mavericktwo

mavericktwo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 14 October 2012 - 03:47 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-14 13:04:19
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD1600JD-22FYB0 rev.02.05D02
Running: tct5tmm0.exe; Driver: C:\DOCUME~1\C539393\LOCALS~1\Temp\uxldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB8983640]
SSDT \WINNT\system32\ntoskrnl.exe ZwAcceptConnectPort [0x805883DB]
SSDT \WINNT\system32\ntoskrnl.exe ZwAccessCheck [0x8057F556]
SSDT \WINNT\system32\ntoskrnl.exe ZwAccessCheckAndAuditAlarm [0x80597BD1]
SSDT \WINNT\system32\ntoskrnl.exe ZwAccessCheckByType [0x805905E4]
SSDT \WINNT\system32\ntoskrnl.exe ZwAccessCheckByTypeAndAuditAlarm [0x80597C58]
SSDT \WINNT\system32\ntoskrnl.exe ZwAccessCheckByTypeResultList [0x806408B0]
SSDT \WINNT\system32\ntoskrnl.exe ZwAccessCheckByTypeResultListAndAuditAlarm [0x80642A41]
SSDT \WINNT\system32\ntoskrnl.exe ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x80642A8A]
SSDT \WINNT\system32\ntoskrnl.exe ZwAddAtom [0x8057C022]
SSDT \WINNT\system32\ntoskrnl.exe ZwAddBootEntry [0x806507AF]
SSDT \WINNT\system32\ntoskrnl.exe ZwAdjustGroupsToken [0x8064006F]
SSDT \WINNT\system32\ntoskrnl.exe ZwAdjustPrivilegesToken [0x80597423]
SSDT \WINNT\system32\ntoskrnl.exe ZwAlertResumeThread [0x80637C36]
SSDT \WINNT\system32\ntoskrnl.exe ZwAlertThread [0x80592EFA]
SSDT \WINNT\system32\ntoskrnl.exe ZwAllocateLocallyUniqueId [0x80591D3E]
SSDT \WINNT\system32\ntoskrnl.exe ZwAllocateUserPhysicalPages [0x8062E87A]
SSDT \WINNT\system32\ntoskrnl.exe ZwAllocateUuids [0x805E00D9]
SSDT \WINNT\system32\ntoskrnl.exe ZwAllocateVirtualMemory [0x80570BC5]
SSDT \WINNT\system32\ntoskrnl.exe ZwAreMappedFilesTheSame [0x805E0D3E]
SSDT \WINNT\system32\ntoskrnl.exe ZwAssignProcessToJobObject [0x805E1DE3]
SSDT \WINNT\system32\ntoskrnl.exe ZwCallbackReturn [0x804E4EE4]
SSDT \WINNT\system32\ntoskrnl.exe ZwCancelDeviceWakeupRequest [0x8065079B]
SSDT \WINNT\system32\ntoskrnl.exe ZwCancelIoFile [0x805D3DBF]
SSDT \WINNT\system32\ntoskrnl.exe ZwCancelTimer [0x804EC82A]
SSDT \WINNT\system32\ntoskrnl.exe ZwClearEvent [0x805706C3]
SSDT \WINNT\system32\ntoskrnl.exe ZwClose [0x8056F8D7]
SSDT \WINNT\system32\ntoskrnl.exe ZwCloseObjectAuditAlarm [0x80597801]
SSDT \WINNT\system32\ntoskrnl.exe ZwCompactKeys [0x806568F8]
SSDT \WINNT\system32\ntoskrnl.exe ZwCompareTokens [0x80591856]
SSDT \WINNT\system32\ntoskrnl.exe ZwCompleteConnectPort [0x80590160]
SSDT \WINNT\system32\ntoskrnl.exe ZwCompressKey [0x80656B65]
SSDT \WINNT\system32\ntoskrnl.exe ZwConnectPort [0x80590C5B]
SSDT \WINNT\system32\ntoskrnl.exe ZwContinue [0x804E123F]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateDebugObject [0x80661FCA]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateDirectoryObject [0x805B0ECB]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateEvent [0x805744F6]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateEventPair [0x80650E00]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateFile [0x80573DFB]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateIoCompletion [0x805E47C3]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateJobObject [0x805DD62E]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateJobSet [0x806380DF]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateKey [0x80578ABE]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateMailslotFile [0x805DE7D7]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateMutant [0x80580B62]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateNamedPipeFile [0x80588DC2]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreatePagingFile [0x805BBECF]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreatePort [0x8059BFA8]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateProcess [0x805B7BF5]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateProcessEx [0x8058B7F4]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateProfile [0x80651421]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateSection [0x8056DB66]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateSemaphore [0x8057BF49]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateSymbolicLinkObject [0x805E092A]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateThread [0x805860C0]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateTimer [0x805E8989]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateToken [0x805AE238]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateWaitablePort [0x805B1CB2]
SSDT \WINNT\system32\ntoskrnl.exe ZwDebugActiveProcess [0x80663141]
SSDT \WINNT\system32\ntoskrnl.exe ZwDebugContinue [0x8066329B]
SSDT \WINNT\system32\ntoskrnl.exe ZwDelayExecution [0x8056EB03]
SSDT \WINNT\system32\ntoskrnl.exe ZwDeleteAtom [0x805949AA]
SSDT \WINNT\system32\ntoskrnl.exe ZwDeleteFile [0x805DCE04]
SSDT \WINNT\system32\ntoskrnl.exe ZwDeleteKey [0x8059A5CD]
SSDT \WINNT\system32\ntoskrnl.exe ZwDeleteObjectAuditAlarm [0x80642AE1]
SSDT \WINNT\system32\ntoskrnl.exe ZwDeleteValueKey [0x805991EC]
SSDT \WINNT\system32\ntoskrnl.exe ZwDeviceIoControlFile [0x80588ABD]
SSDT \WINNT\system32\ntoskrnl.exe ZwDisplayString [0x805BD382]
SSDT \WINNT\system32\ntoskrnl.exe ZwDuplicateObject [0x8057DDAF]
SSDT \WINNT\system32\ntoskrnl.exe ZwDuplicateToken [0x80585A99]
SSDT \WINNT\system32\ntoskrnl.exe ZwEnumerateKey [0x80581EEA]
SSDT \WINNT\system32\ntoskrnl.exe ZwEnumerateSystemEnvironmentValuesEx [0x80650787]
SSDT \WINNT\system32\ntoskrnl.exe ZwEnumerateValueKey [0x8059003A]
SSDT \WINNT\system32\ntoskrnl.exe ZwExtendSection [0x8062D839]
SSDT \WINNT\system32\ntoskrnl.exe ZwFilterToken [0x805D5CF5]
SSDT \WINNT\system32\ntoskrnl.exe ZwFindAtom [0x805E51AF]
SSDT \WINNT\system32\ntoskrnl.exe ZwFlushBuffersFile [0x80592C44]
SSDT \WINNT\system32\ntoskrnl.exe ZwFlushInstructionCache [0x80586A2D]
SSDT \WINNT\system32\ntoskrnl.exe ZwFlushKey [0x805E6ED8]
SSDT \WINNT\system32\ntoskrnl.exe ZwFlushVirtualMemory [0x805E968B]
SSDT \WINNT\system32\ntoskrnl.exe ZwFlushWriteBuffer [0x8062F0D7]
SSDT \WINNT\system32\ntoskrnl.exe ZwFreeUserPhysicalPages [0x8062EC2D]
SSDT \WINNT\system32\ntoskrnl.exe ZwFreeVirtualMemory [0x805710BF]
SSDT \WINNT\system32\ntoskrnl.exe ZwFsControlFile [0x80582287]
SSDT \WINNT\system32\ntoskrnl.exe ZwGetContextThread [0x80636077]
SSDT \WINNT\system32\ntoskrnl.exe ZwGetDevicePowerState [0x8063402B]
SSDT \WINNT\system32\ntoskrnl.exe ZwGetPlugPlayEvent [0x805A2868]
SSDT \WINNT\system32\ntoskrnl.exe ZwGetWriteWatch [0x8053F76F]
SSDT \WINNT\system32\ntoskrnl.exe ZwImpersonateAnonymousToken [0x8059BB5D]
SSDT \WINNT\system32\ntoskrnl.exe ZwImpersonateClientOfPort [0x805911C9]
SSDT \WINNT\system32\ntoskrnl.exe ZwImpersonateThread [0x805874C1]
SSDT \WINNT\system32\ntoskrnl.exe ZwInitializeRegistry [0x805B1485]
SSDT \WINNT\system32\ntoskrnl.exe ZwInitiatePowerAction [0x80633DF7]
SSDT \WINNT\system32\ntoskrnl.exe ZwIsProcessInJob [0x80637F93]
SSDT \WINNT\system32\ntoskrnl.exe ZwIsSystemResumeAutomatic [0x80634012]
SSDT \WINNT\system32\ntoskrnl.exe ZwListenPort [0x805B12F4]
SSDT \WINNT\system32\ntoskrnl.exe ZwLoadDriver [0x805B06F6]
SSDT \WINNT\system32\ntoskrnl.exe ZwLoadKey [0x805D608D]
SSDT \WINNT\system32\ntoskrnl.exe ZwLoadKey2 [0x805D61EC]
SSDT \WINNT\system32\ntoskrnl.exe ZwLockFile [0x80594D77]
SSDT \WINNT\system32\ntoskrnl.exe ZwLockProductActivationKeys [0x805D556A]
SSDT \WINNT\system32\ntoskrnl.exe ZwLockRegistryKey [0x805CE9DD]
SSDT \WINNT\system32\ntoskrnl.exe ZwLockVirtualMemory [0x805B5835]
SSDT \WINNT\system32\ntoskrnl.exe ZwMakePermanentObject [0x805E0B32]
SSDT \WINNT\system32\ntoskrnl.exe ZwMakeTemporaryObject [0x805E0BF9]
SSDT \WINNT\system32\ntoskrnl.exe ZwMapUserPhysicalPages [0x8062DED6]
SSDT \WINNT\system32\ntoskrnl.exe ZwMapUserPhysicalPagesScatter [0x8062E32F]
SSDT \WINNT\system32\ntoskrnl.exe ZwMapViewOfSection [0x8057AA19]
SSDT \WINNT\system32\ntoskrnl.exe ZwNotifyChangeDirectoryFile [0x8059619B]
SSDT \WINNT\system32\ntoskrnl.exe ZwNotifyChangeKey [0x80596D8F]
SSDT \WINNT\system32\ntoskrnl.exe ZwNotifyChangeMultipleKeys [0x80596BA1]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenDirectoryObject [0x8058A1CE]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenEvent [0x80589B69]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenEventPair [0x80650EF1]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenFile [0x80579E8D]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenIoCompletion [0x806214DF]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenJobObject [0x80638337]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenKey [0x80572BDF]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenMutant [0x80580C10]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenObjectAuditAlarm [0x805E64F4]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenProcess [0x8057BB80]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenProcessToken [0x805784F6]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenProcessTokenEx [0x8057844D]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenSection [0x8057B96A]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenSemaphore [0x805E0CB0]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenSymbolicLinkObject [0x8058A151]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenThread [0x80596A0F]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenThreadToken [0x805746D2]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenThreadTokenEx [0x805745CF]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenTimer [0x80650D27]
SSDT \WINNT\system32\ntoskrnl.exe ZwPlugPlayControl [0x805A04BD]
SSDT \WINNT\system32\ntoskrnl.exe ZwPowerInformation [0x805AB9EA]
SSDT \WINNT\system32\ntoskrnl.exe ZwPrivilegeCheck [0x805A07B8]
SSDT \WINNT\system32\ntoskrnl.exe ZwPrivilegeObjectAuditAlarm [0x805E021F]
SSDT \WINNT\system32\ntoskrnl.exe ZwPrivilegedServiceAuditAlarm [0x805D518F]
SSDT \WINNT\system32\ntoskrnl.exe ZwProtectVirtualMemory [0x80582620]
SSDT \WINNT\system32\ntoskrnl.exe ZwPulseEvent [0x805B1C0A]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryAttributesFile [0x8057A0BC]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryDebugFilterState [0x804FAB91]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryDefaultLocale [0x8056F0D0]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryDefaultUILanguage [0x8058959D]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryDirectoryFile [0x8057C793]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryDirectoryObject [0x8058FA8E]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryEaFile [0x8062172C]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryEvent [0x80589F38]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryFullAttributesFile [0x805849EE]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryInformationAtom [0x805B1F72]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryInformationFile [0x8057AD38]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryInformationJobObject [0x8058BEFB]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryInformationPort [0x8062B4DD]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryInformationProcess [0x805747B6]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryInformationThread [0x8057686A]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryInformationToken [0x805772E4]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryInstallUILanguage [0x80589CD2]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryIntervalProfile [0x806518D3]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryIoCompletion [0x806215A0]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryKey [0x80581AEA]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryMultipleValueKey [0x806562DB]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryMutant [0x8065125A]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryObject [0x8058A466]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryOpenSubKeys [0x806564E5]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryPerformanceCounter [0x805708A6]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryQuotaInformationFile [0x80621FE3]
SSDT \WINNT\system32\ntoskrnl.exe ZwQuerySection [0x80586E7A]
SSDT \WINNT\system32\ntoskrnl.exe ZwQuerySecurityObject [0x8059EE28]
SSDT \WINNT\system32\ntoskrnl.exe ZwQuerySemaphore [0x8065005F]
SSDT \WINNT\system32\ntoskrnl.exe ZwQuerySymbolicLinkObject [0x80589FC2]
SSDT \WINNT\system32\ntoskrnl.exe ZwQuerySystemEnvironmentValue [0x806507D7]
SSDT \WINNT\system32\ntoskrnl.exe ZwQuerySystemEnvironmentValueEx [0x80650771]
SSDT \WINNT\system32\ntoskrnl.exe ZwQuerySystemInformation [0x80584B3D]
SSDT \WINNT\system32\ntoskrnl.exe ZwQuerySystemTime [0x80592915]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryTimer [0x8059A98D]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryTimerResolution [0x8058CE21]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryValueKey [0x80572F19]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryVirtualMemory [0x80578E03]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryVolumeInformationFile [0x8057A1D8]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueueApcThread [0x8059A8E8]
SSDT \WINNT\system32\ntoskrnl.exe ZwRaiseException [0x804E1287]
SSDT \WINNT\system32\ntoskrnl.exe ZwRaiseHardError [0x8064FD9B]
SSDT \WINNT\system32\ntoskrnl.exe ZwReadFile [0x8057495D]
SSDT \WINNT\system32\ntoskrnl.exe ZwReadFileScatter [0x806228BB]
SSDT \WINNT\system32\ntoskrnl.exe ZwReadRequestData [0x805916E1]
SSDT \WINNT\system32\ntoskrnl.exe ZwReadVirtualMemory [0x805872FE]
SSDT \WINNT\system32\ntoskrnl.exe ZwRegisterThreadTerminatePort [0x80586811]
SSDT \WINNT\system32\ntoskrnl.exe ZwReleaseMutant [0x8056EB6E]
SSDT \WINNT\system32\ntoskrnl.exe ZwReleaseSemaphore [0x80576F40]
SSDT \WINNT\system32\ntoskrnl.exe ZwRemoveIoCompletion [0x8056F54C]
SSDT \WINNT\system32\ntoskrnl.exe ZwRemoveProcessDebug [0x80663216]
SSDT \WINNT\system32\ntoskrnl.exe ZwRenameKey [0x8065675A]
SSDT \WINNT\system32\ntoskrnl.exe ZwReplaceKey [0x806570B6]
SSDT \WINNT\system32\ntoskrnl.exe ZwReplyPort [0x80585792]
SSDT \WINNT\system32\ntoskrnl.exe ZwReplyWaitReceivePort [0x80576821]
SSDT \WINNT\system32\ntoskrnl.exe ZwReplyWaitReceivePortEx [0x80576339]
SSDT \WINNT\system32\ntoskrnl.exe ZwReplyWaitReplyPort [0x8062B5BC]
SSDT \WINNT\system32\ntoskrnl.exe ZwRequestDeviceWakeup [0x80633F9F]
SSDT \WINNT\system32\ntoskrnl.exe ZwRequestPort [0x805E6AD8]
SSDT \WINNT\system32\ntoskrnl.exe ZwRequestWaitReplyPort [0x8057D89E]
SSDT \WINNT\system32\ntoskrnl.exe ZwRequestWakeupLatency [0x80633D98]
SSDT \WINNT\system32\ntoskrnl.exe ZwResetEvent [0x805E8CF5]
SSDT \WINNT\system32\ntoskrnl.exe ZwResetWriteWatch [0x8053FBEA]
SSDT \WINNT\system32\ntoskrnl.exe ZwRestoreKey [0x80656C4D]
SSDT \WINNT\system32\ntoskrnl.exe ZwResumeProcess [0x80637BD6]
SSDT \WINNT\system32\ntoskrnl.exe ZwResumeThread [0x80586737]
SSDT \WINNT\system32\ntoskrnl.exe ZwSaveKey [0x80656D4E]
SSDT \WINNT\system32\ntoskrnl.exe ZwSaveKeyEx [0x80656E39]
SSDT \WINNT\system32\ntoskrnl.exe ZwSaveMergedKeys [0x80656F66]
SSDT \WINNT\system32\ntoskrnl.exe ZwSecureConnectPort [0x80587C11]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetContextThread [0x8063629D]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetDebugFilterState [0x80664BF8]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetDefaultHardErrorPort [0x805B74F9]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetDefaultLocale [0x805DDC9B]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetDefaultUILanguage [0x805DDC42]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetEaFile [0x80621C73]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetEvent [0x80570634]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetEventBoostPriority [0x80576CAA]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetHighEventPair [0x806511E5]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetHighWaitLowEventPair [0x80651109]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetInformationDebugObject [0x80662BB7]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetInformationFile [0x805831AC]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetInformationJobObject [0x805DD782]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetInformationKey [0x80655E3E]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetInformationObject [0x80589C51]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetInformationProcess [0x80574B1F]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetInformationThread [0x80576ABD]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetInformationToken [0x805AD8D2]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetIntervalProfile [0x806513FF]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetIoCompletion [0x80576DF0]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetLdtEntries [0x80636AEF]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetLowEventPair [0x8065117B]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetLowWaitHighEventPair [0x80651097]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetQuotaInformationFile [0x80621FBB]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetSecurityObject [0x8059EC29]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetSystemEnvironmentValue [0x80650A74]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetSystemInformation [0x805B2328]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetSystemPowerState [0x806700E7]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetSystemTime [0x8064FA4F]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetThreadExecutionState [0x805EB0B2]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetTimer [0x804E7A35]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetTimerResolution [0x805EB378]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetUuidSeed [0x805D533B]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetValueKey [0x8057B4EF]
SSDT \WINNT\system32\ntoskrnl.exe ZwSetVolumeInformationFile [0x806224F9]
SSDT \WINNT\system32\ntoskrnl.exe ZwShutdownSystem [0x8064F19B]
SSDT \WINNT\system32\ntoskrnl.exe ZwSignalAndWaitForSingleObject [0x8051C391]
SSDT \WINNT\system32\ntoskrnl.exe ZwStartProfile [0x80651668]
SSDT \WINNT\system32\ntoskrnl.exe ZwStopProfile [0x80651821]
SSDT \WINNT\system32\ntoskrnl.exe ZwSuspendProcess [0x80637B7B]
SSDT \WINNT\system32\ntoskrnl.exe ZwSuspendThread [0x80637A97]
SSDT \WINNT\system32\ntoskrnl.exe ZwSystemDebugControl [0x80651981]
SSDT \WINNT\system32\ntoskrnl.exe ZwTerminateJobObject [0x806384A9]
SSDT \WINNT\system32\ntoskrnl.exe ZwTerminateThread [0x80582DD9]
SSDT \WINNT\system32\ntoskrnl.exe ZwTestAlert [0x8058621F]
SSDT \WINNT\system32\ntoskrnl.exe ZwTraceEvent [0x80549A28]
SSDT \WINNT\system32\ntoskrnl.exe ZwTranslateFilePath [0x806507C3]
SSDT \WINNT\system32\ntoskrnl.exe ZwUnloadDriver [0x80624BBC]
SSDT \WINNT\system32\ntoskrnl.exe ZwUnloadKey [0x806559A2]
SSDT \WINNT\system32\ntoskrnl.exe

#7 mavericktwo

mavericktwo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 14 October 2012 - 03:49 PM

ZwUnloadKeyEx [0x80655BD3]
SSDT \WINNT\system32\ntoskrnl.exe ZwUnlockFile [0x80594ED7]
SSDT \WINNT\system32\ntoskrnl.exe ZwUnlockVirtualMemory [0x8062F14B]
SSDT \WINNT\system32\ntoskrnl.exe ZwUnmapViewOfSection [0x8057A5A1]
SSDT \WINNT\system32\ntoskrnl.exe ZwVdmControl [0x805B4E66]
SSDT \WINNT\system32\ntoskrnl.exe ZwWaitForDebugEvent [0x80662902]
SSDT \WINNT\system32\ntoskrnl.exe ZwWaitForMultipleObjects [0x8056EC49]
SSDT \WINNT\system32\ntoskrnl.exe ZwWaitForSingleObject [0x8056DF62]
SSDT \WINNT\system32\ntoskrnl.exe ZwWaitHighEventPair [0x8065102D]
SSDT \WINNT\system32\ntoskrnl.exe ZwWaitLowEventPair [0x80650FC3]
SSDT \WINNT\system32\ntoskrnl.exe ZwWriteFile [0x8058342D]
SSDT \WINNT\system32\ntoskrnl.exe ZwWriteFileGather [0x805D40AC]
SSDT \WINNT\system32\ntoskrnl.exe ZwWriteRequestData [0x80591765]
SSDT \WINNT\system32\ntoskrnl.exe ZwWriteVirtualMemory [0x805873F6]
SSDT \WINNT\system32\ntoskrnl.exe ZwYieldExecution [0x80515A92]
SSDT \WINNT\system32\ntoskrnl.exe ZwCreateKeyedEvent [0x805CA1A2]
SSDT \WINNT\system32\ntoskrnl.exe ZwOpenKeyedEvent [0x8058BA46]
SSDT \WINNT\system32\ntoskrnl.exe ZwReleaseKeyedEvent [0x80651DF5]
SSDT \WINNT\system32\ntoskrnl.exe ZwWaitForKeyedEvent [0x80652060]
SSDT \WINNT\system32\ntoskrnl.exe ZwQueryPortInformationProcess [0x80635387]

INT 0x00 \WINNT\system32\ntoskrnl.exe 804DE51E
INT 0x01 \WINNT\system32\ntoskrnl.exe 804DE69D
INT 0x03 \WINNT\system32\ntoskrnl.exe 804DEAB1
INT 0x04 \WINNT\system32\ntoskrnl.exe 804DEC34
INT 0x05 \WINNT\system32\ntoskrnl.exe 804DED99
INT 0x06 \WINNT\system32\ntoskrnl.exe 804DEF1A
INT 0x07 \WINNT\system32\ntoskrnl.exe 804DF593
INT 0x09 \WINNT\system32\ntoskrnl.exe 804DF998
INT 0x0A \WINNT\system32\ntoskrnl.exe 804DFAB6
INT 0x0B \WINNT\system32\ntoskrnl.exe 804DFBF3
INT 0x0C \WINNT\system32\ntoskrnl.exe 804DFE50
INT 0x0D \WINNT\system32\ntoskrnl.exe 804E014C
INT 0x0E \WINNT\system32\ntoskrnl.exe 804E0889
INT 0x0F \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x10 \WINNT\system32\ntoskrnl.exe 804E0CDC
INT 0x11 \WINNT\system32\ntoskrnl.exe 804E0E16
INT 0x12 \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x13 \WINNT\system32\ntoskrnl.exe 804E0F7B
INT 0x14 \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x15 \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x16 \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x17 \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x18 \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x19 \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x1A \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x1B \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x1C \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x1D \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x1E \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x1F \WINNT\system32\hal.dll 8070210C
INT 0x2A \WINNT\system32\ntoskrnl.exe 804DDD51
INT 0x2B \WINNT\system32\ntoskrnl.exe 804DDE54
INT 0x2C \WINNT\system32\ntoskrnl.exe 804DE000
INT 0x2D \WINNT\system32\ntoskrnl.exe 804DE990
INT 0x2E \WINNT\system32\ntoskrnl.exe 804DD7D1
INT 0x2F \WINNT\system32\ntoskrnl.exe 804E0BBE
INT 0x30 \WINNT\system32\ntoskrnl.exe 804DCE90
INT 0x31 \WINNT\system32\ntoskrnl.exe 804DCE9A
INT 0x32 \WINNT\system32\ntoskrnl.exe 804DCEA4
INT 0x33 \WINNT\system32\ntoskrnl.exe 804DCEAE
INT 0x34 \WINNT\system32\ntoskrnl.exe 804DCEB8
INT 0x35 \WINNT\system32\ntoskrnl.exe 804DCEC2
INT 0x36 \WINNT\system32\ntoskrnl.exe 804DCECC
INT 0x37 \WINNT\system32\hal.dll 80701864
INT 0x38 \WINNT\system32\ntoskrnl.exe 804DCEE0
INT 0x39 \WINNT\system32\ntoskrnl.exe 804DCEEA
INT 0x3A \WINNT\system32\ntoskrnl.exe 804DCEF4
INT 0x3B \WINNT\system32\ntoskrnl.exe 804DCEFE
INT 0x3C \WINNT\system32\ntoskrnl.exe 804DCF08
INT 0x3D \WINNT\system32\hal.dll 80702E2C
INT 0x3E \WINNT\system32\ntoskrnl.exe 804DCF1C
INT 0x3F \WINNT\system32\ntoskrnl.exe 804DCF26
INT 0x40 \WINNT\system32\ntoskrnl.exe 804DCF30
INT 0x41 \WINNT\system32\hal.dll 80702C88
INT 0x42 \WINNT\system32\ntoskrnl.exe 804DCF44
INT 0x43 \WINNT\system32\ntoskrnl.exe 804DCF4E
INT 0x44 \WINNT\system32\ntoskrnl.exe 804DCF58
INT 0x45 \WINNT\system32\ntoskrnl.exe 804DCF62
INT 0x46 \WINNT\system32\ntoskrnl.exe 804DCF6C
INT 0x47 \WINNT\system32\ntoskrnl.exe 804DCF76
INT 0x48 \WINNT\system32\ntoskrnl.exe 804DCF80
INT 0x49 \WINNT\system32\ntoskrnl.exe 804DCF8A
INT 0x4A \WINNT\system32\ntoskrnl.exe 804DCF94
INT 0x4B \WINNT\system32\ntoskrnl.exe 804DCF9E
INT 0x4C \WINNT\system32\ntoskrnl.exe 804DCFA8
INT 0x4D \WINNT\system32\ntoskrnl.exe 804DCFB2
INT 0x4E \WINNT\system32\ntoskrnl.exe 804DCFBC
INT 0x4F \WINNT\system32\ntoskrnl.exe 804DCFC6
INT 0x50 \WINNT\system32\hal.dll 8070193C
INT 0x51 \WINNT\system32\ntoskrnl.exe 804DCFDA
INT 0x52 \WINNT\system32\ntoskrnl.exe 804DCFE4
INT 0x53 \WINNT\system32\ntoskrnl.exe 804DCFEE
INT 0x54 \WINNT\system32\ntoskrnl.exe 804DCFF8
INT 0x55 \WINNT\system32\ntoskrnl.exe 804DD002
INT 0x56 \WINNT\system32\ntoskrnl.exe 804DD00C
INT 0x57 \WINNT\system32\ntoskrnl.exe 804DD016
INT 0x58 \WINNT\system32\ntoskrnl.exe 804DD020
INT 0x59 \WINNT\system32\ntoskrnl.exe 804DD02A
INT 0x5A \WINNT\system32\ntoskrnl.exe 804DD034
INT 0x5B \WINNT\system32\ntoskrnl.exe 804DD03E
INT 0x5C \WINNT\system32\ntoskrnl.exe 804DD048
INT 0x5D \WINNT\system32\ntoskrnl.exe 804DD052
INT 0x5E \WINNT\system32\ntoskrnl.exe 804DD05C
INT 0x5F \WINNT\system32\ntoskrnl.exe 804DD066
INT 0x60 \WINNT\system32\ntoskrnl.exe 804DD070
INT 0x61 \WINNT\system32\ntoskrnl.exe 804DD07A
INT 0x62 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F74C567E
INT 0x63 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) BA468CB8
INT 0x63 \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) BA45DE54
INT 0x63 \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) BA45DE54
INT 0x63 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) BA468CB8
INT 0x64 \WINNT\system32\ntoskrnl.exe 804DD098
INT 0x65 \WINNT\system32\ntoskrnl.exe 804DD0A2
INT 0x66 \WINNT\system32\ntoskrnl.exe 804DD0AC
INT 0x67 \WINNT\system32\ntoskrnl.exe 804DD0B6
INT 0x68 \WINNT\system32\ntoskrnl.exe 804DD0C0
INT 0x69 \WINNT\system32\ntoskrnl.exe 804DD0CA
INT 0x6A \WINNT\system32\ntoskrnl.exe 804DD0D4
INT 0x6B \WINNT\system32\ntoskrnl.exe 804DD0DE
INT 0x6C \WINNT\system32\ntoskrnl.exe 804DD0E8
INT 0x6D \WINNT\system32\ntoskrnl.exe 804DD0F2
INT 0x6E \WINNT\system32\ntoskrnl.exe 804DD0FC
INT 0x6F \WINNT\system32\ntoskrnl.exe 804DD106
INT 0x70 \WINNT\system32\ntoskrnl.exe 804DD110
INT 0x71 \WINNT\system32\ntoskrnl.exe 804DD11A
INT 0x72 \WINNT\system32\ntoskrnl.exe 804DD124
INT 0x73 ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) F767D2F0
INT 0x74 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) BA734E10
INT 0x75 \WINNT\system32\ntoskrnl.exe 804DD142
INT 0x76 \WINNT\system32\ntoskrnl.exe 804DD14C
INT 0x77 \WINNT\system32\ntoskrnl.exe 804DD156
INT 0x78 \WINNT\system32\ntoskrnl.exe 804DD160
INT 0x79 \WINNT\system32\ntoskrnl.exe 804DD16A
INT 0x7A \WINNT\system32\ntoskrnl.exe 804DD174
INT 0x7B \WINNT\system32\ntoskrnl.exe 804DD17E
INT 0x7C \WINNT\system32\ntoskrnl.exe 804DD188
INT 0x7D \WINNT\system32\ntoskrnl.exe 804DD192
INT 0x7E \WINNT\system32\ntoskrnl.exe 804DD19C
INT 0x7F \WINNT\system32\ntoskrnl.exe 804DD1A6
INT 0x80 \WINNT\system32\ntoskrnl.exe 804DD1B0
INT 0x81 \WINNT\system32\ntoskrnl.exe 804DD1BA
INT 0x82 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F74C567E
INT 0x83 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F74C567E
INT 0x83 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F74C567E
INT 0x83 \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) BA45DE54
INT 0x83 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F74C567E
INT 0x84 \SystemRoot\System32\DRIVERS\IntelC53.sys (Modem AFE Driver/Intel Corporation) F76F7870
INT 0x85 \WINNT\system32\ntoskrnl.exe 804DD1E2
INT 0x86 \WINNT\system32\ntoskrnl.exe 804DD1EC
INT 0x87 \WINNT\system32\ntoskrnl.exe 804DD1F6
INT 0x88 \WINNT\system32\ntoskrnl.exe 804DD200
INT 0x89 \WINNT\system32\ntoskrnl.exe 804DD20A
INT 0x8A \WINNT\system32\ntoskrnl.exe 804DD214
INT 0x8B \WINNT\system32\ntoskrnl.exe 804DD21E
INT 0x8C \WINNT\system32\ntoskrnl.exe 804DD228
INT 0x8D \WINNT\system32\ntoskrnl.exe 804DD232
INT 0x8E \WINNT\system32\ntoskrnl.exe 804DD23C
INT 0x8F \WINNT\system32\ntoskrnl.exe 804DD246
INT 0x90 \WINNT\system32\ntoskrnl.exe 804DD250
INT 0x91 \WINNT\system32\ntoskrnl.exe 804DD25A
INT 0x92 \SystemRoot\System32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) F75779C0
INT 0x93 \SystemRoot\System32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F7587495
INT 0x94 \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) BA3A2954
INT 0x95 \WINNT\system32\ntoskrnl.exe 804DD282
INT 0x96 \WINNT\system32\ntoskrnl.exe 804DD28C
INT 0x97 \WINNT\system32\ntoskrnl.exe 804DD296
INT 0x98 \WINNT\system32\ntoskrnl.exe 804DD2A0
INT 0x99 \WINNT\system32\ntoskrnl.exe 804DD2AA
INT 0x9A \WINNT\system32\ntoskrnl.exe 804DD2B4
INT 0x9B \WINNT\system32\ntoskrnl.exe 804DD2BE
INT 0x9C \WINNT\system32\ntoskrnl.exe 804DD2C8
INT 0x9D \WINNT\system32\ntoskrnl.exe 804DD2D2
INT 0x9E \WINNT\system32\ntoskrnl.exe 804DD2DC
INT 0x9F \WINNT\system32\ntoskrnl.exe 804DD2E6
INT 0xA0 \WINNT\system32\ntoskrnl.exe 804DD2F0
INT 0xA1 \WINNT\system32\ntoskrnl.exe 804DD2FA
INT 0xA2 \WINNT\system32\ntoskrnl.exe 804DD304
INT 0xA3 \SystemRoot\System32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F758EC90
INT 0xA4 \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) BA45DE54
INT 0xA5 \WINNT\system32\ntoskrnl.exe 804DD322
INT 0xA6 \WINNT\system32\ntoskrnl.exe 804DD32C
INT 0xA7 \WINNT\system32\ntoskrnl.exe 804DD336
INT 0xA8 \WINNT\system32\ntoskrnl.exe 804DD340
INT 0xA9 \WINNT\system32\ntoskrnl.exe 804DD34A
INT 0xAA \WINNT\system32\ntoskrnl.exe 804DD354
INT 0xAB \WINNT\system32\ntoskrnl.exe 804DD35E
INT 0xAC \WINNT\system32\ntoskrnl.exe 804DD368
INT 0xAD \WINNT\system32\ntoskrnl.exe 804DD372
INT 0xAE \WINNT\system32\ntoskrnl.exe 804DD37C
INT 0xAF \WINNT\system32\ntoskrnl.exe 804DD386
INT 0xB0 \WINNT\system32\ntoskrnl.exe 804DD390
INT 0xB1 ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F75B331E
INT 0xB2 \WINNT\system32\ntoskrnl.exe 804DD3A4
INT 0xB3 \WINNT\system32\ntoskrnl.exe 804DD3AE
INT 0xB4 \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) BA45DE54
INT 0xB5 \WINNT\system32\ntoskrnl.exe 804DD3C2
INT 0xB6 \WINNT\system32\ntoskrnl.exe 804DD3CC
INT 0xB7 \WINNT\system32\ntoskrnl.exe 804DD3D6
INT 0xB8 \WINNT\system32\ntoskrnl.exe 804DD3E0
INT 0xB9 \WINNT\system32\ntoskrnl.exe 804DD3EA
INT 0xBA \WINNT\system32\ntoskrnl.exe 804DD3F4
INT 0xBB \WINNT\system32\ntoskrnl.exe 804DD3FE
INT 0xBC \WINNT\system32\ntoskrnl.exe 804DD408
INT 0xBD \WINNT\system32\ntoskrnl.exe 804DD412
INT 0xBE \WINNT\system32\ntoskrnl.exe 804DD41C
INT 0xBF \WINNT\system32\ntoskrnl.exe 804DD426
INT 0xC0 \WINNT\system32\ntoskrnl.exe 804DD430
INT 0xC1 \WINNT\system32\hal.dll 80701AC0
INT 0xC2 \WINNT\system32\ntoskrnl.exe 804DD444
INT 0xC3 \WINNT\system32\ntoskrnl.exe 804DD44E
INT 0xC4 \WINNT\system32\ntoskrnl.exe 804DD458
INT 0xC5 \WINNT\system32\ntoskrnl.exe 804DD462
INT 0xC6 \WINNT\system32\ntoskrnl.exe 804DD46C
INT 0xC7 \WINNT\system32\ntoskrnl.exe 804DD476
INT 0xC8 \WINNT\system32\ntoskrnl.exe 804DD480
INT 0xC9 \WINNT\system32\ntoskrnl.exe 804DD48A
INT 0xCA \WINNT\system32\ntoskrnl.exe 804DD494
INT 0xCB \WINNT\system32\ntoskrnl.exe 804DD49E
INT 0xCC \WINNT\system32\ntoskrnl.exe 804DD4A8
INT 0xCD \WINNT\system32\ntoskrnl.exe 804DD4B2
INT 0xCE \WINNT\system32\ntoskrnl.exe 804DD4BC
INT 0xCF \WINNT\system32\ntoskrnl.exe 804DD4C6
INT 0xD0 \WINNT\system32\ntoskrnl.exe 804DD4D0
INT 0xD1 \WINNT\system32\hal.dll 80700E54
INT 0xD2 \WINNT\system32\ntoskrnl.exe 804DD4E4
INT 0xD3 \WINNT\system32\ntoskrnl.exe 804DD4EE
INT 0xD4 \WINNT\system32\ntoskrnl.exe 804DD4F8
INT 0xD5 \WINNT\system32\ntoskrnl.exe 804DD502
INT 0xD6 \WINNT\system32\ntoskrnl.exe 804DD50C
INT 0xD7 \WINNT\system32\ntoskrnl.exe 804DD516
INT 0xD8 \WINNT\system32\ntoskrnl.exe 804DD520
INT 0xD9 \WINNT\system32\ntoskrnl.exe 804DD52A
INT 0xDA \WINNT\system32\ntoskrnl.exe 804DD534
INT 0xDB \WINNT\system32\ntoskrnl.exe 804DD53E
INT 0xDC \WINNT\system32\ntoskrnl.exe 804DD548
INT 0xDD \WINNT\system32\ntoskrnl.exe 804DD552
INT 0xDE \WINNT\system32\ntoskrnl.exe 804DD55C
INT 0xDF \WINNT\system32\ntoskrnl.exe 804DD566
INT 0xE0 \WINNT\system32\ntoskrnl.exe 804DD570
INT 0xE1 \WINNT\system32\hal.dll 80702048
INT 0xE2 \WINNT\system32\ntoskrnl.exe 804DD584
INT 0xE3 \WINNT\system32\hal.dll 80701DAC
INT 0xE4 \WINNT\system32\ntoskrnl.exe 804DD598
INT 0xE5 \WINNT\system32\ntoskrnl.exe 804DD5A2
INT 0xE6 \WINNT\system32\ntoskrnl.exe 804DD5AC
INT 0xE7 \WINNT\system32\ntoskrnl.exe 804DD5B6
INT 0xE8 \WINNT\system32\ntoskrnl.exe 804DD5C0
INT 0xE9 \WINNT\system32\ntoskrnl.exe 804DD5CA
INT 0xEA \WINNT\system32\ntoskrnl.exe 804DD5D4
INT 0xEB \WINNT\system32\ntoskrnl.exe 804DD5DE
INT 0xEC \WINNT\system32\ntoskrnl.exe 804DD5E8
INT 0xED \WINNT\system32\ntoskrnl.exe 804DD5F2
INT 0xEE \WINNT\system32\ntoskrnl.exe 804DD5F9
INT 0xEF \WINNT\system32\ntoskrnl.exe 804DD600
INT 0xF0 \WINNT\system32\ntoskrnl.exe 804DD607
INT 0xF1 \WINNT\system32\ntoskrnl.exe 804DD60E
INT 0xF2 \WINNT\system32\ntoskrnl.exe 804DD615
INT 0xF3 \WINNT\system32\ntoskrnl.exe 804DD61C
INT 0xF4 \WINNT\system32\ntoskrnl.exe 804DD623
INT 0xF5 \WINNT\system32\ntoskrnl.exe 804DD62A
INT 0xF6 \WINNT\system32\ntoskrnl.exe 804DD631
INT 0xF7 \WINNT\system32\ntoskrnl.exe 804DD638
INT 0xF8 \WINNT\system32\ntoskrnl.exe 804DD63F
INT 0xF9 \WINNT\system32\ntoskrnl.exe 804DD646
INT 0xFA \WINNT\system32\ntoskrnl.exe 804DD64D
INT 0xFB \WINNT\system32\ntoskrnl.exe 804DD654
INT 0xFC \WINNT\system32\ntoskrnl.exe 804DD65B
INT 0xFD \WINNT\system32\hal.dll 807025A8
INT 0xFE \WINNT\system32\hal.dll 80702748
INT 0xFF \WINNT\system32\ntoskrnl.exe 804DD670

SYSENTER \WINNT\system32\ntoskrnl.exe 804DD89F

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KiDispatchInterrupt + 2C0 804DCB22 18 Bytes [E0, 25, 7F, FF, FF, FF, 0F, ...]
.text ntoskrnl.exe!KiDispatchInterrupt + 2D8 804DCB3A 1 Byte [00]
.text ntoskrnl.exe!KiDeliverApc + C9C 804DDA9D 1 Byte [06]
.text ntoskrnl.exe!ZwYieldExecution + 47A 804E4CD4 4 Bytes [40, 36, 98, B8]
.text ntoskrnl.exe!RtlPrefetchMemoryNonTemporal 804E5531 1 Byte [90]
.text hal.dll!HalBeginSystemInterrupt + 99A 80703902 1 Byte [44]
.text hal.dll!HalBeginSystemInterrupt + 99A 80703902 20 Bytes [44, 00, 44, 03, 44, 03, BE, ...]
.text hal.dll!HalBeginSystemInterrupt + 9AF 80703917 3 Bytes [05, C7, 67]
.text hal.dll!HalBeginSystemInterrupt + 9B4 8070391C 2 Bytes [C7, 67]
.text hal.dll!HalBeginSystemInterrupt + 9B8 80703920 2 Bytes [7E, 09] {JLE 0xb}
.text ...
.text nv4_mini.sys BA5017C0 16 Bytes [8B, EC, 83, EC, 14, 53, 56, ...]
.text nv4_mini.sys BA5017D3 2 Bytes [1C, 85] {SBB AL, 0x85}
.text nv4_mini.sys BA5017D9 10 Bytes [33, FF, 57, 6A, 04, 8B, 83, ...]
.text nv4_mini.sys BA5017E5 20 Bytes [89, 45, F4, FF, 56, 18, 57, ...]
.text nv4_mini.sys BA5017FD 21 Bytes [57, 6A, 03, 50, FF, 50, 18, ...]
.text ...
.text C:\WINNT\System32\DRIVERS\nv4_mini.sys section is writeable [0xBA47B340, 0x130B5F, 0xF8000020]
init C:\WINNT\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77B1A60]
.text nv4_disp.dll!@GetIAtomString@8 BF046230 854 Bytes [55, 8B, EC, 51, 89, 4D, FC, ...]
.text nv4_disp.dll!@GetIAtomString@8 BF04658A 3 Bytes [FF, 24, 8D]
.text nv4_disp.dll!@GetIAtomString@8 BF046591 292 Bytes [80, FB, 64, 8B, 45, 00, C6, ...]
.text nv4_disp.dll!@GetIAtomString@8 BF0466B9 7 Bytes CALL BF0462EF \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 53.03 /NVIDIA Corporation)
.text nv4_disp.dll!@GetIAtomString@8 BF0466C4 42 Bytes CALL BF046290 \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 53.03 /NVIDIA Corporation)
.text ...
.text C:\WINNT\System32\nv4_disp.dll section is writeable [0xBF012380, 0x268611, 0xF8000020]
? C:\DOCUME~1\C539393\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

#8 mavericktwo

mavericktwo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 14 October 2012 - 03:53 PM

---- User code sections - GMER 1.0.15 ----

UPX1 G:\BC\tct5tmm0.exe[1824] G:\BC\tct5tmm0.exe entry point in "UPX1" section [0x004B8360]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \FatCdrom ntoskrnl.exe
Device \FileSystem\Fastfat \FatCdrom ntoskrnl.exe
Device \FileSystem\Udfs \UdfsCdRom Udfs.SYS (UDF File System Driver/Microsoft Corporation)
Device \FileSystem\Udfs \UdfsCdRom ntoskrnl.exe
Device \FileSystem\Udfs \UdfsCdRom ntoskrnl.exe
Device \FileSystem\Mup \Dfs Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \FileSystem\Udfs \UdfsDisk Udfs.SYS (UDF File System Driver/Microsoft Corporation)
Device \FileSystem\Udfs \UdfsDisk ntoskrnl.exe
Device \FileSystem\Udfs \UdfsDisk ntoskrnl.exe
Device \Driver\NDIS \Device\Ndis NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntoskrnl.exe
Device \Driver\WudfPf \Device\WUDFLpcDevice WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntoskrnl.exe
Device \Driver\usbhub \Device\0000008e usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000008e ntoskrnl.exe
Device \Driver\IntelC51 \Device\IntelCatawbaDsp IntelC51.sys (Modem DSP Driver/Intel Corporation)
Device \Driver\IntelC51 \Device\IntelCatawbaDsp ntoskrnl.exe
Device \Device\00000032
Device \Device\00000025
Device \Device\00000019
Device \FileSystem\NetBIOS \Device\Netbios netbios.sys (NetBIOS interface driver/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios ntoskrnl.exe
Device \Driver\usbhub \Device\0000008f usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000008f ntoskrnl.exe
Device \Device\00000033
Device \Device\00000026
Device \Driver\Tcpip \Device\Ip tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 ntoskrnl.exe
Device \Device\Dvd_2k
Device \Driver\TermDD \Device\RDP_CONSOLE0 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Driver\IntelC52 \Device\MdmPerfMon2 IntelC52.sys (Modem CP Driver/Intel Corporation)
Device \Driver\IntelC52 \Device\MdmPerfMon2 ntoskrnl.exe
Device \Driver\IntelC52 \Device\MdmPerfMon2 IntelC52.sys (Modem CP Driver/Intel Corporation)
Device \Device\00000040
Device \Device\00000034
Device \Device\00000027
Device \Driver\swenum \Device\KSENUM#00000002 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000002 ntoskrnl.exe
Device \Driver\Kbdclass \Device\KeyboardClass0 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 ntoskrnl.exe
Device \Driver\Fips \Device\Fips Fips.SYS (FIPS Crypto Driver/Microsoft Corporation)
Device \Driver\Fips \Device\Fips ntoskrnl.exe
Device \Driver\CTAUDFX.DLL \Device\CTAUDFX.DLL CTAUDFX.DLL (Creative SB FX Plug-in/Creative Technology Ltd)
Device \Driver\CTAUDFX.DLL \Device\CTAUDFX.DLL ntoskrnl.exe
Device \Device\Video0
Device \Driver\TermDD \Device\RDP_CONSOLE1 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\{55EA20D8-9BEA-436A-8F3E-EFF77C6EFDA9}
Device \Device\00000041
Device \Device\00000035
Device \Device\00000028
Device \Driver\Kbdclass \Device\KeyboardClass1 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass1 ntoskrnl.exe
Device \Driver\WudfPf \Device\ProcessManagement WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation)
Device \Device\Video1
Device \Driver\NDProxy \Device\NDProxy NDProxy.SYS (NDIS Proxy/Microsoft Corporation)
Device \Driver\NDProxy \Device\NDProxy ntoskrnl.exe
Device \Device\00000042
Device \Device\00000036
Device \Device\00000029
Device \Device\Video2
Device \Driver\Serial \Device\Serial0 serial.sys (Serial Device Driver/Microsoft Corporation)
Device \Driver\Serial \Device\Serial0 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000050 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000050 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000050 ntoskrnl.exe
Device \Driver\Mouclass \Device\PointerClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass0 ntoskrnl.exe
Device \Device\00000043
Device \Device\00000037
Device \Device\0000000a
Device \Driver\usbuhci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 ntoskrnl.exe
Device \Driver\NetBT \Device\NetBT_Tcpip_{EEED4A62-7FD6-4962-8C07-AA1D621F226B} netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{EEED4A62-7FD6-4962-8C07-AA1D621F226B} ntoskrnl.exe
Device \Driver\NetBT \Device\NetBT_Tcpip_{EEED4A62-7FD6-4962-8C07-AA1D621F226B} netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Device\Video3
Device \Driver\PnpManager \Device\00000051 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000051 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000051 ntoskrnl.exe
Device \Device\Processor
Device \Driver\Mouclass \Device\PointerClass1 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass1 ntoskrnl.exe
Device \Device\00000044
Device \Device\00000038
Device \Device\0000000b
Device \Driver\WMIxWDM \Device\WMIDataDevice ntoskrnl.exe
Device \Driver\WMIxWDM \Device\WMIDataDevice ntoskrnl.exe
Device \Driver\WMIxWDM \Device\WMIDataDevice ntoskrnl.exe
Device \Driver\usbuhci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-1 ntoskrnl.exe
Device \Driver\MSHUSBVideo \Device\NX6000Filter nx6000.sys (Microsoft® LifeCam NX-6000 driver/Microsoft Corporation)
Device \Device\{8B0CE8F3-FE29-4E6D-BA49-2B14062BC9E7}
Device \Device\Video4
Device \Driver\PnpManager \Device\00000052 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000052 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000052 ntoskrnl.exe
Device \FileSystem\RAW \Device\RawTape ntoskrnl.exe
Device \FileSystem\RAW \Device\RawTape ntoskrnl.exe
Device \FileSystem\RAW \Device\RawTape ntoskrnl.exe
Device \Device\00000045
Device \Device\00000039
Device \Device\0000000c
Device \Device\FloppyPDO0
Device \Driver\usbuhci \Device\USBPDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-2 ntoskrnl.exe
Device \FileSystem\MRxDAV \Device\WebDavRedirector mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector ntoskrnl.exe
Device \Device\Video5
Device \Driver\PnpManager \Device\00000053 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000053 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000053 ntoskrnl.exe
Device \Device\NTPNP_PCI0000
Device \Device\00000046
Device \Device\0000001a
Device \Device\0000000d
Device \Driver\usbuhci \Device\USBPDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-3 ntoskrnl.exe
Device \FileSystem\UDFReadr \Device\UdfReadr UDFReadr.SYS (CD-UDF NT Filesystem Reader Driver/Roxio)
Device \FileSystem\UDFReadr \Device\UdfReadr UDFReadr.SYS (CD-UDF NT Filesystem Reader Driver/Roxio)
Device \Device\00000060
Device \Device\NTPNP_PCI0001
Device \Device\00000054
Device \Device\00000047
Device \Device\0000001b
Device \Device\0000000e
Device \Driver\usbehci \Device\USBPDO-4 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-4 ntoskrnl.exe
Device \Driver\RasAcd \Device\RasAcd rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd ntoskrnl.exe
Device \Driver\IpNat \Device\IPNAT ipnat.sys (IP Network Address Translator/Microsoft Corporation)
Device \Driver\IpNat \Device\IPNAT ntoskrnl.exe
Device \Driver\PfDetNT \Device\PfModNT PfModNT.sys (PCI/ISA Device Info. Service/Creative Technology Ltd.)
Device \Driver\PfDetNT \Device\PfModNT ntoskrnl.exe
Device \Driver\t1pusb \Device\USBVGA5100_00 t1pusb.sys (USB Graphics Device (1P) Driver/Magic Control Technology Corp.)
Device \Driver\t1pusb \Device\USBVGA5100_00 ntoskrnl.exe
Device \Driver\hap16v2k \Device\HAP16V2K hap16v2k.sys (Creative EMU10KX-P16v HAL (WDM)/Creative Technology Ltd)
Device \Driver\hap16v2k \Device\HAP16V2K ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0002 ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0002 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\00000061
Device \Driver\GEARAspiWDM \Device\GEARAspiWDMDevice GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.)
Device \Device\00000055
Device \Device\00000048
Device \Device\0000001c
Device \Device\0000000f
Device \Driver\Tcpip \Device\Tcp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Device\USBPDO-5
Device \Driver\ParVdm \Device\ParallelVdm0 ParVdm.SYS (VDM Parallel Driver/Microsoft Corporation)
Device \Driver\ParVdm \Device\ParallelVdm0 ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0003 ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0003 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\NTPNP_PCI0010
Device \Device\00000062
Device \Device\00000056
Device \Device\00000049
Device \Device\0000001d
Device \Driver\usbhub \Device\USBPDO-6 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-6 ntoskrnl.exe
Device \Driver\emupia \Device\EMUPIA emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd)
Device \Driver\emupia \Device\EMUPIA ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0004 ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0004 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\isapnp \Device\00000070 isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation)
Device \Driver\isapnp \Device\00000070 ntoskrnl.exe
Device \Device\NTPNP_PCI0011
Device \Device\00000063
Device \Device\00000057
Device \Device\0000002a
Device \Device\0000001e
Device \Driver\Ftdisk \Device\HarddiskVolume1 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ntoskrnl.exe
Device \Driver\usbhub \Device\USBPDO-7 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-7 ntoskrnl.exe
Device \Device\NTPNP_PCI0012
Device \Driver\ossrv \Device\OSSRV ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.)
Device \Driver\ossrv \Device\OSSRV ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0005 ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0005 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\00000058
Device \Device\00000071
Device \Driver\ACPI \Device\00000064 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\0000002b
Device \Device\0000001f
Device \Driver\Ftdisk \Device\HarddiskVolume2 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume2 ntoskrnl.exe
Device \Driver\Cdrom \Device\CdRom0 CLASSPNP.SYS
Device \Driver\Cdrom \Device\CdRom0 ntoskrnl.exe
Device \Driver\usbhub \Device\USBPDO-8 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\USBPDO-8 ntoskrnl.exe
Device \Driver\sysaudio \Device\sysaudio ks.sys (Kernel CSA Library/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ntoskrnl.exe
Device \Driver\sysaudio \Device\sysaudio sysaudio.sys (System Audio WDM Filter/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000059 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000059 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000059 ntoskrnl.exe
Device \FileSystem\Rdbss \Device\FsWrap rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap ntoskrnl.exe
Device \FileSystem\DVDVRRdr_xp \Device\DVDVRRdr DVDVRRdr_xp.SYS (DVDVR Filesystem Reader Driver/Windows ® 2000 DDK provider)
Device \Driver\PCI \Device\NTPNP_PCI0006 ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0006 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\TermDD \Device\Termdd termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0013 ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0013 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\00000072
Device \Driver\ACPI \Device\00000065 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\0000002c
Device \Driver\PCIIde \Device\Ide\PciIde1Channel0-2 ntoskrnl.exe
Device \Driver\PCIIde \Device\Ide\PciIde1Channel0-2 PCIIDEX.SYS
Device \Driver\atapi \Device\Ide\IdePort0 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 ntoskrnl.exe
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-24 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-24 ntoskrnl.exe
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 ntoskrnl.exe
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 PCIIDEX.SYS
Device \Driver\atapi \Device\Ide\IdePort1 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 ntoskrnl.exe
Device \Driver\atapi \Device\Ide\IdePort2 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort2 ntoskrnl.exe
Device \Driver\atapi \Device\Ide\IdePort3 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort3 ntoskrnl.exe
Device \Driver\PCIIde \Device\Ide\PciIde1Channel1-3 ntoskrnl.exe
Device \Driver\PCIIde \Device\Ide\PciIde1Channel1-3 PCIIDEX.SYS
Device \Driver\PCIIde \Device\Ide\PciIde0Channel1-1 ntoskrnl.exe
Device \Driver\PCIIde \Device\Ide\PciIde0Channel1-1 PCIIDEX.SYS
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e ntoskrnl.exe
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 ntoskrnl.exe
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1c atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1c ntoskrnl.exe
Device \Device\Ide\PciIde0
Device \Device\Ide\PciIde1
Device \Driver\Cdrom \Device\CdRom1 CLASSPNP.SYS
Device \Driver\Cdrom \Device\CdRom1 ntoskrnl.exe
Device \Device\i
Device \Driver\Aspi32 \Device\MbMmDp32 Aspi32.SYS (ASPI for WIN32 Kernel Driver/Adaptec)
Device \Driver\Aspi32 \Device\MbMmDp32 ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0014 ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0014 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0015 ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0015 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\IntelC53 \Device\IntelCatawbaAfe IntelC53.sys (Modem AFE Driver/Intel Corporation)
Device \Driver\IntelC53 \Device\IntelCatawbaAfe ntoskrnl.exe
Device \Driver\ACPI \Device\00000080 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000074 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0008 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000075 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0016 ntoskrnl.exe
Device \Driver\PCI \Device\NTPNP_PCI0016 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000081 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\COMMONFX.DLL \Device\COMMONFX.DLL COMMONFX.DLL (Creative Common FX Plug-in/Creative Technology Ltd)
Device \Driver\COMMONFX.DLL \Device\COMMONFX.DLL ntoskrnl.exe
Device \Driver\ACPI \Device\00000076 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000082 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000069 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000090 usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation)
Device \Driver\usbccgp \Device\00000090 ntoskrnl.exe
Device \Driver\NetBT \Device\NetBt_Wins_Export netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export ntoskrnl.exe
Device \Driver\NetBT \Device\NetBt_Wins_Export netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000091 HIDCLASS.SYS (Hid Class Library/Microsoft Corporation)
Device \Driver\HidUsb \Device\00000091 ntoskrnl.exe
Device \Driver\Arp1394 \Device\ARP1394 arp1394.sys (IP/1394 Arp Client/Microsoft Corporation)
Device \Driver\Arp1394 \Device\ARP1394 ntoskrnl.exe
Device \Driver\ACPI \Device\00000084 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb ntoskrnl.exe
Device \Driver\NetBT \Device\NetbiosSmb netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\ACPI \Device\00000085 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000079 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000005a ntoskrnl.exe
Device \Driver\PnpManager \Device\0000005a ntoskrnl.exe
Device \Driver\PnpManager \Device\0000005a ntoskrnl.exe
Device \Driver\ACPI \Device\00000086 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000005b ntoskrnl.exe
Device \Driver\PnpManager \Device\0000005b ntoskrnl.exe
Device \Driver\PnpManager \Device\0000005b ntoskrnl.exe
Device \Driver\MountMgr \Device\MountPointManager MountMgr.sys (Mount Manager/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager ntoskrnl.exe
Device \Driver\SASDIFSV \Device\SASDIFSV SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)
Device \Driver\SASDIFSV \Device\SASDIFSV ntoskrnl.exe
Device \Driver\ACPI \Device\00000087 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000095 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000095 ntoskrnl.exe
Device \Driver\Wanarp \Device\WANARP wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation)
Device \FileSystem\Srv \Device\LanmanServer srv.sys (Server driver/Microsoft Corporation)
Device \FileSystem\Mup \Device\Mup Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\ctprxy2k \Device\CTPROXY ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd)
Device \Driver\ctprxy2k \Device\CTPROXY ntoskrnl.exe
Device \Driver\ohci1394 \Device\00000088 1394BUS.SYS
Device \Driver\ohci1394 \Device\00000088 ntoskrnl.exe
Device \Driver\Tcpip \Device\Udp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000096 USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device \Driver\USBSTOR \Device\00000096 ntoskrnl.exe
Device \Driver\CTSBLFX.DLL \Device\CTSBLFX.DLL CTSBLFX.DLL (Creative SB FX Plug-in/Creative Technology Ltd)
Device \Driver\CTSBLFX.DLL \Device\CTSBLFX.DLL ntoskrnl.exe
Device \Driver\NIC1394 \Device\{0512491D-74BA-4A9F-B230-0158E17C2042} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\RawIp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Device\Harddisk0\DP(1)0x7e00-0x1c9f7f4600+2
Device \Driver\Disk \Device\Harddisk0\DR0 CLASSPNP.SYS
Device \Driver\Disk \Device\Harddisk0\DR0 ntoskrnl.exe
Device \Driver\SASKUTIL \Device\SASKUTIL SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)
Device \Driver\SASKUTIL \Device\SASKUTIL ntoskrnl.exe
Device \Driver\NdisWan \Device\NdisWanIp NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006a ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\Harddisk1\DP(1)0x7e00-0x2543150400+3
Device \Driver\Disk \Device\Harddisk1\DR1 CLASSPNP.SYS
Device \Driver\Disk \Device\Harddisk1\DR1 ntoskrnl.exe
Device \Driver\PptpMiniport \Device\{9F1E971F-26B6-4D19-BC81-BB4A527870D1} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\IntelC53 \Device\IntelCatawbaSound IntelC53.sys (Modem AFE Driver/Intel Corporation)
Device \Driver\IntelC53 \Device\IntelCatawbaSound ntoskrnl.exe
Device \Driver\PnpManager \Device\00000002 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000002 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000002 ntoskrnl.exe
Device \Driver\ACPI \Device\0000006b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntoskrnl.exe
Device \FileSystem\RAW \Device\RawDisk ntoskrnl.exe
Device \FileSystem\RAW \Device\RawDisk ntoskrnl.exe
Device \Driver\ACPI_HAL \Device\0000005f ntoskrnl.exe
Device \Driver\ACPI_HAL \Device\0000005f hal.dll
Device \Driver\Disk \Device\Harddisk2\DR4 CLASSPNP.SYS
Device \Driver\Disk \Device\Harddisk2\DR4 ntoskrnl.exe
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+5 CLASSPNP.SYS
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+5 ntoskrnl.exe
Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null ntoskrnl.exe
Device \Driver\usbuhci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000003 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000003 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000003 ntoskrnl.exe
Device \Driver\ohci1394 \Device\1394BUS0 1394BUS.SYS
Device \Driver\ohci1394 \Device\1394BUS0 ntoskrnl.exe
Device \Driver\ACPI \Device\0000006c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ipsec.sys (IPSec Driver/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ntoskrnl.exe
Device \Driver\ACPI \Device\0000007a ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-1 ntoskrnl.exe
Device \Driver\Ptilink \Device\ParTechInc0 ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)
Device \Driver\Ptilink \Device\ParTechInc0 ntoskrnl.exe
Device \Driver\MxlW2k \Device\MxlW2k MxlW2k.SYS (MusicMatch Access Layer KMD/MusicMatch, Inc.)
Device \Driver\PnpManager \Device\00000004 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000004 ntoskrnl.exe
Device \Driver\PnpManager \Device\00000004 ntoskrnl.exe
Device \Driver\ACPI \Device\0000006d ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \Driver\uxldqpoc \Device\uxldqpoc uxldqpoc.sys
Device \Driver\uxldqpoc \Device\uxldqpoc ntoskrnl.exe
Device \Driver\NdisWan \Device\NdisWan NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWanBh NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\RasPppoe \Device\{60956E4B-FD50-4E3E-AE46-913EE895EDE1} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000007b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ha10kx2k \Device\HA10KX2K ha10kx2k.sys (Creative EMU10KX HAL (WDM)/Creative Technology Ltd)
Device \Driver\ha10kx2k \Device\HA10KX2K ntoskrnl.exe
Device \Driver\usbuhci \Device\USBFDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 ntoskrnl.exe
Device \Driver\NdisTapi \Device\NdisTapi ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ntoskrnl.exe
Device \Driver\IntelC52 \Device\537 IntelC52.sys (Modem CP Driver/Intel Corporation)
Device \Driver\IntelC52 \Device\537 ntoskrnl.exe
Device \Driver\IntelC52 \Device\537 IntelC52.sys (Modem CP Driver/Intel Corporation)
Device \Driver\ACPI \Device\0000006e ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \Driver\Gpc \Device\Gpc msgpc.sys (MS General Packet Classifier/Microsoft Corporation)
Device \Driver\pwd_2k \Device\pwd_2k pwd_2k.SYS (Win2000 Framework for Packet Write Driver/Roxio)
Device \Driver\usbuhci \Device\USBFDO-3 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-3 ntoskrnl.exe
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe ntoskrnl.exe
Device \Driver\usbehci \Device\USBFDO-4 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-4 ntoskrnl.exe
Device \Driver\Ftdisk \Device\FtControl ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ntoskrnl.exe
Device \Driver\mbr \Device\mbr mbr.sys
Device \Driver\mbr \Device\mbr ntoskrnl.exe
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot ntoskrnl.exe
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \Driver\Modem \Device\0000008a Modem.SYS (Modem Device Driver/Microsoft Corporation)
Device \Driver\Modem \Device\0000008a ntoskrnl.exe
Device \Driver\AFD \Device\Afd afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ntoskrnl.exe
Device \Driver\usbhub \Device\0000008b usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000008b ntoskrnl.exe
Device \Driver\ACPI \Device\0000007f ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntoskrnl.exe
Device \FileSystem\RAW \Device\RawCdRom ntoskrnl.exe
Device \FileSystem\RAW \Device\RawCdRom ntoskrnl.exe
Device \Driver\ctac32k \Device\CTAC32K ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd)
Device \Driver\ctac32k \Device\CTAC32K ntoskrnl.exe
Device \Driver\usbhub \Device\0000008c usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000008c ntoskrnl.exe
Device \FileSystem\Mup \Device\WinDfs\Root Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\E100B \Device\{EEED4A62-7FD6-4962-8C07-AA1D621F226B} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ctsfm2k \Device\CTSFM2K ctsfm2k.sys (SoundFont® Manager (WDM)/Creative Technology Ltd)
Device \Driver\ctsfm2k \Device\CTSFM2K ntoskrnl.exe
Device \Driver\usbhub \Device\0000008d usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\0000008d ntoskrnl.exe
Device \FileSystem\Fastfat \Fat Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat ntoskrnl.exe
Device \FileSystem\Fastfat \Fat ntoskrnl.exe
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntoskrnl.exe
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\Filters\SystemRestore
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntoskrnl.exe
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntoskrnl.exe
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntoskrnl.exe
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntoskrnl.exe
Device \FileSystem\Cdfs \Cdfs Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ntoskrnl.exe
Device \FileSystem\Cdfs \Cdfs ntoskrnl.exe
Device \FileSystem\Cdfs \Cdfs Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \WINNT\system32\ntoskrnl.exe 804D7000-80700000 (2265088 bytes)
Module \WINNT\system32\hal.dll 80700000-80720D00 (134400 bytes)
Module \WINNT\system32\KDCOM.DLL F7987000-F7989000 (8192 bytes)
Module \WINNT\system32\BOOTVID.dll F7897000-F789A000 (12288 bytes)
Module ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F75A8000-F75D6000 (188416 bytes)
Module \WINNT\System32\DRIVERS\WMILIB.SYS F7989000-F798B000 (8192 bytes)
Module pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) F7597000-F75A8000 (69632 bytes)
Module isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) F75F7000-F7601000 (40960 bytes)
Module pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F7A4F000-F7A50000 (4096 bytes)
Module \WINNT\System32\DRIVERS\PCIIDEX.SYS F7707000-F770E000 (28672 bytes)
Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F798B000-F798D000 (8192 bytes)
Module intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) F798D000-F798F000 (8192 bytes)
Module MountMgr.sys (Mount Manager/Microsoft Corporation) F7607000-F7612000 (45056 bytes)
Module ftdisk.sys (FT Disk Driver/Microsoft Corporation) F74D8000-F74F7000 (126976 bytes)
Module PartMgr.sys (Partition Manager/Microsoft Corporation) F770F000-F7714000 (20480 bytes)
Module VolSnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) F7617000-F7624000 (53248 bytes)
Module atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F74C0000-F74D8000 (98304 bytes)
Module iaStor.sys (Intel Application Accelerator driver/Intel Corporation) F747C000-F74C0000 (278528 bytes)
Module ultra.sys (Promise Ultra66 Miniport Driver/Promise Technology, Inc.) F7627000-F7630000 (36864 bytes)
Module \WINNT\System32\DRIVERS\SCSIPORT.SYS F7464000-F747C000 (98304 bytes)
Module adpu160m.sys (Adaptec Ultra160 SCSI miniport/Microsoft Corporation) F744B000-F7464000 (102400 bytes)
Module disk.sys (PnP Disk Driver/Microsoft Corporation) F7637000-F7640000 (36864 bytes)
Module \WINNT\System32\DRIVERS\CLASSPNP.SYS F7647000-F7654000 (53248 bytes)
Module fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) F742B000-F744B000 (131072 bytes)
Module sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) F7419000-F742B000 (73728 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7667000-F7670000 (36864 bytes)
Module KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation) BA7E9000-BA800000 (94208 bytes)
Module WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) BA7D6000-BA7E9000 (77824 bytes)
Module Ntfs.sys (NT File System Driver/Microsoft Corporation) BA749000-BA7D6000 (577536 bytes)
Module NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) BA71C000-BA749000 (184320 bytes)
Module ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) F7677000-F7687000 (65536 bytes)
Module \WINNT\System32\DRIVERS\1394BUS.SYS F7687000-F7695000 (57344 bytes)
Module Mup.sys (Multiple UNC Provider driver/Microsoft Corporation) BA662000-BA67C000 (106496 bytes)
Module agp440.sys (440 NT AGP Filter/Microsoft Corporation) F7697000-F76A2000 (45056 bytes)
Module \SystemRoot\System32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) F76C7000-F76D7000 (65536 bytes)
Module \SystemRoot\System32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) F76D7000-F76E0000 (36864 bytes)
Module \SystemRoot\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 53.03 /NVIDIA Corporation) BA47B000-BA5F2000 (1536000 bytes)
Module \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) BA467000-BA47B000 (81920 bytes)
Module \SystemRoot\System32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) F775F000-F7765000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) BA443000-BA467000 (147456 bytes)
Module \SystemRoot\System32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) F7767000-F776F000 (32768 bytes)
Module \SystemRoot\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd) BA3C5000-BA443000 (516096 bytes)
Module \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) BA3A1000-BA3C5000 (147456 bytes)
Module \SystemRoot\system32\drivers\drmk.sys (Microsoft Kernel DRM Descrambler Filter/Microsoft Corporation) F76E7000-F76F6000 (61440 bytes)
Module \SystemRoot\system32\drivers\ks.sys (Kernel CSA Library/Microsoft Corporation) BA37E000-BA3A1000 (143360 bytes)
Module \SystemRoot\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.) BA34A000-BA37E000 (212992 bytes)
Module \SystemRoot\System32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd) F7787000-F778F000 (32768 bytes)
Module \SystemRoot\System32\DRIVERS\IntelC53.sys (Modem AFE Driver/Intel Corporation) F76F7000-F7703000 (49152 bytes)
Module \SystemRoot\System32\DRIVERS\IntelC51.sys (Modem DSP Driver/Intel Corporation) BA249000-BA34A000 (1052672 bytes)
Module \SystemRoot\System32\DRIVERS\IntelC52.sys (Modem CP Driver/Intel Corporation) BA1DB000-BA249000 (450560 bytes)
Module \SystemRoot\System32\DRIVERS\mohfilt.sys (Filter Driver to Support Modem-on-Hold/Intel Corporation) F77AF000-F77B4000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Modem.SYS (Modem Device Driver/Microsoft Corporation) F77BF000-F77C7000 (32768 bytes)
Module \SystemRoot\System32\DRIVERS\e100b325.sys (Intel® PRO/100 Adapter NDIS 5.1 driver/Intel Corporation) BA1B7000-BA1DB000 (147456 bytes)
Module \SystemRoot\System32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F7587000-F7594000 (53248 bytes)
Module \SystemRoot\System32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) F77CF000-F77D5000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) F77D7000-F77DD000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) F77E7000-F77EE000 (28672 bytes)
Module \SystemRoot\System32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) F7577000-F7587000 (65536 bytes)
Module \SystemRoot\System32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) F792B000-F792F000 (16384 bytes)
Module \SystemRoot\System32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) BA103000-BA117000 (81920 bytes)
Module \SystemRoot\System32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) F7567000-F7572000 (45056 bytes)
Module \SystemRoot\System32\Drivers\MxlW2k.SYS (MusicMatch Access Layer KMD/MusicMatch, Inc.) F77F7000-F77FE000 (28672 bytes)
Module \SystemRoot\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) F7557000-F7567000 (65536 bytes)
Module \SystemRoot\System32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) F7547000-F7556000 (61440 bytes)
Module \SystemRoot\System32\Drivers\pwd_2k.SYS (Win2000 Framework for Packet Write Driver/Roxio) BA096000-BA0B3000 (118784 bytes)
Module \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F7817000-F781D000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\T1PExGrp.sys (Trigger USB Graphics Chipset Family (1P-E) Driver/Magic Control Technology Corp.) F771F000-F7724000 (20480 bytes)
Module \SystemRoot\system32\drivers\T1PMrGrp.sys (Trigger USB Graphics Chipset Family (1P-M) Driver/Magic Control Technology Corp.) F774F000-F7755000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) F7A89000-F7A8A000 (4096 bytes)
Module \SystemRoot\System32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) F7537000-F7544000 (53248 bytes)
Module \SystemRoot\System32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) F794B000-F794E000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) BA07F000-BA096000 (94208 bytes)
Module \SystemRoot\System32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) F7527000-F7532000 (45056 bytes)
Module \SystemRoot\System32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) F7517000-F7523000 (49152 bytes)
Module \SystemRoot\System32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) F777F000-F7784000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) BA046000-BA057000 (69632 bytes)
Module \SystemRoot\System32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) F7507000-F7510000 (36864 bytes)
Module \SystemRoot\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F7797000-F779C000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) F77A7000-F77AC000 (20480 bytes)
Module \SystemRoot\System32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) F74F7000-F7501000 (40960 bytes)
Module \SystemRoot\System32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) F7993000-F7995000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) B9FE8000-BA046000 (385024 bytes)
Module \SystemRoot\System32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) BA62E000-BA632000 (16384 bytes)
Module \SystemRoot\System32\Drivers\dvd_2K.SYS (DVD-RAM AddOn Driver/Roxio) F77DF000-F77E5000 (24576 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation) BA70C000-BA716000 (40960 bytes)
Module \SystemRoot\System32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) BA6FC000-BA70B000 (61440 bytes)
Module \SystemRoot\System32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) F799B000-F799D000 (8192 bytes)
Module \SystemRoot\System32\drivers\hap16v2k.sys (Creative EMU10KX-P16v HAL (WDM)/Creative Technology Ltd) B8DEB000-B8E16000 (176128 bytes)
Module \SystemRoot\System32\drivers\ha10kx2k.sys (Creative EMU10KX HAL (WDM)/Creative Technology Ltd) B8CE1000-B8DEB000 (1089536 bytes)
Module \SystemRoot\System32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd) B8CB2000-B8CE1000 (192512 bytes)
Module \SystemRoot\System32\drivers\ctsfm2k.sys (SoundFont® Manager (WDM)/Creative Technology Ltd) B8C89000-B8CB2000 (167936 bytes)
Module \SystemRoot\System32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd) B8BED000-B8C89000 (638976 bytes)
Module \SystemRoot\System32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) BA0D3000-BA0D8000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Cdr4_xp.SYS (CDR4 CD and DVD Place Holder Driver (see PxHelp)/Sonic Solutions) F7A85000-F7A86000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Cdralw2k.SYS (CDRAL Place Holder Driver (see PxHelp)/Sonic Solutions) F7A86000-F7A87000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) F79A1000-F79A3000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) F7A88000-F7A89000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) F79A5000-F79A7000 (8192 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) BA0BB000-BA0C1000 (24576 bytes)
Module \SystemRoot\System32\Drivers\mnmdd.SYS (Frame buffer simulator/Microsoft Corporation) F79A9000-F79AB000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) F79AD000-F79AF000 (8192 bytes)
Module \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS (DVDVR Filesystem Reader Driver/Windows ® 2000 DDK provider) B8B32000-B8B55000 (143360 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) F77FF000-F7804000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) F780F000-F7817000 (32768 bytes)
Module \SystemRoot\System32\Drivers\UDFReadr.SYS (CD-UDF NT Filesystem Reader Driver/Roxio) B8AEE000-B8B20000 (204800 bytes)
Module \SystemRoot\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) BA632000-BA635000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) B8AA1000-B8AB4000 (77824 bytes)
Module \SystemRoot\System32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) B8A48000-B8AA1000 (364544 bytes)
Module \SystemRoot\System32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) B8A22000-B8A48000 (155648 bytes)
Module \SystemRoot\system32\drivers\mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) B8A0D000-B8A22000 (86016 bytes)
Module \SystemRoot\System32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) BA6CC000-BA6D5000 (36864 bytes)
Module \SystemRoot\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) B89E5000-B8A0D000 (163840 bytes)
Module \SystemRoot\System32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) BA6BC000-BA6CB000 (61440 bytes)
Module \SystemRoot\System32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) B8E1E000-B8E21000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) B8E16000-B8E19000 (12288 bytes)
Module \SystemRoot\System32\DRIVERS\HIDCLASS.SYS (Hid Class Library/Microsoft Corporation) BA6AC000-BA6B5000 (36864 bytes)
Module \SystemRoot\System32\DRIVERS\HIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation) F778F000-F7796000 (28672 bytes)
Module \SystemRoot\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) B899B000-B89BD000 (139264 bytes)
Module \SystemRoot\System32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) BA69C000-BA6A5000 (36864 bytes)
Module \??\C:\Program_Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) B8979000-B899B000 (139264 bytes)
Module \??\C:\Program_Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) F77B7000-F77BD000 (24576 bytes)
Module \SystemRoot\System32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) B894E000-B8979000 (176128 bytes)
Module \SystemRoot\System32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) B88DE000-B894E000 (458752 bytes)
Module \SystemRoot\System32\Drivers\Fips.SYS (FIPS Crypto Driver/Microsoft Corporation) BA67C000-BA687000 (45056 bytes)
Module \SystemRoot\System32\Drivers\Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) B88BA000-B88DE000 (147456 bytes)
Module \SystemRoot\System32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) BA0EB000-BA0F3000 (32768 bytes)
Module \SystemRoot\system32\drivers\t1pusb.sys (USB Graphics Device (1P) Driver/Magic Control Technology Corp.) B88A1000-B88BA000 (102400 bytes)
Module \SystemRoot\System32\Drivers\nx6000.sys (Microsoft® LifeCam NX-6000 driver/Microsoft Corporation) BA1A7000-BA1B1000 (40960 bytes)
Module \SystemRoot\System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation) B8883000-B88A1000 (122880 bytes)
Module \SystemRoot\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) BA197000-BA1A6000 (61440 bytes)
Module \SystemRoot\System32\Drivers\Udfs.SYS (UDF File System Driver/Microsoft Corporation) B8872000-B8883000 (69632 bytes)
Module \SystemRoot\System32\Drivers\dump_atapi.sys B885A000-B8872000 (98304 bytes)
Module \SystemRoot\System32\Drivers\dump_WMILIB.SYS F79B9000-F79BB000 (8192 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) BF800000-BF9C8000 (1867776 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) B8AD4000-B8AD7000 (12288 bytes)
Module \SystemRoot\System32\watchdog.sys (Watchdog Driver/Microsoft Corporation) B8B8D000-B8B92000 (20480 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) BF000000-BF012000 (73728 bytes)
Module \SystemRoot\System32\drivers\dxgthk.sys (DirectX Graphics Driver Thunk/Microsoft Corporation) F7AC2000-F7AC3000 (4096 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 53.03 /NVIDIA Corporation) BF012000-BF432000 (4325376 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BF432000-BF479000 (290816 bytes)
Module \SystemRoot\System32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) B7920000-B7924000 (16384 bytes)
Module \SystemRoot\system32\COMMONFX.DLL (Creative Common FX Plug-in/Creative Technology Ltd) B6FBD000-B6FD8000 (110592 bytes)
Module \SystemRoot\system32\CTAUDFX.DLL (Creative SB FX Plug-in/Creative Technology Ltd) B6F32000-B6FBD000 (569344 bytes)
Module \SystemRoot\system32\CTSBLFX.DLL (Creative SB FX Plug-in/Creative Technology Ltd) B6EA4000-B6F32000 (581632 bytes)
Module \SystemRoot\System32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) B6E4F000-B6E7C000 (184320 bytes)
Module \SystemRoot\System32\Drivers\ParVdm.SYS (VDM Parallel Driver/Microsoft Corporation) F79E1000-F79E3000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Aspi32.SYS (ASPI for WIN32 Kernel Driver/Adaptec) B6FE0000-B6FE4000 (16384 bytes)
Module \SystemRoot\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) B6CDF000-B6D37000 (360448 bytes)
Module \SystemRoot\System32\Drivers\Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) B6DF7000-B6E07000 (65536 bytes)
Module \??\C:\WINNT\system32\drivers\PfModNT.sys (PCI/ISA Device Info. Service/Creative Technology Ltd.) B6BD8000-B6BEF000 (94208 bytes)
Module \SystemRoot\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) B6BC3000-B6BD8000 (86016 bytes)
Module \SystemRoot\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) B8E3E000-B8E4D000 (61440 bytes)
Module \SystemRoot\System32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) B8B85000-B8B8C000 (28672 bytes)
Module \??\C:\DOCUME~1\C539393\LOCALS~1\Temp\mbr.sys BA0FB000-BA102000 (28672 bytes)
Module \??\C:\DOCUME~1\C539393\LOCALS~1\Temp\uxldqpoc.sys (GMER) B69CC000-B69E5000 (102400 bytes)
Module \WINNT\system32\ntdll.dll 7C900000-7C9B2000 (729088 bytes)

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process C:\WINNT\Explorer.EXE (Windows Explorer/Microsoft Corporation) 164
Library C:\WINNT\Explorer.EXE (Windows Explorer/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\BROWSEUI.dll (Shell Browser UI Library/Microsoft Corporation) 0x75F80000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\SHDOCVW.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x7E290000
Library C:\WINNT\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINNT\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINNT\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x754D0000
Library C:\WINNT\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINNT\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00400000
Library C:\WINNT\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINNT\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library C:\WINNT\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINNT\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINNT\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINNT\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINNT\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINNT\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINNT\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINNT\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINNT\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINNT\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINNT\System32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A20000
Library C:\WINNT\System32\CSCDLL.dll (Offline Network Agent/Microsoft Corporation) 0x76600000
Library C:\WINNT\System32\themeui.dll (Windows Theme API/Microsoft Corporation) 0x5BA60000
Library C:\WINNT\System32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76380000
Library C:\WINNT\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x76980000
Library C:\WINNT\system32\ntshrui.dll (Shell extensions for sharing/Microsoft Corporation) 0x76990000
Library C:\WINNT\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\WINNT\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) 0x3E1C0000
Library C:\WINNT\system32\MLANG.dll (Multi Language Support DLL/Microsoft Corporation) 0x75CF0000
Library C:\WINNT\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINNT\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72D20000
Library C:\WINNT\system32\msacm32.drv (Microsoft Sound Mapper/Microsoft Corporation) 0x72D10000
Library C:\WINNT\system32\midimap.dll (Microsoft MIDI Mapper/Microsoft Corporation) 0x77BD0000
Library C:\WINNT\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINNT\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINNT\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x021C0000
Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000
Library C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x78480000
Library C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78520000
Library C:\WINNT\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINNT\System32\drprov.dll (Microsoft Terminal Server Network Provider/Microsoft Corporation) 0x75F60000
Library C:\WINNT\System32\ntlanman.dll (Microsoft® Lan Manager/Microsoft Corporation) 0x71C10000
Library C:\WINNT\System32\NETUI0.dll (NT LM UI Common Code - GUI Classes/Microsoft Corporation) 0x71CD0000
Library C:\WINNT\System32\NETUI1.dll (NT LM UI Common Code - Networking classes/Microsoft Corporation) 0x71C90000
Library C:\WINNT\System32\NETRAP.dll (Net Remote Admin Protocol DLL/Microsoft Corporation) 0x71C80000
Library C:\WINNT\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINNT\System32\davclnt.dll (Web DAV Client DLL/Microsoft Corporation) 0x75F70000
Library C:\WINNT\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINNT\system32\browselc.dll (Shell Browser UI Library/Microsoft Corporation) 0x71600000
Library C:\WINNT\system32\PortableDeviceApi.dll (Windows Portable Device API Components/Microsoft Corporation) 0x10930000
Library C:\Program Files\Microsoft Office\OFFICE11\msohev.dll (Microsoft Office 2003 component/Microsoft Corporation) 0x325C0000
Library C:\WINNT\system32\MSGINA.dll (Windows NT Logon GINA DLL/Microsoft Corporation) 0x75970000
Library C:\WINNT\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x74320000
Library C:\WINNT\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINNT\system32\odbcint.dll (Microsoft Data Access - ODBC Resources/Microsoft Corporation) 0x013F0000
Library C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (ShellExecuteHook/SuperAdBlocker.com) 0x01700000

Process C:\WINNT\system32\NOTEPAD.EXE (Notepad/Microsoft Corporation) 412
Library C:\WINNT\system32\NOTEPAD.EXE (Notepad/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINNT\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINNT\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINNT\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINNT\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINNT\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINNT\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINNT\system32\ntshrui.dll (Shell extensions for sharing/Microsoft Corporation) 0x76990000
Library C:\WINNT\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\WINNT\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINNT\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x76980000
Library C:\WINNT\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library C:\WINNT\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINNT\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINNT\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINNT\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINNT\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINNT\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINNT\System32\drprov.dll (Microsoft Terminal Server Network Provider/Microsoft Corporation) 0x75F60000
Library C:\WINNT\System32\ntlanman.dll (Microsoft® Lan Manager/Microsoft Corporation) 0x71C10000
Library C:\WINNT\System32\NETUI0.dll (NT LM UI Common Code - GUI Classes/Microsoft Corporation) 0x71CD0000
Library C:\WINNT\System32\NETUI1.dll (NT LM UI Common Code - Networking classes/Microsoft Corporation) 0x71C90000
Library C:\WINNT\System32\NETRAP.dll (Net Remote Admin Protocol DLL/Microsoft Corporation) 0x71C80000
Library C:\WINNT\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINNT\System32\davclnt.dll (Web DAV Client DLL/Microsoft Corporation) 0x75F70000
Library C:\WINNT\system32\MSGINA.dll (Windows NT Logon GINA DLL/Microsoft Corporation) 0x75970000
Library C:\WINNT\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x74320000
Library C:\WINNT\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINNT\system32\odbcint.dll (Microsoft Data Access - ODBC Resources/Microsoft Corporation) 0x01020000

Process C:\WINNT\system32\NOTEPAD.EXE (Notepad/Microsoft Corporation) 440
Library C:\WINNT\system32\NOTEPAD.EXE (Notepad/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINNT\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINNT\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000

Process C:\WINNT\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation) 500
Library C:\WINNT\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation) 0x48580000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000

Process C:\WINNT\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 560
Library C:\WINNT\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x4A680000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x75B40000
Library C:\WINNT\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x75B50000
Library C:\WINNT\system32\winsrv.dll (Windows Server DLL/Microsoft Corporation) 0x75B60000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x7E720000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000

Process C:\WINNT\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 584
Library C:\WINNT\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINNT\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\NDdeApi.dll (Network DDE Share Management APIs/Microsoft Corporation) 0x75940000
Library C:\WINNT\system32\PROFMAP.dll (Userenv/Microsoft Corporation) 0x75930000
Library C:\WINNT\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINNT\system32\REGAPI.dll (Registry Configuration APIs/Microsoft Corporation) 0x76BC0000
Library C:\WINNT\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINNT\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINNT\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINNT\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINNT\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\system32\MSGINA.dll (Windows NT Logon GINA DLL/Microsoft Corporation) 0x75970000
Library C:\WINNT\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINNT\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x74320000
Library C:\WINNT\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\odbcint.dll (Microsoft Data Access - ODBC Resources/Microsoft Corporation) 0x00970000
Library C:\WINNT\system32\SHSVCS.dll (Windows Shell Services Dll/Microsoft Corporation) 0x776E0000
Library C:\WINNT\system32\sfc.dll (Windows File Protection/Microsoft Corporation) 0x76BB0000
Library C:\WINNT\system32\sfc_os.dll (Windows File Protection/Microsoft Corporation) 0x76C60000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINNT\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINNT\system32\WINSCARD.DLL (Microsoft Smart Card API/Microsoft Corporation) 0x723D0000
Library C:\WINNT\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library C:\WINNT\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINNT\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINNT\system32\cscdll.dll (Offline Network Agent/Microsoft Corporation) 0x76600000
Library C:\WINNT\System32\dimsntfy.dll (DIMS Notification Handler/Microsoft Corporation) 0x47020000
Library C:\WINNT\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll (Citrix Online GoToAssist Corporate/Citrix Online, a division of Citrix Systems, Inc.) 0x10000000
Library C:\WINNT\system32\WlNotify.dll (Common DLL to receive Winlogon notifications/Microsoft Corporation) 0x75950000
Library C:\WINNT\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINNT\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINNT\system32\WgaLogon.dll (Windows Genuine Advantage Notification/Microsoft Corporation) 0x01110000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINNT\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINNT\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINNT\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINNT\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINNT\system32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A20000
Library C:\WINNT\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINNT\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library C:\WINNT\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINNT\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72D20000
Library C:\WINNT\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x01360000
Library C:\WINNT\system32\msacm32.drv (Microsoft Sound Mapper/Microsoft Corporation) 0x72D10000
Library C:\WINNT\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINNT\system32\midimap.dll (Microsoft MIDI Mapper/Microsoft Corporation) 0x77BD0000

Process C:\WINNT\system32\services.exe (Services and Controller app/Microsoft Corporation) 628
Library C:\WINNT\system32\services.exe (Services and Controller app/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5F770000
Library C:\WINNT\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINNT\system32\SCESRV.dll (Windows Security Configuration Editor Engine/Microsoft Corporation) 0x7DBD0000
Library C:\WINNT\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\umpnpmgr.dll (User-mode Plug-and-Play Service/Microsoft Corporation) 0x7DBA0000
Library C:\WINNT\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINNT\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINNT\AppPatch\AcAdProc.dll (Windows Compatibility DLL/Microsoft Corporation) 0x47260000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\eventlog.dll (Event Logging Service/Microsoft Corporation) 0x77B70000
Library C:\WINNT\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINNT\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINNT\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINNT\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000

Process C:\WINNT\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 640
Library C:\WINNT\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation) 0x75730000
Library C:\WINNT\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINNT\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINNT\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINNT\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINNT\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINNT\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINNT\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINNT\system32\SAMSRV.dll (SAM Server DLL/Microsoft Corporation) 0x74440000
Library C:\WINNT\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINNT\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINNT\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINNT\system32\msprivs.dll (Microsoft Privilege Translations/Microsoft Corporation) 0x4D200000
Library C:\WINNT\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x71CF0000
Library C:\WINNT\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINNT\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINNT\system32\netlogon.dll (Net Logon Services DLL/Microsoft Corporation) 0x744B0000
Library C:\WINNT\system32\w32time.dll (Windows Time Service/Microsoft Corporation) 0x767C0000
Library C:\WINNT\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINNT\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767F0000
Library C:\WINNT\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINNT\system32\wdigest.dll (Microsoft Digest Access/Microsoft Corporation) 0x7DFC0000
Library C:\WINNT\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINNT\system32\setupapi.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINNT\system32\scecli.dll (Windows Security Configuration Editor Client Engine/Microsoft Corporation) 0x74410000
Library C:\WINNT\system32\pstorsvc.dll (Protected storage server/Microsoft Corporation) 0x743A0000
Library C:\WINNT\system32\psbase.dll (Protected Storage default provider/Microsoft Corporation) 0x743C0000
Library C:\WINNT\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINNT\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINNT\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINNT\system32\dssenh.dll (Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider/Microsoft Corporation) 0x68100000

Process C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 792
Library C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINNT\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINNT\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINNT\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINNT\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library c:\winnt\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x76A80000
Library c:\winnt\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\winnt\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINNT\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x006B0000

Process C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 880
Library C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\System32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINNT\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\System32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\System32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\System32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINNT\System32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINNT\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINNT\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library c:\winnt\system32\shsvcs.dll (Windows Shell Services Dll/Microsoft Corporation) 0x776E0000
Library C:\WINNT\System32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINNT\System32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library c:\winnt\system32\dhcpcsvc.dll (DHCP Client Service/Microsoft Corporation) 0x7D4B0000
Library c:\winnt\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library c:\winnt\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\winnt\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library c:\winnt\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library c:\winnt\system32\wzcsvc.dll (Wireless Zero Configuration Service/Microsoft Corporation) 0x7DB10000
Library c:\winnt\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E80000
Library c:\winnt\system32\WMI.dll (WMI DC and DP functionality/Microsoft Corporation) 0x76D30000
Library c:\winnt\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library c:\winnt\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library c:\winnt\system32\EapolQec.dll (Microsoft EAPOL NAP Enforcement Client/Microsoft Corporation) 0x72810000
Library c:\winnt\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library c:\winnt\system32\QUtil.dll (Quarantine Utilities/Microsoft Corporation) 0x726C0000
Library c:\winnt\system32\MSVCP60.dll (Microsoft ® C++ Runtime Library/Microsoft Corporation) 0x76080000
Library c:\winnt\system32\dot3api.dll (802.3 Autoconfiguration API/Microsoft Corporation) 0x478C0000
Library c:\winnt\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library c:\winnt\system32\ESENT.dll (Server Database Storage Engine/Microsoft Corporation) 0x606B0000
Library C:\WINNT\System32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000
Library C:\WINNT\System32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINNT\System32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINNT\System32\rastls.dll (Remote Access PPP EAP-TLS/Microsoft Corporation) 0x76B70000
Library C:\WINNT\System32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x754D0000
Library C:\WINNT\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINNT\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00FF0000
Library C:\WINNT\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x78130000
Library C:\WINNT\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library C:\WINNT\System32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINNT\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINNT\System32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x76D40000
Library C:\WINNT\System32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x77CC0000
Library C:\WINNT\System32\adsldpc.dll (ADs LDAP Provider C DLL/Microsoft Corporation) 0x76E10000
Library C:\WINNT\System32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINNT\System32\RASAPI32.dll (Remote Access API/Microsoft Corporation) 0x76EE0000
Library C:\WINNT\System32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E90000
Library C:\WINNT\System32\TAPI32.dll (Microsoft® Windows™ Telephony API Client DLL/Microsoft Corporation) 0x76EB0000
Library C:\WINNT\System32\SCHANNEL.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767F0000
Library C:\WINNT\System32\WinSCard.dll (Microsoft Smart Card API/Microsoft Corporation) 0x723D0000
Library C:\WINNT\System32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINNT\System32\raschap.dll (Remote Access PPP CHAP/Microsoft Corporation) 0x76BD0000
Library C:\WINNT\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINNT\System32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library c:\winnt\system32\schedsvc.dll (Task Scheduler Engine/Microsoft Corporation) 0x77300000
Library c:\winnt\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library c:\winnt\system32\audiosrv.dll (Windows Audio Service/Microsoft Corporation) 0x708B0000
Library c:\winnt\system32\wkssvc.dll (Workstation Service DLL/Microsoft Corporation) 0x76E40000
Library c:\winnt\system32\cryptsvc.dll (Cryptographic Services/Microsoft Corporation) 0x76CE0000
Library c:\winnt\system32\certcli.dll (Microsoft® Certificate Services Client/Microsoft Corporation) 0x77B90000
Library c:\winnt\system32\ersvc.dll (Windows Error Reporting Service/Microsoft Corporation) 0x74F80000
Library c:\winnt\system32\es.dll (Microsoft Corporation) 0x77710000
Library c:\winnt\pchealth\helpctr\binaries\pchsvc.dll (Microsoft PCHealth Service Holder/Microsoft Corporation) 0x74F40000
Library c:\winnt\system32\srvsvc.dll (Server Service DLL/Microsoft Corporation) 0x75090000
Library C:\WINNT\System32\HNETCFG.DLL (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINNT\System32\winspool.drv (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library c:\winnt\system32\seclogon.dll (Secondary Logon Service DLL/Microsoft Corporation) 0x73D20000
Library c:\winnt\system32\ipnathlp.dll (Microsoft NAT Helper Components/Microsoft Corporation) 0x66460000
Library c:\winnt\system32\MSWSOCK.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library c:\winnt\system32\netshell.dll (Network Connections Shell/Microsoft Corporation) 0x76400000
Library c:\winnt\system32\credui.dll (Credential Manager User Interface/Microsoft Corporation) 0x76C00000
Library c:\winnt\system32\dot3dlg.dll (802.3 UI Helper/Microsoft Corporation) 0x736D0000
Library c:\winnt\system32\OneX.DLL (IEEE 802.1X supplicant library/Microsoft Corporation) 0x5DCA0000
Library c:\winnt\system32\eappcfg.dll (Eap Peer Config/Microsoft Corporation) 0x745B0000
Library c:\winnt\system32\eappprxy.dll (Microsoft EAPHost Peer Client DLL/Microsoft Corporation) 0x5DCD0000
Library c:\winnt\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library c:\winnt\system32\srsvc.dll (System Restore Service/Microsoft Corporation) 0x751A0000
Library c:\winnt\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74AD0000
Library c:\winnt\system32\trkwks.dll (Distributed Link Tracking Client/Microsoft Corporation) 0x75070000
Library c:\winnt\system32\w32time.dll (Windows Time Service/Microsoft Corporation) 0x767C0000
Library c:\winnt\system32\wbem\wmisvc.dll (WMI/Microsoft Corporation) 0x59490000
Library C:\WINNT\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x753E0000
Library c:\winnt\system32\wuauserv.dll (Windows Update AutoUpdate Service/Microsoft Corporation) 0x50000000
Library C:\WINNT\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINNT\System32\Cabinet.dll (Microsoft® Cabinet File API/Microsoft Corporation) 0x75150000
Library c:\winnt\system32\browser.dll (Computer Browser Service DLL/Microsoft Corporation) 0x76DA0000
Library c:\winnt\system32\wscsvc.dll (Windows Security Center Service/Microsoft Corporation) 0x4C0A0000
Library c:\winnt\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINNT\System32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74EF0000
Library C:\WINNT\System32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINNT\system32\wuapi.dll (Windows Update Client API/Microsoft Corporation) 0x506A0000
Library C:\WINNT\System32\sfc.dll (Windows File Protection/Microsoft Corporation) 0x76BB0000
Library C:\WINNT\System32\sfc_os.dll (Windows File Protection/Microsoft Corporation) 0x76C60000
Library C:\WINNT\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINNT\System32\wbem\wbemcore.dll (WMI/Microsoft Corporation) 0x762C0000
Library C:\WINNT\System32\wbem\esscli.dll (WMI/Microsoft Corporation) 0x75310000
Library C:\WINNT\System32\wbem\FastProx.dll (WMI/Microsoft Corporation) 0x75690000
Library C:\WINNT\System32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x75020000
Library C:\WINNT\system32\wbem\repdrvfs.dll (WMI/Microsoft Corporation) 0x75200000
Library C:\WINNT\System32\wbem\wmiprvsd.dll (WMI/Microsoft Corporation) 0x3F1E0000
Library C:\WINNT\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5F770000
Library c:\winnt\system32\tapisrv.dll (Microsoft® Windows™ Telephony Server/Microsoft Corporation) 0x733E0000
Library c:\winnt\system32\rasmans.dll (Remote Access Connection Manager/Microsoft Corporation) 0x7DF30000
Library c:\winnt\system32\Sens.dll (System Event Notification Service (SENS)/Microsoft Corporation) 0x722D0000
Library c:\winnt\system32\WINIPSEC.DLL (Windows IPSec SPD Client DLL/Microsoft Corporation) 0x74370000
Library c:\winnt\system32\netcfgx.dll (Network Configuration Objects/Microsoft Corporation) 0x755F0000
Library c:\winnt\system32\CLUSAPI.dll (Cluster API Library/Microsoft Corporation) 0x76D10000
Library C:\WINNT\System32\rasppp.dll (Remote Access PPP/Microsoft Corporation) 0x72240000
Library C:\WINNT\System32\ntlsapi.dll (Microsoft® License Server Interface DLL/Microsoft Corporation) 0x724B0000
Library C:\WINNT\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x71CF0000
Library C:\WINNT\System32\RASQEC.DLL (RAS Quarantine Enforcement Client/Microsoft Corporation) 0x72AE0000

Process C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 924
Library C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINNT\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library c:\winnt\system32\wudfsvc.dll (Windows Driver Foundation - User-mode Driver Framework Service/Microsoft Corporation) 0x00670000
Library c:\winnt\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library c:\winnt\system32\WUDFPlatform.dll (Windows Driver Foundation - User-mode Platform Library/Microsoft Corporation) 0x00680000
Library C:\WINNT\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINNT\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINNT\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINNT\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000

Process C:\WINNT\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1192
Library C:\WINNT\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINNT\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINNT\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINNT\system32\SPOOLSS.DLL (Spooler SubSystem DLL/Microsoft Corporation) 0x742E0000
Library C:\WINNT\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINNT\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINNT\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINNT\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINNT\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000
Library C:\WINNT\system32\localspl.dll (Local Spooler DLL/Microsoft Corporation) 0x75BB0000
Library C:\WINNT\system32\sfc_os.dll (Windows File Protection/Microsoft Corporation) 0x76C60000
Library C:\WINNT\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINNT\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINNT\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINNT\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINNT\system32\winspool.drv (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINNT\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINNT\system32\cnbjmon.dll (Langage Monitor for Canon Bubble-Jet Printer/Microsoft Corporation) 0x742A0000
Library C:\WINNT\system32\E_FLBGCA.DLL (EPSON Bi-directional Monitor x86/SEIKO EPSON CORPORATION) 0x00990000
Library C:\WINNT\system32\mdimon.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00D00000
Library C:\WINNT\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINNT\system32\pjlmon.dll (PJL Language monitor/Microsoft Corporation) 0x74280000
Library C:\WINNT\system32\tcpmon.dll (Standard TCP/IP Port Monitor DLL/Microsoft Corporation) 0x72400000
Library C:\WINNT\system32\usbmon.dll (Standard Dynamic Printing Port Monitor DLL/Microsoft Corporation) 0x723F0000
Library C:\WINNT\System32\spool\PRTPROCS\W32X86\mdippr.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00D50000
Library C:\WINNT\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation) 0x3F420000
Library C:\WINNT\System32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINNT\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FB0000
Library C:\WINNT\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x64000000
Library C:\WINNT\system32\win32spl.dll (32-bit Spooler API DLL/Microsoft Corporation) 0x75C10000
Library C:\WINNT\system32\NETRAP.dll (Net Remote Admin Protocol DLL/Microsoft Corporation) 0x71C80000
Library C:\WINNT\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINNT\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINNT\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINNT\system32\inetpp.dll (Internet Print Provider DLL/Microsoft Corporation) 0x74300000
Library C:\WINNT\system32\winsta.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FUICGCA.DLL (E_DU3GAE/SEIKO EPSON CORP.) 0x68F00000
Library C:\WINNT\system32\mscms.dll (Microsoft Color Matching System DLL/Microsoft Corporation) 0x73B30000
Library C:\WINNT\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINNT\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000

Process C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Core Service/SUPERAntiSpyware.com) 1272
Library C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Core Service/SUPERAntiSpyware.com) 0x00400000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000

Process C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 1284
Library C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) 0x00400000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C420000
Library C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll (Apple Software Support Version Check Dynamic Link Library/Apple Inc.) 0x10000000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll (YSCrashDump.dll/Apple Inc.) 0x00610000
Library C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.) 0x00630000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINNT\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project) 0x00750000
Library C:\WINNT\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll (Objective-C Runtime Library/Apple Inc.) 0x00760000
Library C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll (Dispatch Runtime Library/Apple Inc.) 0x00790000
Library C:\WINNT\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll (ICU I18N DLL/The ICU Project) 0x007B0000
Library C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll (ICU Common DLL/The ICU Project) 0x00900000
Library C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll (ICU Data DLL/The ICU Project) 0x4AD00000
Library C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll (ASL.dll/Apple Inc.) 0x00A00000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll (Apple Mobile Device Service/Apple Inc.) 0x00A90000
Library C:\WINNT\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINNT\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library C:\WINNT\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINNT\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINNT\system32\dnssd.dll (Bonjour Client Library/Apple Inc.) 0x16000000
Library C:\WINNT\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINNT\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINNT\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINNT\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINNT\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x01160000
Library C:\WINNT\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x3D930000
Library C:\WINNT\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x01210000
Library C:\WINNT\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x01360000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x3DFD0000
Library C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 0x5A4C0000
Library C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll (CFNetwork/Apple, Inc.) 0x014A0000
Library C:\WINNT\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINNT\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll (SQLite3 Dynamic Link Library/Apple Inc.) 0x01700000
Library C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 0x01770000
Library C:\WINNT\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINNT\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINNT\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINNT\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library C:\WINNT\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x68000000

Process C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 1300
Library C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) 0x00400000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINNT\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINNT\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74AD0000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINNT\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINNT\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINNT\system32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x76D40000
Library C:\WINNT\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x77CC0000
Library C:\WINNT\system32\adsldpc.dll (ADs LDAP Provider C DLL/Microsoft Corporation) 0x76E10000
Library C:\WINNT\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINNT\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\WINNT\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E80000
Library C:\WINNT\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINNT\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000

Process C:\WINNT\system32\CTSvcCDA.EXE (Creative Service for CDROM Access/Creative Technology Ltd) 1352
Library C:\WINNT\system32\CTSvcCDA.EXE (Creative Service for CDROM Access/Creative Technology Ltd) 0x00400000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000

Process C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (EPSON Status Monitor 3/SEIKO EPSON CORPORATION) 1368
Library C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (EPSON Status Monitor 3/SEIKO EPSON CORPORATION) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\RPCNS4.dll (Remote Procedure Call Name Service Client/Microsoft Corporation) 0x5D920000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000

Process C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (EPSON Status Monitor 3/SEIKO EPSON CORPORATION) 1388
Library C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (EPSON Status Monitor 3/SEIKO EPSON CORPORATION) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\RPCNS4.dll (Remote Procedure Call Name Service Client/Microsoft Corporation) 0x5D920000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000

Process C:\WINNT\system32\imapi.exe (Image Mastering API/Microsoft Corporation) 1416
Library C:\WINNT\system32\imapi.exe (Image Mastering API/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINNT\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINNT\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINNT\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINNT\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINNT\system32\COMRes.dll (Microsoft Corporation) 0x77050000

Process C:\Program Files\Java\jre7\bin\jqs.exe (Java™ Quick Starter Service/Oracle Corporation) 1444
Library C:\Program Files\Java\jre7\bin\jqs.exe (Java™ Quick Starter Service/Oracle Corporation) 0x00400000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\Program Files\Java\jre7\bin\MSVCR100.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78AA0000
Library C:\WINNT\system32\user32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\system32\psapi.dll (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINNT\system32\pdh.dll (Windows Performance Data Helper DLL/Microsoft Corporation) 0x74000000
Library C:\WINNT\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINNT\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINNT\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINNT\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x74320000
Library C:\WINNT\system32\odbcbcp.dll (Microsoft BCP for ODBC/Microsoft Corporation) 0x711A0000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\odbcint.dll (Microsoft Data Access - ODBC Resources/Microsoft Corporation) 0x007F0000
Library C:\WINNT\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINNT\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINNT\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINNT\system32\perfos.dll (Windows System Performance Objects DLL/Microsoft Corporation) 0x5E760000
Library C:\WINNT\system32\perfdisk.dll (Windows Disk Performance Objects DLL/Microsoft Corporation) 0x5E790000

Process C:\Program Files\Microsoft LifeCam\MSCamS32.exe (MsCamSvc.exe/Microsoft Corporation) 1564
Library C:\Program Files\Microsoft LifeCam\MSCamS32.exe (MsCamSvc.exe/Microsoft Corporation) 0x00400000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x78480000
Library C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78520000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library C:\WINNT\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINNT\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINNT\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\Program Files\Microsoft LifeCam\CAL2.dll (CAL2/Microsoft Corporation) 0x10000000
Library C:\WINNT\system32\HID.DLL (Hid User Library/Microsoft Corporation) 0x688F0000
Library C:\WINNT\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINNT\System32\devenum.dll 0x75F40000
Library C:\WINNT\System32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINNT\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINNT\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINNT\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINNT\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINNT\system32\msdmo.dll 0x736B0000
Library C:\WINNT\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72D20000
Library C:\WINNT\system32\msacm32.drv (Microsoft Sound Mapper/Microsoft Corporation) 0x72D10000
Library C:\WINNT\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINNT\system32\midimap.dll (Microsoft MIDI Mapper/Microsoft Corporation) 0x77BD0000
Library C:\WINNT\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\msxml6.dll (MSXML 6.0 SP2/Microsoft Corporation) 0x3D5F0000
Library C:\WINNT\system32\LcProxy.ax (Microsoft® LifeCam Proxy Filter/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ksuser.dll (User CSA Library/Microsoft Corporation) 0x73EE0000
Library C:\WINNT\system32\ksproxy.ax (WDM Streaming ActiveMovie Proxy/Microsoft Corporation) 0x5E030000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\pdh.dll (Windows Performance Data Helper DLL/Microsoft Corporation) 0x74000000
Library C:\WINNT\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINNT\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x74320000
Library C:\WINNT\system32\odbcbcp.dll (Microsoft BCP for ODBC/Microsoft Corporation) 0x711A0000
Library C:\WINNT\system32\odbcint.dll (Microsoft Data Access - ODBC Resources/Microsoft Corporation) 0x01100000
Library C:\WINNT\system32\vidcap.ax (Video Capture Interface Server/Microsoft Corporation) 0x754C0000
Library C:\WINNT\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\WINNT\system32\kswdmcap.ax (WDM Streaming Video Capture/Microsoft Corporation) 0x58010000
Library C:\WINNT\system32\MFC42.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x73DD0000
Library C:\WINNT\System32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74EF0000
Library C:\WINNT\System32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINNT\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINNT\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINNT\system32\perfos.dll (Windows System Performance Objects DLL/Microsoft Corporation) 0x5E760000
Library C:\WINNT\system32\perfproc.dll (Windows System Process Performance Objects DLL/Microsoft Corporation) 0x5E750000

Process C:\WINNT\System32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 53.03/NVIDIA Corporation) 1592
Library C:\WINNT\System32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 53.03/NVIDIA Corporation) 0x00400000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\System32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74AD0000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\System32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library C:\WINNT\System32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINNT\System32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINNT\System32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library C:\WINNT\System32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINNT\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINNT\System32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000

Process C:\Program Files\Seagate\Sync\SeaSyncServices.exe (Sync Windows Services/Seagate Technology LLC) 1644
Library C:\Program Files\Seagate\Sync\SeaSyncServices.exe (Sync Windows Services/Seagate Technology LLC) 0x00400000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\Program Files\Seagate\Sync\SEADRVIFNT.dll (DRVIFXX DLL/Seagate Technology LLC) 0x20000000
Library C:\WINNT\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80U.DLL (MFCDLL Shared Library - Retail Version/Microsoft Corporation) 0x782E0000
Library C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x78130000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL (MFC Language Specific Resources/Microsoft Corporation) 0x5D360000

Process C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1788
Library C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\System32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINNT\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\System32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINNT\System32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINNT\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINNT\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\System32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library c:\winnt\system32\wiaservc.dll (Still Image Devices Service/Microsoft Corporation) 0x75AA0000
Library c:\winnt\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74AE0000
Library c:\winnt\system32\setupapi.DLL (Windows Setup API/Microsoft Corporation) 0x77920000
Library c:\winnt\system32\mscms.dll (Microsoft Color Matching System DLL/Microsoft Corporation) 0x73B30000
Library c:\winnt\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library c:\winnt\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library c:\winnt\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000

Process G:\BC\tct5tmm0.exe 1824
Library G:\BC\tct5tmm0.exe 0x00400000
Library C:\WINNT\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINNT\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINNT\system32\COMCTL32.DLL (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINNT\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINNT\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINNT\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINNT\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINNT\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINNT\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINNT\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINNT\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINNT\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINNT\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINNT\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINNT\system32\VERSION.DLL (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000

---- Services - GMER 1.0.15 ----

Service C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Core Service/SUPERAntiSpyware.com) [AUTO] !SASCORE
Service .NET CLR Data
Service .NET CLR Networking
Service .NET CLR Networking 4.0.0.0
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINNT\system32\drivers\ac97intc.sys (Intel® Integrated Controller Hub Audio Driver/Intel Corporation) [MANUAL] ac97intc
Service C:\WINNT\System32\DRIVERS\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service (ACPI Embedded Controller Driver/Microsoft Corporation) [DISABLED] ACPIEC
Service C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 11.4 r402/Adobe Systems Incorporated) [MANUAL] AdobeFlashPlayerUpdateSvc
Service C:\WINNT\System32\DRIVERS\adpu160m.sys (Adaptec Ultra160 SCSI miniport/Microsoft Corporation) [BOOT] adpu160m
Service C:\WINNT\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINNT\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service C:\WINNT\System32\DRIVERS\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [BOOT] agp440
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter
Service C:\WINNT\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service [DISABLED] AliIde
Service [DISABLED] amsint
Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service C:\WINNT\System32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) [MANUAL] Arp1394
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASP.NET
Service ASP.NET_1.1.4322
Service ASP.NET_2.0.50727
Service (ASPI for WIN32 Kernel Driver/Adaptec) [AUTO] Aspi32
Service C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state
Service C:\WINNT\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\WINNT\System32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINNT\System32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\WINNT\System32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service BattC
Service C:\DOCUME~1\C539393\LOCALS~1\Temp\BDLLWQSJAK.exe [DISABLED] BDLLWQSJAK
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service C:\WINNT\system32\DRIVERS\motfilt.sys (Motorola Unsafe Removal Filter Driver/Motorola Inc) [MANUAL] BTCFilterService
Service C:\WINNT\system32\drivers\BVRPMPR5.SYS (BVRP NDIS 5.0 MPR Protocol Driver/Avanquest Software) [MANUAL] BVRPMPR5
Service C:\DOCUME~1\C539393\LOCALS~1\Temp\catchme.sys [MANUAL] catchme
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service C:\WINNT\System32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE
Service [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service (CDR4VSD CDR Helper/Adaptec) [BOOT] Cdr4vsd
Service (CDR4 CD and DVD Place Holder Driver (see PxHelp)/Sonic Solutions) [SYSTEM] Cdr4_xp
Service (CDRAL Place Holder Driver (see PxHelp)/Sonic Solutions) [SYSTEM] Cdralw2k
Service C:\WINNT\System32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service (CD-UDF NT Filesystem Driver/Roxio) [SYSTEM] cdudf_xp
Service C:\WINNT\system32\drivers\cfwids.sys (McAfee Personal Firewall IDS Plugin/McAfee, Inc.) [MANUAL] cfwids
Service [SYSTEM] Changer
Service C:\WINNT\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc
Service C:\WINNT\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [MANUAL] ClipSrv
Service C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_32
Service [DISABLED] CmdIde
Service C:\WINNT\system32\COMMONFX.DLL (Creative Common FX Plug-in/Creative Technology Ltd) [MANUAL] COMMONFX.DLL
Service C:\WINNT\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINNT\system32\CTSvcCDA.EXE (Creative Service for CDROM Access/Creative Technology Ltd) [AUTO] Creative Service for CDROM Access
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service C:\WINNT\system32\CT20XUT.DLL (Creative 20X Utility Effects/Creative Technology Ltd.) [MANUAL] CT20XUT.DLL
Service C:\WINNT\System32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctac32k
Service C:\WINNT\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd) [MANUAL] ctaud2k
Service C:\WINNT\system32\CTAUDFX.DLL (Creative SB FX Plug-in/Creative Technology Ltd) [MANUAL] CTAUDFX.DLL
Service C:\WINNT\System32\drivers\ctdvda2k.sys (Creative DVD-Audio Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctdvda2k
Service C:\WINNT\system32\CTEAPSFX.DLL (APS FX Plug-in/Creative Technology Ltd) [MANUAL] CTEAPSFX.DLL
Service C:\WINNT\system32\CTEDSPFX.DLL (E-MU E-DSP Effects Plugin Module/Creative Technology Ltd) [MANUAL] CTEDSPFX.DLL
Service C:\WINNT\system32\CTEDSPIO.DLL (E-MU E-DSP I/O Plugin/Creative Technology Ltd) [MANUAL] CTEDSPIO.DLL
Service C:\WINNT\system32\CTEDSPSY.DLL (E-MU E-DSP DSP System Plugin/Creative Technology Ltd) [MANUAL] CTEDSPSY.DLL
Service C:\WINNT\system32\CTERFXFX.DLL (E-MU E-DSP Effects Plugin Module/Creative Technology Ltd) [MANUAL] CTERFXFX.DLL
Service C:\WINNT\system32\CTEXFIFX.DLL (Creative XFi Effects/Creative Technology Ltd.) [MANUAL] CTEXFIFX.DLL
Service C:\WINNT\system32\CTHWIUT.DLL (Creative Utility Effects/Creative Technology Ltd.) [MANUAL] CTHWIUT.DLL
Service C:\WINNT\System32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctprxy2k
Service C:\WINNT\system32\CTSBLFX.DLL (Creative SB FX Plug-in/Creative Technology Ltd) [MANUAL] CTSBLFX.DLL
Service C:\WINNT\System32\drivers\ctsfm2k.sys (SoundFont® Manager (WDM)/Creative Technology Ltd) [MANUAL] ctsfm2k
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\DOCUME~1\C539393\LOCALS~1\Temp\DAWVZCOZG.exe [DISABLED] DAWVZCOZG
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\WINNT\System32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\WINNT\System32\dmadmin.exe (Logical Disk Manager service process/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:\WINNT\System32\drivers\dmboot.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service C:\WINNT\System32\drivers\dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) [DISABLED] dmio
Service C:\WINNT\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [DISABLED] dmload
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] dmserver
Service C:\WINNT\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc
Service [DISABLED] dpti2o
Service C:\WINNT\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service (DVDVR Filesystem Reader Driver/Windows ® 2000 DDK provider) [SYSTEM] DVDVRRdr_xp
Service (DVD-RAM AddOn Driver/Roxio) [MANUAL] dvd_2K
Service C:\WINNT\System32\DRIVERS\e100b325.sys (Intel® PRO/100 Adapter NDIS 5.1 driver/Intel Corporation) [MANUAL] E100B
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\WINNT\System32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd) [MANUAL] emupia
Service C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (EPSON Status Monitor 3/SEIKO EPSON CORPORATION) [AUTO] EPSON_EB_RPCV4_04
Service C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (EPSON Status Monitor 3/SEIKO EPSON CORPORATION) [AUTO] EPSON_PM_RPCV4_04
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:\WINNT\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] Eventlog
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service C:\WINNT\System32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc
Service (FIPS Crypto Driver/Microsoft Corporation) [SYSTEM] Fips
Service C:\WINNT\System32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk
Service C:\WINNT\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\WINNT\System32\DRIVERS\ftdisk.sys (FT Disk Driver/Microsoft Corporation) [BOOT] Ftdisk
Service C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\DOCUME~1\C539393\LOCALS~1\Temp\GNIWKC.exe [DISABLED] GNIWKC
Service C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online GoToAssist Corporate/Citrix Online, a division of Citrix Systems, Inc.) [MANUAL] GoToAssist
Service C:\WINNT\System32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service C:\WINNT\System32\drivers\ha10kx2k.sys (Creative EMU10KX HAL (WDM)/Creative Technology Ltd) [MANUAL] ha10kx2k
Service C:\WINNT\System32\drivers\hap16v2k.sys (Creative EMU10KX-P16v HAL (WDM)/Creative Technology Ltd) [MANUAL] hap16v2k
Service C:\WINNT\system32\drivers\hap17v2k.sys (Creative EMU10KX-P17v HAL (WDM)/Creative Technology Ltd) [MANUAL] hap17v2k
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ
Service C:\WINNT\System32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc
Service [DISABLED] hpn
Service C:\WINNT\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINNT\System32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\WINNT\System32\DRIVERS\iaStor.sys (Intel Application Accelerator driver/Intel Corporation) [BOOT] iaStor
Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service C:\WINNT\System32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:\WINNT\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [AUTO] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service C:\WINNT\System32\DRIVERS\IntelC51.sys (Modem DSP Driver/Intel Corporation) [MANUAL] IntelC51
Service C:\WINNT\System32\DRIVERS\IntelC52.sys (Modem CP Driver/Intel Corporation) [MANUAL] IntelC52
Service C:\WINNT\System32\DRIVERS\IntelC53.sys (Modem AFE Driver/Intel Corporation) [MANUAL] IntelC53
Service C:\WINNT\System32\DRIVERS\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [BOOT] IntelIde
Service C:\WINNT\System32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] intelppm
Service C:\WINNT\system32\drivers\ip6fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw
Service C:\WINNT\System32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\WINNT\System32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:\WINNT\System32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:\WINNT\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service C:\WINNT\System32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINNT\System32\DRIVERS\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp
Service C:\Program Files\Java\jre7\bin\jqs.exe (Java™ Quick Starter Service/Oracle Corporation) [AUTO] JavaQuickStarterService
Service C:\WINNT\System32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:\WINNT\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:\Documents and Settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_InstantChat_srv.exe [AUTO] LMIRescue_67d6deaa-f9b9-4899-8257-8a760547511d
Service C:\Documents and Settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_InstantChat_srv.exe [AUTO] LMIRescue_9f7b1284-de02-4884-812c-c5dc60a95457
Service C:\WINNT\system32\drivers\mbamswissarmy.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMSwissArmy
Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee Service Host/McAfee, Inc.) [AUTO] McMPFSvc
Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee Service Host/McAfee, Inc.) [AUTO] mcmscsvc
Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee Service Host/McAfee, Inc.) [AUTO] McNaiAnn
Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee Service Host/McAfee, Inc.) [AUTO] McNASvc
Service C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee VirusScan On-Demand Scan/McAfee, Inc.) [MANUAL] McODS
Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee Service Host/McAfee, Inc.) [AUTO] McProxy
Service C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee On-Access Scanner service/McAfee, Inc.) [AUTO] McShield
Service [AUTO] MCSTRM
Service C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Machine Debug Manager/Microsoft Corporation) [AUTO] MDM
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger
Service C:\WINNT\system32\drivers\mfeapfk.sys (Access Protection Filter Driver/McAfee, Inc.) [MANUAL] mfeapfk
Service C:\WINNT\system32\drivers\mfeavfk.sys (Anti-Virus File System Filter Driver/McAfee, Inc.) [MANUAL] mfeavfk
Service C:\WINNT\system32\drivers\mfebopk.sys (Buffer Overflow Protection Driver/McAfee, Inc.) [MANUAL] mfebopk
Service C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee Core Firewall Service/McAfee, Inc.) [AUTO] mfefire
Service C:\WINNT\system32\drivers\mfefirek.sys (McAfee Core Firewall Engine Driver/McAfee, Inc.) [MANUAL] mfefirek
Service C:\WINNT\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) [BOOT] mfehidk
Service C:\WINNT\system32\DRIVERS\mfendisk.sys (McAfee NDIS Intermediate Driver/McAfee, Inc.) [MANUAL] mfendisk
Service C:\WINNT\system32\drivers\mferkdet.sys (McAfee Code Analysis Driver/McAfee, Inc.) [MANUAL] mferkdet
Service C:\WINNT\system32\drivers\mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) [SYSTEM] mfetdi2k
Service C:\WINNT\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) [AUTO] mfevtp
Service (CD-R/RW AddOn MMC Driver (W2K)/Roxio) [MANUAL] mmc_2K
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:\WINNT\System32\mnmsrvc.exe (NetMeeting Remote Desktop Sharing/Microsoft Corporation) [DISABLED] mnmsrvc
Service system32\DRIVERS\MOBK.sys [SYSTEM] MOBKFilter
Service (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\WINNT\System32\DRIVERS\mohfilt.sys (Filter Driver to Support Modem-on-Hold/Intel Corporation) [MANUAL] mohfilt
Service C:\WINNT\system32\DRIVERS\motccgp.sys (Motorola USB Composite Device Driver/Motorola) [MANUAL] motccgp
Service C:\WINNT\system32\DRIVERS\motccgpfl.sys (Motorola USB Composite Filter Driver/Motorola) [MANUAL] motccgpfl
Service C:\WINNT\system32\DRIVERS\motmodem.sys (Motorola USB Modem and Ports Driver/Motorola) [MANUAL] motmodem
Service C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [DISABLED] MotoHelper
Service C:\WINNT\system32\DRIVERS\motswch.sys (Motorola) [MANUAL] MotoSwitchService
Service C:\WINNT\system32\DRIVERS\Motousbnet.sys (Motorola USB Networking Driver/Motorola) [MANUAL] Motousbnet
Service C:\WINNT\system32\DRIVERS\motusbdevice.sys (Motorola USB Device Driver/Motorola Inc) [MANUAL] motusbdevice
Service C:\WINNT\System32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] Mouclass
Service C:\WINNT\System32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) [MANUAL] MozillaMaintenance
Service [DISABLED] mraid35x
Service C:\WINNT\System32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\WINNT\System32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service C:\Program Files\Microsoft LifeCam\MSCamS32.exe (MsCamSvc.exe/Microsoft Corporation) [AUTO] MSCamSvc
Service C:\WINNT\System32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\WINNT\System32\Drivers\nx6000.sys (Microsoft® LifeCam NX-6000 driver/Microsoft Corporation) [MANUAL] MSHUSBVideo
Service C:\WINNT\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee Service Host/McAfee, Inc.) [AUTO] MSK80Service
Service C:\WINNT\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\WINNT\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\WINNT\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service MSSCNTRS
Service C:\WINNT\System32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\WINNT\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\WINNT\system32\DRIVERS\mv2.sys (UltraVnc miniport driver2/UVNC BVBA) [MANUAL] mv2
Service (MusicMatch Access Layer KMD/MusicMatch, Inc.) [MANUAL] MxlW2k
Service C:\WINNT\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\WINNT\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP
Service C:\WINNT\System32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\WINNT\System32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\WINNT\System32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\WINNT\System32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\WINNT\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\WINNT\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDE
Service C:\WINNT\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:\WINNT\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service C:\WINNT\System32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) [MANUAL] NIC1394
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service C:\WINNT\System32\DRIVERS\NMnt.sys (Netmon NT Driver/Microsoft Corporation) [MANUAL] nm
Service C:\WINNT\system32\drivers\npf.sys (npf.sys (NT5/6 x86) Kernel Driver/CACE Technologies) [MANUAL] NPF
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service C:\WINNT\System32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\WINNT\System32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 53.03 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINNT\System32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 53.03/NVIDIA Corporation) [AUTO] NVSvc
Service C:\WINNT\System32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:\WINNT\System32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:\WINNT\System32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [BOOT] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service C:\WINNT\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.) [MANUAL] ossrv
Service Outlook
Service C:\WINNT\System32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM Parallel Driver/Microsoft Corporation) [AUTO] ParVdm
Service C:\WINNT\System32\DRIVERS\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINNT\System32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] PCIIde
Service (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINNT\system32\drivers\PfModNT.sys (PCI/ISA Device Info. Service/Creative Technology Ltd.) [AUTO] PfDetNT
Service C:\WINNT\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] PlugPlay
Service C:\WINNT\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:\WINNT\System32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\WINNT\System32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] Processor
Service C:\WINNT\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:\WINNT\System32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched
Service C:\WINNT\System32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service (Win2000 Framework for Packet Write Driver/Roxio) [SYSTEM] pwd_2k
Service C:\WINNT\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINNT\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\WINNT\System32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\WINNT\System32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\WINNT\System32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:\WINNT\System32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:\WINNT\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:\WINNT\system32\sessmgr.exe (Microsoft® Remote Desktop Help Session Manager/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:\WINNT\System32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) [SYSTEM] redbook
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RemoteAccess
Service C:\DOCUME~1\C539393\LOCALS~1\Temp\RFWSXP.exe [DISABLED] RFWSXP
Service C:\Program Files\WinPcap\rpcapd.exe (Remote Packet Capture Daemon/CACE Technologies) [MANUAL] rpcapd
Service C:\WINNT\System32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\WINNT\System32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:\WINNT\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASDIFSV
Service C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASKUTIL
Service C:\WINNT\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [DISABLED] SCardSvr
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service C:\WINNT\system32\drivers\scsiport.sys (SCSI Port Driver/Microsoft Corporation) ScsiPort
Service C:\Program Files\Seagate\Sync\SeaSyncServices.exe (Sync Windows Services/Seagate Technology LLC) [AUTO] Seagate Sync Service
Service C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft SeaPort Search Enhancement Broker/Microsoft Corporation) [AUTO] SeaPort
Service C:\WINNT\System32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service C:\WINNT\System32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum
Service C:\WINNT\System32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) [SYSTEM] Serial
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelEndpoint 4.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelOperation 4.0.0.0
Service ServiceModelService 3.0.0.0
Service ServiceModelService 4.0.0.0
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service C:\WINNT\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP
Service SMSvcHost 3.0.0.0
Service SMSvcHost 4.0.0.0
Service [DISABLED] Sparrow
Service C:\WINNT\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:\WINNT\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\WINNT\system32\DRIVERS\sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) [BOOT] sr
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:\WINNT\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc
Service C:\WINNT\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINNT\System32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\WINNT\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:\WINNT\System32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service swwd
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINNT\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:\WINNT\system32\smlogsvc.exe (Performance Logs and Alerts Service/Microsoft Corporation) [MANUAL] SysmonLog
Service C:\WINNT\system32\DRIVERS\T1PExGrp.sys (Trigger USB Graphics Chipset Family (1P-E) Driver/Magic Control Technology Corp.) [MANUAL] T1PExGrp
Service C:\WINNT\system32\drivers\T1PMrGrp.sys (Trigger USB Graphics Chipset Family (1P-M) Driver/Magic Control Technology Corp.) [MANUAL] T1PMrGrp
Service C:\WINNT\system32\drivers\t1pusb.sys (USB Graphics Device (1P) Driver/Magic Control Technology Corp.) [MANUAL] t1pusb
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\WINNT\System32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer Remote Control Application/TeamViewer GmbH) [DISABLED] TeamViewer6
Service C:\WINNT\System32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service [MANUAL] TlntSvr
Service [DISABLED] TosIde
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service C:\WINNT\system32\U2VSvr.exe [DISABLED] U2VSvr
Service (CD-UDF NT Filesystem Reader Driver/Roxio) [SYSTEM] UDFReadr
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service C:\WINNT\System32\DRIVERS\ultra.sys (Promise Ultra66 Miniport Driver/Promise Technology, Inc.) [BOOT] ultra
Service C:\WINNT\System32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service C:\WINNT\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service C:\WINNT\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service C:\WINNT\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio
Service C:\WINNT\System32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\WINNT\System32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\WINNT\System32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\WINNT\System32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\WINNT\System32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:\WINNT\System32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\WINNT\System32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:\WINNT\System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation) [MANUAL] usbvideo
Service C:\WINNT\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service C:\WINNT\System32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde
Service (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] VolSnap
Service C:\WINNT\System32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\WINNT\System32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service System32\DRIVERS\wanatw4.sys [MANUAL] wanatw
Service C:\WINNT\system32\DRIVERS\wdcsam.sys (WD SCSI Architecture Model (SAM) driver/Western Digital Technologies) [MANUAL] WDC_SAM
Service C:\WINNT\System32\Drivers\wdf01000.sys (WDF Dynamic/Microsoft Corporation) [MANUAL] Wdf01000
Service [MANUAL] WDICA
Service C:\WINNT\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient
Service Windows Workflow Foundation 3.0.0.0
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINNT\system32\MsPMSPSv.exe [AUTO] WMDM PMSP Service
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service Wmi
Service WmiApRpl
Service C:\WINNT\System32\wbem\wmiapsrv.exe (WMI Performance Adapter Service/Microsoft Corporation) [MANUAL] WmiApSrv
Service C:\Program Files\Windows Media Player\WMPNetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc
Service C:\WINNT\System32\Drivers\wpdusb.sys (WPD USB Driver/Microsoft Corporation) [MANUAL] WpdUsb
Service C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (wpffontcache_v0400.exe/Microsoft Corporation) [MANUAL] WPFFontCache_v0400
Service C:\WINNT\System32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\WINNT\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\WINNT\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [BOOT] WudfPf
Service C:\WINNT\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd
Service C:\WINNT\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WudfSvc
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service C:\WINNT\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service {0512491D-74BA-4A9F-B230-0158E17C2042}
Service {07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}
Service {1EE49576-E209-470D-B2E6-54C2418F74F4}
Service {CD7F3834-EDE2-4C21-A5A6-0B41595B810A}
Service {EEED4A62-7FD6-4962-8C07-AA1D621F226B}

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\FirefoxHTML@ Firefox Document
Reg HKLM\SOFTWARE\Classes\FirefoxHTML@FriendlyTypeName Firefox Document
Reg HKLM\SOFTWARE\Classes\FirefoxHTML@EditFlags 2
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\DefaultIcon
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\DefaultIcon@ C:\Program Files\Mozilla Firefox\firefox.exe,1
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\command
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\command@ "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1"
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\ddeexec@
Reg HKLM\SOFTWARE\Classes\FirefoxURL@ Firefox URL
Reg HKLM\SOFTWARE\Classes\FirefoxURL@FriendlyTypeName Firefox URL
Reg HKLM\SOFTWARE\Classes\FirefoxURL@URL Protocol
Reg HKLM\SOFTWARE\Classes\FirefoxURL@EditFlags 2
Reg HKLM\SOFTWARE\Classes\FirefoxURL\DefaultIcon
Reg HKLM\SOFTWARE\Classes\FirefoxURL\DefaultIcon@ C:\Program Files\Mozilla Firefox\firefox.exe,1
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\command
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\command@ "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1"
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexec
Reg HKLM\SOFTWARE\Classes\FirefoxURL\shell\open\ddeexec@

---- EOF - GMER 1.0.15 ----

#9 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 14 October 2012 - 10:28 PM

Sorry for not responding earlier, it was midnight on my side.

I need to see ComboFix log, please find it at C:\ComboFix.txt and post the contents in your next reply.

Next, please do the followings

Hello,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
ComboFix log
aswMBR log
MBR.dat (attachment)
TDSS Killer log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#10 mavericktwo

mavericktwo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 15 October 2012 - 12:01 AM

ComboFix 12-10-14.03 - C539393 10/14/2012 23:19:02.3.2 - x86 DSREPAIR
Running from: g:\bc\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-09 04:34 . 2012-10-09 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-10-09 04:34 . 2012-10-09 04:34 -------- d-----w- c:\program files\Security Task Manager
2012-10-09 02:05 . 2012-10-09 02:05 -------- d-----w- c:\program files\Tweaking.com
2012-10-07 04:36 . 2012-10-07 04:36 -------- dc----w- C:\rei
2012-10-07 04:36 . 2012-10-07 04:36 -------- d-----w- c:\program files\Reimage
2012-10-07 04:26 . 2012-10-07 04:26 -------- d-----w- c:\documents and settings\C539393\Application Data\SpeedyPC Software
2012-10-07 04:26 . 2012-10-10 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-10-07 04:26 . 2012-10-07 04:26 -------- d-----w- c:\program files\SpeedyPC Software
2012-10-06 23:35 . 2012-10-06 23:35 -------- d-s---w- c:\documents and settings\LocalService
2012-10-06 23:35 . 2012-10-09 04:25 -------- d-s---w- c:\documents and settings\NetworkService
2012-10-06 19:38 . 2006-06-19 18:01 69632 ----a-w- c:\winnt\system32\ztvcabinet.dll
2012-10-06 19:38 . 2006-05-25 20:52 162304 ----a-w- c:\winnt\system32\ztvunrar36.dll
2012-10-06 19:38 . 2005-08-26 06:50 77312 ----a-w- c:\winnt\system32\ztvunace26.dll
2012-10-06 19:38 . 2002-03-06 06:00 75264 ----a-w- c:\winnt\system32\unacev2.dll
2012-10-06 19:38 . 2003-02-03 01:06 153088 ----a-w- c:\winnt\system32\UNRAR3.dll
2012-10-06 19:38 . 2012-10-06 19:38 -------- d-----w- c:\program files\Trojan Remover
2012-10-06 19:38 . 2012-10-06 19:38 -------- d-----w- c:\documents and settings\C539393\Application Data\Simply Super Software
2012-10-06 19:38 . 2012-10-06 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2012-10-05 03:48 . 2012-10-07 13:27 40776 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2012-10-04 23:23 . 2012-10-04 23:23 -------- d-----w- c:\program files\Uniblue
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\documents and settings\C539393\Application Data\DriverCure
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\documents and settings\C539393\Application Data\PC Utility Kit
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\program files\PC Utility Kit
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\program files\Common Files\PC Utility Kit
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Utility Kit
2012-10-04 02:50 . 2012-10-04 02:50 -------- d-----w- c:\program files\Citrix
2012-10-01 00:37 . 2012-10-01 00:37 -------- d-----w- c:\program files\New Folder
2012-10-01 00:36 . 2012-10-14 17:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-30 23:57 . 2012-09-30 23:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer
2012-09-30 20:49 . 2012-09-30 20:49 -------- d-----w- c:\documents and settings\C539393\Local Settings\Application Data\Sun
2012-09-30 06:19 . 2012-09-30 06:18 821736 ----a-w- c:\winnt\system32\npDeployJava1.dll
2012-09-30 05:51 . 2012-02-22 18:29 9608 ----a-w- c:\winnt\system32\drivers\mfeclnk.sys
2012-09-30 05:51 . 2012-02-22 18:29 87656 ----a-w- c:\winnt\system32\drivers\mferkdet.sys
2012-09-30 05:51 . 2012-02-22 18:29 83856 ----a-w- c:\winnt\system32\drivers\mfendisk.sys
2012-09-30 05:51 . 2012-02-22 18:29 59456 ----a-w- c:\winnt\system32\drivers\mfebopk.sys
2012-09-30 05:51 . 2012-02-22 18:29 57600 ----a-w- c:\winnt\system32\drivers\cfwids.sys
2012-09-30 05:51 . 2012-02-22 18:29 340920 ----a-w- c:\winnt\system32\drivers\mfefirek.sys
2012-09-30 05:51 . 2012-02-22 18:29 180848 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
2012-09-30 05:51 . 2012-09-30 05:52 -------- d-----w- c:\program files\Common Files\Mcafee
2012-09-30 05:51 . 2012-09-30 06:04 -------- d-----w- c:\program files\McAfee
2012-09-30 05:40 . 2012-07-17 20:09 166320 ----a-w- c:\winnt\system32\mfevtps.exe
2012-09-30 05:40 . 2012-09-30 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-09-30 04:54 . 2012-10-12 03:13 -------- d-----w- c:\documents and settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet
2012-09-29 20:38 . 2001-08-17 17:13 27165 ----a-w- c:\winnt\system32\dllcache\fetnd5.sys
2012-09-29 20:38 . 2001-08-17 17:10 22090 ----a-w- c:\winnt\system32\dllcache\fem556n5.sys
2012-09-29 20:38 . 2001-08-17 17:12 24618 ----a-w- c:\winnt\system32\dllcache\fa410nd5.sys
2012-09-29 20:38 . 2001-08-17 17:12 16074 ----a-w- c:\winnt\system32\dllcache\fa312nd5.sys
2012-09-29 20:38 . 2001-08-17 17:11 11850 ----a-w- c:\winnt\system32\dllcache\f3ab18xj.sys
2012-09-29 20:38 . 2001-08-17 17:11 12362 ----a-w- c:\winnt\system32\dllcache\f3ab18xi.sys
2012-09-29 20:36 . 2001-08-18 03:36 4096 ----a-w- c:\winnt\system32\dllcache\ctwdm32.dll
2012-09-29 20:35 . 2001-08-17 18:28 871388 ----a-w- c:\winnt\system32\dllcache\bcmdm.sys
2012-09-29 13:37 . 2012-09-29 13:37 -------- d-----w- c:\documents and settings\C539393\Application Data\SUPERAntiSpyware.com
2012-09-29 13:36 . 2012-09-29 13:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-29 12:02 . 2012-09-29 12:02 -------- d-----w- c:\winnt\system32\wbem\Repository
2012-09-17 03:27 . 2012-09-29 12:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2012-09-15 23:00 . 2012-09-29 12:02 -------- d-----w- c:\program files\McAfee Online Backup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 05:20 . 2012-10-09 05:20 15600 ----a-w- c:\winnt\system32\drivers\49AE~1
2012-09-30 06:19 . 2004-02-17 16:59 93672 ----a-w- c:\winnt\system32\WindowsAccessBridge.dll
2012-09-30 06:19 . 2009-08-05 01:06 143872 ----a-w- c:\winnt\system32\javacpl.cpl
2012-09-30 04:49 . 2012-04-21 01:21 696240 ----a-w- c:\winnt\system32\FlashPlayerApp.exe
2012-09-30 04:49 . 2011-06-09 02:47 73136 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2012-07-17 20:09 . 2012-07-17 20:09 91168 ----a-w- c:\winnt\system32\drivers\mfetdi2k.sys
2012-07-17 20:07 . 2012-07-17 20:07 554048 ----a-w- c:\winnt\system32\drivers\mfehidk.sys
2012-07-17 20:04 . 2012-07-17 20:04 127992 ----a-w- c:\winnt\system32\drivers\mfeapfk.sys
2003-08-27 20:19 . 2004-02-17 16:57 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-09-06 01:27 . 2012-10-02 04:05 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2003-11-17 3022848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-10-04 02:51 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\winnt\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 07:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\winnt\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 17:32 19456 ----a-w- c:\winnt\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 16:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
2004-02-08 22:30 73728 ----a-w- c:\program files\Gateway\GWCares\gwcares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 21:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2012-03-22 02:16 1318816 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 16:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-07 12:32 50688 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 18:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12 169984 ----a-w- c:\winnt\PCHealth\HelpCtr\Binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-r- c:\winnt\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-11-17 16:33 3022848 ----a-w- c:\winnt\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
2003-04-29 15:40 524288 ----a-w- c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2012-07-08 19:39 68000 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2004-11-17 15:21 1691648 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2009-09-01 14:21 79872 ----a-w- c:\documents and settings\C539393\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-04 00:06 45056 ----a-w- c:\program files\Creative\SB Drive Det\SBDrvDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
2007-01-18 18:20 190008 ----a-w- c:\program files\Seagate\SystemTray\StxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-01 23:32 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\winnt\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Util]
2009-08-26 23:25 189816 ----a-w- c:\winnt\system32\Util.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BDLLWQSJAK"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SM1BG"=c:\winnt\SM1BG.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 Cdr4vsd;Cdr4vsd; [x]
R1 MOBKFilter;MOBKFilter;c:\winnt\system32\DRIVERS\MOBK.sys [x]
R2 LMIRescue_67d6deaa-f9b9-4899-8257-8a760547511d;LogMeIn Rescue (67d6deaa-f9b9-4899-8257-8a760547511d);c:\documents and settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_InstantChat_srv.exe [x]
R2 LMIRescue_9f7b1284-de02-4884-812c-c5dc60a95457;LogMeIn Rescue (9f7b1284-de02-4884-812c-c5dc60a95457);c:\documents and settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_InstantChat_srv.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\winnt\system32\mfevtps.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\winnt\system32\DRIVERS\motfilt.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\winnt\system32\drivers\cfwids.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\winnt\system32\drivers\mbamswissarmy.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\winnt\system32\drivers\mfefirek.sys [x]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\winnt\system32\DRIVERS\mfendisk.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\winnt\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\winnt\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\winnt\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\winnt\system32\DRIVERS\motusbdevice.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 mv2;mv2;c:\winnt\system32\DRIVERS\mv2.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\winnt\system32\DRIVERS\wdcsam.sys [x]
R4 BDLLWQSJAK;BDLLWQSJAK;c:\docume~1\C539393\LOCALS~1\Temp\BDLLWQSJAK.exe [x]
R4 DAWVZCOZG;DAWVZCOZG;c:\docume~1\C539393\LOCALS~1\Temp\DAWVZCOZG.exe [x]
R4 GNIWKC;GNIWKC;c:\docume~1\C539393\LOCALS~1\Temp\GNIWKC.exe [x]
R4 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [x]
R4 RFWSXP;RFWSXP;c:\docume~1\C539393\LOCALS~1\Temp\RFWSXP.exe [x]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
R4 U2VSvr;U2VSvr;c:\winnt\system32\U2VSvr.exe [x]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\winnt\system32\drivers\mfetdi2k.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 PfDetNT;PfDetNT;c:\winnt\system32\drivers\PfModNT.sys [x]
S2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\winnt\system32\Drivers\nx6000.sys [x]
S3 T1PExGrp;T1PExGrp;c:\winnt\system32\DRIVERS\T1PExGrp.sys [x]
S3 T1PMrGrp;T1PMrGrp;c:\winnt\system32\drivers\T1PMrGrp.sys [x]
S3 t1pusb;Trigger 1+ Graphics Card;c:\winnt\system32\drivers\t1pusb.sys [x]
.
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: download.com
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\C539393\Application Data\Mozilla\Firefox\Profiles\1bcg20gq.default\
FF - ExtSQL: 2012-10-01 23:12; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files\Common Files\McAfee\SystemCore
FF - ExtSQL: !HIDDEN! 2009-09-02 07:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-14 23:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winnt\system32\WININET.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(1740)
c:\winnt\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\winnt\system32\CTSvcCDA.EXE
c:\winnt\system32\imapi.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\winnt\system32\rundll32.exe
c:\winnt\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-10-14 23:38:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-15 04:38
ComboFix2.txt 2012-10-08 03:16
ComboFix3.txt 2012-10-06 22:14
.
Pre-Run: 105,092,456,448 bytes free
Post-Run: 105,085,067,264 bytes free
.
- - End Of File - - 2C5A89F379B4B7E74D89941EA959E555


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-14 22:45:34
-----------------------------
22:45:34.328 OS Version: Windows 5.1.2600 Service Pack 3
22:45:34.328 Number of processors: 2 586 0x303
22:45:34.328 ComputerName: C539393-A UserName: C539393
22:45:34.734 Initialize success
22:47:26.312 AVAST engine defs: 12101401
22:47:33.593 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e
22:47:33.593 Disk 1 Vendor: WDC_WD1600JD-22FYB0 02.05D02 Size: 152627MB BusType: 3
22:47:33.625 Disk 1 MBR read successfully
22:47:33.625 Disk 1 MBR scan
22:47:33.656 Disk 1 Windows XP default MBR code
22:47:33.671 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
22:47:33.671 Disk 1 scanning sectors +312576705
22:47:33.765 Disk 1 scanning C:\WINNT\system32\drivers
22:47:58.875 Service scanning
22:48:14.953 Modules scanning
22:48:43.359 Disk 1 trace - called modules:
22:48:43.375 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:48:43.375 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a9beab8]
22:48:43.375 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\00000085[0x8a9c29e8]
22:48:43.375 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a9ea940]
22:48:43.828 AVAST engine scan C:\WINNT
22:49:07.625 AVAST engine scan C:\WINNT\system32
22:55:35.109 AVAST engine scan C:\WINNT\system32\drivers
22:56:27.921 AVAST engine scan C:\Documents and Settings\C539393
23:11:26.250 AVAST engine scan C:\Documents and Settings\All Users
23:15:25.046 Scan finished successfully
23:16:16.281 Disk 1 MBR has been saved successfully to "G:\BC\MBR.dat"
23:16:16.281 The log file has been saved successfully to "G:\BC\aswMBR.txt"

23:39:57.0546 1896 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:39:57.0562 1896 ============================================================
23:39:57.0562 1896 Current date / time: 2012/10/14 23:39:57.0562
23:39:57.0562 1896 SystemInfo:
23:39:57.0562 1896
23:39:57.0562 1896 OS Version: 5.1.2600 ServicePack: 3.0
23:39:57.0562 1896 Product type: Workstation
23:39:57.0562 1896 ComputerName: C539393-A
23:39:57.0562 1896 UserName: C539393
23:39:57.0562 1896 Windows directory: C:\WINNT
23:39:57.0562 1896 System windows directory: C:\WINNT
23:39:57.0562 1896 Processor architecture: Intel x86
23:39:57.0562 1896 Number of processors: 2
23:39:57.0562 1896 Page size: 0x1000
23:39:57.0562 1896 Boot type: Unknown 3
23:39:57.0562 1896 ============================================================
23:39:58.0906 1896 Drive \Device\Harddisk0\DR0 - Size: 0x1C9FEF0000 (114.50 Gb), SectorSize: 0x200, Cylinders: 0x3A62, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:39:58.0921 1896 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:39:58.0937 1896 Drive \Device\Harddisk2\DR4 - Size: 0x3BB3FFE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:39:58.0937 1896 ============================================================
23:39:58.0937 1896 \Device\Harddisk0\DR0:
23:39:58.0937 1896 MBR partitions:
23:39:58.0937 1896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xE4FBFA3
23:39:58.0937 1896 \Device\Harddisk1\DR1:
23:39:58.0937 1896 MBR partitions:
23:39:58.0937 1896 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
23:39:58.0937 1896 \Device\Harddisk2\DR4:
23:39:58.0937 1896 MBR partitions:
23:39:58.0937 1896 \Device\Harddisk2\DR4\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
23:39:58.0937 1896 ============================================================
23:39:58.0984 1896 C: <-> \Device\Harddisk1\DR1\Partition1
23:39:58.0984 1896 F: <-> \Device\Harddisk0\DR0\Partition1
23:39:58.0984 1896 ============================================================
23:39:58.0984 1896 Initialize success
23:39:58.0984 1896 ============================================================
23:40:10.0656 0804 ============================================================
23:40:10.0656 0804 Scan started
23:40:10.0656 0804 Mode: Manual;
23:40:10.0656 0804 ============================================================
23:40:12.0234 0804 ================ Scan system memory ========================
23:40:12.0234 0804 System memory - ok
23:40:12.0234 0804 ================ Scan services =============================
23:40:12.0328 0804 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
23:40:12.0343 0804 !SASCORE - ok
23:40:12.0500 0804 Abiosdsk - ok
23:40:12.0515 0804 abp480n5 - ok
23:40:12.0531 0804 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINNT\system32\drivers\ac97intc.sys
23:40:12.0531 0804 ac97intc - ok
23:40:12.0593 0804 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINNT\system32\DRIVERS\ACPI.sys
23:40:12.0593 0804 ACPI - ok
23:40:12.0625 0804 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINNT\system32\drivers\ACPIEC.sys
23:40:12.0625 0804 ACPIEC - ok
23:40:12.0687 0804 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:40:12.0703 0804 AdobeFlashPlayerUpdateSvc - ok
23:40:12.0718 0804 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINNT\system32\DRIVERS\adpu160m.sys
23:40:12.0734 0804 adpu160m - ok
23:40:12.0765 0804 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINNT\system32\drivers\aec.sys
23:40:12.0765 0804 aec - ok
23:40:12.0812 0804 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINNT\System32\drivers\afd.sys
23:40:12.0812 0804 AFD - ok
23:40:12.0828 0804 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINNT\system32\DRIVERS\agp440.sys
23:40:12.0828 0804 agp440 - ok
23:40:12.0843 0804 Aha154x - ok
23:40:12.0843 0804 aic78u2 - ok
23:40:12.0875 0804 aic78xx - ok
23:40:12.0906 0804 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINNT\system32\alrsvc.dll
23:40:12.0906 0804 Alerter - ok
23:40:12.0921 0804 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINNT\System32\alg.exe
23:40:12.0921 0804 ALG - ok
23:40:12.0937 0804 AliIde - ok
23:40:12.0937 0804 amsint - ok
23:40:13.0031 0804 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:40:13.0031 0804 Apple Mobile Device - ok
23:40:13.0031 0804 AppMgmt - ok
23:40:13.0046 0804 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINNT\system32\DRIVERS\arp1394.sys
23:40:13.0046 0804 Arp1394 - ok
23:40:13.0062 0804 asc - ok
23:40:13.0062 0804 asc3350p - ok
23:40:13.0078 0804 asc3550 - ok
23:40:13.0125 0804 [ B6D01734E8B37937965660D30EDD93C1 ] Aspi32 C:\WINNT\system32\drivers\Aspi32.sys
23:40:13.0125 0804 Aspi32 - ok
23:40:13.0250 0804 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:40:13.0250 0804 aspnet_state - ok
23:40:13.0265 0804 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINNT\system32\DRIVERS\asyncmac.sys
23:40:13.0265 0804 AsyncMac - ok
23:40:13.0281 0804 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINNT\system32\DRIVERS\atapi.sys
23:40:13.0281 0804 atapi - ok
23:40:13.0296 0804 Atdisk - ok
23:40:13.0312 0804 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINNT\system32\DRIVERS\atmarpc.sys
23:40:13.0328 0804 Atmarpc - ok
23:40:13.0343 0804 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINNT\System32\audiosrv.dll
23:40:13.0343 0804 AudioSrv - ok
23:40:13.0406 0804 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINNT\system32\DRIVERS\audstub.sys
23:40:13.0406 0804 audstub - ok
23:40:13.0531 0804 BDLLWQSJAK - ok
23:40:13.0562 0804 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINNT\system32\drivers\Beep.sys
23:40:13.0562 0804 Beep - ok
23:40:13.0593 0804 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINNT\system32\qmgr.dll
23:40:13.0609 0804 BITS - ok
23:40:13.0671 0804 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:40:13.0687 0804 Bonjour Service - ok
23:40:13.0734 0804 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINNT\System32\browser.dll
23:40:13.0734 0804 Browser - ok
23:40:13.0765 0804 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\WINNT\system32\DRIVERS\motfilt.sys
23:40:13.0765 0804 BTCFilterService - ok
23:40:13.0796 0804 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINNT\system32\drivers\BVRPMPR5.SYS
23:40:13.0796 0804 BVRPMPR5 - ok
23:40:13.0812 0804 catchme - ok
23:40:13.0828 0804 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINNT\system32\drivers\cbidf2k.sys
23:40:13.0828 0804 cbidf2k - ok
23:40:13.0843 0804 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINNT\system32\DRIVERS\CCDECODE.sys
23:40:13.0843 0804 CCDECODE - ok
23:40:13.0843 0804 cd20xrnt - ok
23:40:13.0890 0804 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINNT\system32\drivers\Cdaudio.sys
23:40:13.0890 0804 Cdaudio - ok
23:40:13.0906 0804 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINNT\system32\drivers\Cdfs.sys
23:40:13.0906 0804 Cdfs - ok
23:40:13.0953 0804 [ 9FC549CB9099F92F032DF52F7A6092D4 ] Cdr4vsd C:\WINNT\system32\drivers\Cdr4vsd.sys
23:40:13.0953 0804 Cdr4vsd - ok
23:40:14.0000 0804 [ 223DEA13C9D064BABC882B4727F6F905 ] Cdr4_xp C:\WINNT\system32\drivers\Cdr4_xp.sys
23:40:14.0000 0804 Cdr4_xp - ok
23:40:14.0000 0804 [ 9E26599599D178E71AFB5599E146031A ] Cdralw2k C:\WINNT\system32\drivers\Cdralw2k.sys
23:40:14.0000 0804 Cdralw2k - ok
23:40:14.0015 0804 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINNT\system32\DRIVERS\cdrom.sys
23:40:14.0015 0804 Cdrom - ok
23:40:14.0062 0804 [ 7BABEAA8B2FCE2A67A38A62A543E291A ] cdudf_xp C:\WINNT\system32\drivers\cdudf_xp.sys
23:40:14.0078 0804 cdudf_xp - ok
23:40:14.0125 0804 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\WINNT\system32\drivers\cfwids.sys
23:40:14.0125 0804 cfwids - ok
23:40:14.0125 0804 Changer - ok
23:40:14.0171 0804 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINNT\system32\cisvc.exe
23:40:14.0171 0804 CiSvc - ok
23:40:14.0187 0804 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINNT\system32\clipsrv.exe
23:40:14.0187 0804 ClipSrv - ok
23:40:14.0218 0804 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:40:14.0218 0804 clr_optimization_v2.0.50727_32 - ok
23:40:14.0312 0804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINNT\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:40:14.0312 0804 clr_optimization_v4.0.30319_32 - ok
23:40:14.0312 0804 CmdIde - ok
23:40:14.0359 0804 [ 1EF05B641E9A67DED74AC8AD40055DBF ] COMMONFX.DLL C:\WINNT\system32\COMMONFX.DLL
23:40:14.0359 0804 COMMONFX.DLL - ok
23:40:14.0359 0804 COMSysApp - ok
23:40:14.0375 0804 Cpqarray - ok
23:40:14.0421 0804 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINNT\system32\CTSvcCDA.EXE
23:40:14.0421 0804 Creative Service for CDROM Access - ok
23:40:14.0421 0804 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINNT\System32\cryptsvc.dll
23:40:14.0437 0804 CryptSvc - ok
23:40:14.0453 0804 [ 6191A973461852A09D643609E1D5F7C6 ] CT20XUT.DLL C:\WINNT\system32\CT20XUT.DLL
23:40:14.0468 0804 CT20XUT.DLL - ok
23:40:14.0500 0804 [ 8AC5F77E30E37D2D11BD99EFF0C53D8C ] ctac32k C:\WINNT\system32\drivers\ctac32k.sys
23:40:14.0515 0804 ctac32k - ok
23:40:14.0546 0804 [ 673241D314E932F4890509AE8EBF26DB ] ctaud2k C:\WINNT\system32\drivers\ctaud2k.sys
23:40:14.0546 0804 ctaud2k - ok
23:40:14.0593 0804 [ 472B82D7E549E7FAB428852E4D16F21D ] CTAUDFX.DLL C:\WINNT\system32\CTAUDFX.DLL
23:40:14.0609 0804 CTAUDFX.DLL - ok
23:40:14.0656 0804 [ ED316D4C3D39C5B6C23DE067E275C183 ] ctdvda2k C:\WINNT\system32\drivers\ctdvda2k.sys
23:40:14.0671 0804 ctdvda2k - ok
23:40:14.0703 0804 [ 6A57F82009563AEE8826F117E1D3C72C ] CTEAPSFX.DLL C:\WINNT\system32\CTEAPSFX.DLL
23:40:14.0703 0804 CTEAPSFX.DLL - ok
23:40:14.0718 0804 [ C8AC1FFAEADD655193D7B1811A572D8D ] CTEDSPFX.DLL C:\WINNT\system32\CTEDSPFX.DLL
23:40:14.0734 0804 CTEDSPFX.DLL - ok
23:40:14.0765 0804 [ 44495D9DAF675257D00B25B041EE6667 ] CTEDSPIO.DLL C:\WINNT\system32\CTEDSPIO.DLL
23:40:14.0765 0804 CTEDSPIO.DLL - ok
23:40:14.0796 0804 [ 8E90B1762CB42E2FC76DAC9210C83C66 ] CTEDSPSY.DLL C:\WINNT\system32\CTEDSPSY.DLL
23:40:14.0796 0804 CTEDSPSY.DLL - ok
23:40:14.0828 0804 [ D3FBD9983325435B06795F29CB57ED3D ] CTERFXFX.DLL C:\WINNT\system32\CTERFXFX.DLL
23:40:14.0828 0804 CTERFXFX.DLL - ok
23:40:14.0906 0804 [ 2C48E9D8CA703964463F27AE341115B7 ] CTEXFIFX.DLL C:\WINNT\system32\CTEXFIFX.DLL
23:40:14.0937 0804 CTEXFIFX.DLL - ok
23:40:14.0953 0804 [ F7657C598E7C29C6683C1E4A8DD68884 ] CTHWIUT.DLL C:\WINNT\system32\CTHWIUT.DLL
23:40:14.0953 0804 CTHWIUT.DLL - ok
23:40:14.0984 0804 [ 34E7F8A499FD8361DF14FEDB724C0AD3 ] ctprxy2k C:\WINNT\system32\drivers\ctprxy2k.sys
23:40:14.0984 0804 ctprxy2k - ok
23:40:15.0015 0804 [ 679AE21EB7F48A08184813AEBABDEC7C ] CTSBLFX.DLL C:\WINNT\system32\CTSBLFX.DLL
23:40:15.0015 0804 CTSBLFX.DLL - ok
23:40:15.0031 0804 [ 32098497CB4DFE9EA7660FA62DD91060 ] ctsfm2k C:\WINNT\system32\drivers\ctsfm2k.sys
23:40:15.0031 0804 ctsfm2k - ok
23:40:15.0046 0804 dac2w2k - ok
23:40:15.0046 0804 dac960nt - ok
23:40:15.0046 0804 DAWVZCOZG - ok
23:40:15.0109 0804 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINNT\system32\rpcss.dll
23:40:15.0109 0804 DcomLaunch - ok
23:40:15.0156 0804 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINNT\System32\dhcpcsvc.dll
23:40:15.0156 0804 Dhcp - ok
23:40:15.0203 0804 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINNT\system32\DRIVERS\disk.sys
23:40:15.0203 0804 Disk - ok
23:40:15.0203 0804 dmadmin - ok
23:40:15.0250 0804 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINNT\system32\drivers\dmboot.sys
23:40:15.0281 0804 dmboot - ok
23:40:15.0296 0804 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINNT\system32\drivers\dmio.sys
23:40:15.0296 0804 dmio - ok
23:40:15.0328 0804 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINNT\system32\drivers\dmload.sys
23:40:15.0328 0804 dmload - ok
23:40:15.0359 0804 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINNT\System32\dmserver.dll
23:40:15.0359 0804 dmserver - ok
23:40:15.0390 0804 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINNT\system32\drivers\DMusic.sys
23:40:15.0390 0804 DMusic - ok
23:40:15.0421 0804 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINNT\System32\dnsrslvr.dll
23:40:15.0421 0804 Dnscache - ok
23:40:15.0453 0804 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINNT\System32\dot3svc.dll
23:40:15.0453 0804 Dot3svc - ok
23:40:15.0453 0804 dpti2o - ok
23:40:15.0468 0804 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINNT\system32\drivers\drmkaud.sys
23:40:15.0468 0804 drmkaud - ok
23:40:15.0484 0804 [ C2D7DED077E021BB2845EA2E782DBB25 ] DVDVRRdr_xp C:\WINNT\system32\drivers\DVDVRRdr_xp.sys
23:40:15.0484 0804 DVDVRRdr_xp - ok
23:40:15.0515 0804 [ 361C6F74C7C2727B3B51F065444A4B30 ] dvd_2K C:\WINNT\system32\drivers\dvd_2K.sys
23:40:15.0515 0804 dvd_2K - ok
23:40:15.0531 0804 [ 98B46B331404A951CABAD8B4877E1276 ] E100B C:\WINNT\system32\DRIVERS\e100b325.sys
23:40:15.0531 0804 E100B - ok
23:40:15.0562 0804 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINNT\System32\eapsvc.dll
23:40:15.0562 0804 EapHost - ok
23:40:15.0593 0804 [ 2885F72D2DAFFD0329272F12E16D6579 ] emupia C:\WINNT\system32\drivers\emupia2k.sys
23:40:15.0593 0804 emupia - ok
23:40:15.0640 0804 [ B92F2B3247F0A99490C1298A1D3D7B4C ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
23:40:15.0640 0804 EPSON_EB_RPCV4_04 - ok
23:40:15.0671 0804 [ 651336B99C75FB54E4B5971CF458F9BD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
23:40:15.0671 0804 EPSON_PM_RPCV4_04 - ok
23:40:15.0703 0804 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINNT\System32\ersvc.dll
23:40:15.0718 0804 ERSvc - ok
23:40:15.0750 0804 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINNT\system32\services.exe
23:40:15.0750 0804 Eventlog - ok
23:40:15.0796 0804 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINNT\system32\Es.dll
23:40:15.0796 0804 EventSystem - ok
23:40:15.0796 0804 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINNT\system32\drivers\Fastfat.sys
23:40:15.0812 0804 Fastfat - ok
23:40:15.0859 0804 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINNT\System32\shsvcs.dll
23:40:15.0859 0804 FastUserSwitchingCompatibility - ok
23:40:15.0859 0804 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINNT\system32\DRIVERS\fdc.sys
23:40:15.0875 0804 Fdc - ok
23:40:15.0875 0804 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINNT\system32\drivers\Fips.sys
23:40:15.0875 0804 Fips - ok
23:40:15.0890 0804 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINNT\system32\DRIVERS\flpydisk.sys
23:40:15.0890 0804 Flpydisk - ok
23:40:15.0953 0804 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINNT\system32\drivers\fltmgr.sys
23:40:15.0953 0804 FltMgr - ok
23:40:16.0031 0804 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:40:16.0031 0804 FontCache3.0.0.0 - ok
23:40:16.0031 0804 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINNT\system32\drivers\Fs_Rec.sys
23:40:16.0046 0804 Fs_Rec - ok
23:40:16.0046 0804 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINNT\system32\DRIVERS\ftdisk.sys
23:40:16.0046 0804 Ftdisk - ok
23:40:16.0093 0804 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINNT\system32\DRIVERS\GEARAspiWDM.sys
23:40:16.0093 0804 GEARAspiWDM - ok
23:40:16.0093 0804 GNIWKC - ok
23:40:16.0140 0804 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
23:40:16.0140 0804 GoToAssist - ok
23:40:16.0187 0804 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINNT\system32\DRIVERS\msgpc.sys
23:40:16.0187 0804 Gpc - ok
23:40:16.0250 0804 [ DA2C735B66D2E7B739F9A46146581A9D ] ha10kx2k C:\WINNT\system32\drivers\ha10kx2k.sys
23:40:16.0250 0804 ha10kx2k - ok
23:40:16.0265 0804 [ 5C7D6D68796E4621B4168C879908DAE0 ] hap16v2k C:\WINNT\system32\drivers\hap16v2k.sys
23:40:16.0265 0804 hap16v2k - ok
23:40:16.0296 0804 [ A595B88AD16D8B5693DDF08113CAF30E ] hap17v2k C:\WINNT\system32\drivers\hap17v2k.sys
23:40:16.0296 0804 hap17v2k - ok
23:40:16.0359 0804 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:40:16.0375 0804 helpsvc - ok
23:40:16.0375 0804 HidServ - ok
23:40:16.0421 0804 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINNT\system32\DRIVERS\hidusb.sys
23:40:16.0421 0804 HidUsb - ok
23:40:16.0453 0804 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINNT\System32\kmsvc.dll
23:40:16.0453 0804 hkmsvc - ok
23:40:16.0453 0804 hpn - ok
23:40:16.0500 0804 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINNT\system32\Drivers\HTTP.sys
23:40:16.0515 0804 HTTP - ok
23:40:16.0562 0804 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINNT\System32\w3ssl.dll
23:40:16.0562 0804 HTTPFilter - ok
23:40:16.0578 0804 i2omgmt - ok
23:40:16.0578 0804 i2omp - ok
23:40:16.0625 0804 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINNT\system32\DRIVERS\i8042prt.sys
23:40:16.0640 0804 i8042prt - ok
23:40:16.0656 0804 [ 50B56E7DE809BE4B8F4D24B3F0381520 ] iaStor C:\WINNT\system32\DRIVERS\iaStor.sys
23:40:16.0656 0804 iaStor - ok
23:40:16.0750 0804 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:40:16.0750 0804 IDriverT - ok
23:40:16.0843 0804 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:40:16.0859 0804 idsvc - ok
23:40:16.0875 0804 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINNT\system32\DRIVERS\imapi.sys
23:40:16.0875 0804 Imapi - ok
23:40:16.0890 0804 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINNT\system32\imapi.exe
23:40:16.0906 0804 ImapiService - ok
23:40:16.0906 0804 ini910u - ok
23:40:17.0000 0804 [ DD476200776D9BD8B693AD733D33CDFD ] IntelC51 C:\WINNT\system32\DRIVERS\IntelC51.sys
23:40:17.0015 0804 IntelC51 - ok
23:40:17.0031 0804 [ 633CE6C73ADD83B2CBD3D121978D74C4 ] IntelC52 C:\WINNT\system32\DRIVERS\IntelC52.sys
23:40:17.0031 0804 IntelC52 - ok
23:40:17.0062 0804 [ DDC319760DFC9F898682599F4AE025EA ] IntelC53 C:\WINNT\system32\DRIVERS\IntelC53.sys
23:40:17.0062 0804 IntelC53 - ok
23:40:17.0062 0804 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINNT\system32\DRIVERS\intelide.sys
23:40:17.0062 0804 IntelIde - ok
23:40:17.0109 0804 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINNT\system32\DRIVERS\intelppm.sys
23:40:17.0109 0804 intelppm - ok
23:40:17.0140 0804 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINNT\system32\drivers\ip6fw.sys
23:40:17.0140 0804 Ip6Fw - ok
23:40:17.0171 0804 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINNT\system32\DRIVERS\ipfltdrv.sys
23:40:17.0171 0804 IpFilterDriver - ok
23:40:17.0187 0804 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINNT\system32\DRIVERS\ipinip.sys
23:40:17.0187 0804 IpInIp - ok
23:40:17.0218 0804 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINNT\system32\DRIVERS\ipnat.sys
23:40:17.0218 0804 IpNat - ok
23:40:17.0265 0804 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:40:17.0296 0804 iPod Service - ok
23:40:17.0312 0804 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINNT\system32\DRIVERS\ipsec.sys
23:40:17.0312 0804 IPSec - ok
23:40:17.0343 0804 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINNT\system32\DRIVERS\irenum.sys
23:40:17.0343 0804 IRENUM - ok
23:40:17.0359 0804 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINNT\system32\DRIVERS\isapnp.sys
23:40:17.0359 0804 isapnp - ok
23:40:17.0531 0804 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
23:40:17.0531 0804 JavaQuickStarterService - ok
23:40:17.0562 0804 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINNT\system32\DRIVERS\kbdclass.sys
23:40:17.0562 0804 Kbdclass - ok
23:40:17.0578 0804 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINNT\system32\drivers\kmixer.sys
23:40:17.0578 0804 kmixer - ok
23:40:17.0609 0804 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINNT\system32\drivers\KSecDD.sys
23:40:17.0625 0804 KSecDD - ok
23:40:17.0671 0804 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINNT\System32\srvsvc.dll
23:40:17.0671 0804 lanmanserver - ok
23:40:17.0703 0804 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINNT\System32\wkssvc.dll
23:40:17.0718 0804 lanmanworkstation - ok
23:40:17.0718 0804 lbrtfdc - ok
23:40:17.0781 0804 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINNT\System32\lmhsvc.dll
23:40:17.0781 0804 LmHosts - ok
23:40:17.0843 0804 LMIRescue_67d6deaa-f9b9-4899-8257-8a760547511d - ok
23:40:17.0843 0804 LMIRescue_9f7b1284-de02-4884-812c-c5dc60a95457 - ok
23:40:17.0859 0804 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINNT\system32\drivers\mbamswissarmy.sys
23:40:17.0875 0804 MBAMSwissArmy - ok
23:40:17.0984 0804 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
23:40:17.0984 0804 McMPFSvc - ok
23:40:18.0000 0804 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
23:40:18.0000 0804 mcmscsvc - ok
23:40:18.0000 0804 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
23:40:18.0000 0804 McNaiAnn - ok
23:40:18.0015 0804 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
23:40:18.0015 0804 McNASvc - ok
23:40:18.0109 0804 [ B3CD9ADE1C2665124CA34125B331B0B4 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
23:40:18.0125 0804 McODS - ok
23:40:18.0125 0804 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
23:40:18.0125 0804 McProxy - ok
23:40:18.0187 0804 [ 85DB8DDD2D664716BB5B2D3405F9EF92 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:40:18.0187 0804 McShield - ok
23:40:18.0187 0804 MCSTRM - ok
23:40:18.0265 0804 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
23:40:18.0281 0804 MDM - ok
23:40:18.0312 0804 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINNT\System32\msgsvc.dll
23:40:18.0312 0804 Messenger - ok
23:40:18.0343 0804 [ EBD0E304B8FA3B4CAE564DE4F3E2938C ] mfeapfk C:\WINNT\system32\drivers\mfeapfk.sys
23:40:18.0343 0804 mfeapfk - ok
23:40:18.0375 0804 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\WINNT\system32\drivers\mfeavfk.sys
23:40:18.0390 0804 mfeavfk - ok
23:40:18.0406 0804 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\WINNT\system32\drivers\mfebopk.sys
23:40:18.0406 0804 mfebopk - ok
23:40:18.0421 0804 [ 183AB9DCE971E029C50223765671839C ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:40:18.0437 0804 mfefire - ok
23:40:18.0468 0804 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\WINNT\system32\drivers\mfefirek.sys
23:40:18.0484 0804 mfefirek - ok
23:40:18.0531 0804 [ 2BDEE93EA2DE3D643219B76153A6FAC3 ] mfehidk C:\WINNT\system32\drivers\mfehidk.sys
23:40:18.0546 0804 mfehidk - ok
23:40:18.0609 0804 [ 26C76D10ED650E6492800D6F081ECFBA ] mfendisk C:\WINNT\system32\DRIVERS\mfendisk.sys
23:40:18.0609 0804 mfendisk - ok
23:40:18.0625 0804 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\WINNT\system32\drivers\mferkdet.sys
23:40:18.0625 0804 mferkdet - ok
23:40:18.0656 0804 [ B0124A3DF04FC3BDE11EF812436A907D ] mfetdi2k C:\WINNT\system32\drivers\mfetdi2k.sys
23:40:18.0656 0804 mfetdi2k - ok
23:40:18.0671 0804 [ 00E9EFFF461D979BAF3A92F12C0820CE ] mfevtp C:\WINNT\system32\mfevtps.exe
23:40:18.0671 0804 mfevtp - ok
23:40:18.0687 0804 [ 1E545F69C97DD1B817E5D572A181CA90 ] mmc_2K C:\WINNT\system32\drivers\mmc_2K.sys
23:40:18.0687 0804 mmc_2K - ok
23:40:18.0734 0804 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINNT\system32\drivers\mnmdd.sys
23:40:18.0734 0804 mnmdd - ok
23:40:18.0765 0804 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINNT\System32\mnmsrvc.exe
23:40:18.0765 0804 mnmsrvc - ok
23:40:18.0765 0804 MOBKFilter - ok
23:40:18.0812 0804 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINNT\system32\drivers\Modem.sys
23:40:18.0812 0804 Modem - ok
23:40:18.0828 0804 [ B23378126AF4E02DC691E9F5880F2ACD ] mohfilt C:\WINNT\system32\DRIVERS\mohfilt.sys
23:40:18.0828 0804 mohfilt - ok
23:40:18.0859 0804 [ 1088F75C09EBB0A8B0F13B886FD67C52 ] motccgp C:\WINNT\system32\DRIVERS\motccgp.sys
23:40:18.0859 0804 motccgp - ok
23:40:18.0890 0804 [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl C:\WINNT\system32\DRIVERS\motccgpfl.sys
23:40:18.0890 0804 motccgpfl - ok
23:40:18.0906 0804 [ 8F408E9ED2FEB8A8B8837C380FAF7AD6 ] motmodem C:\WINNT\system32\DRIVERS\motmodem.sys
23:40:18.0906 0804 motmodem - ok
23:40:18.0953 0804 [ 2443B978E80F8A3D1F39855AA25882AF ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
23:40:18.0968 0804 MotoHelper - ok
23:40:19.0000 0804 [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\WINNT\system32\DRIVERS\motswch.sys
23:40:19.0015 0804 MotoSwitchService - ok
23:40:19.0015 0804 [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet C:\WINNT\system32\DRIVERS\Motousbnet.sys
23:40:19.0015 0804 Motousbnet - ok
23:40:19.0031 0804 [ 2136CCA3D1BF7C0248E5366B1A6C24E3 ] motusbdevice C:\WINNT\system32\DRIVERS\motusbdevice.sys
23:40:19.0031 0804 motusbdevice - ok
23:40:19.0046 0804 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINNT\system32\DRIVERS\mouclass.sys
23:40:19.0046 0804 Mouclass - ok
23:40:19.0078 0804 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINNT\system32\DRIVERS\mouhid.sys
23:40:19.0078 0804 mouhid - ok
23:40:19.0109 0804 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINNT\system32\drivers\MountMgr.sys
23:40:19.0109 0804 MountMgr - ok
23:40:19.0140 0804 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:40:19.0156 0804 MozillaMaintenance - ok
23:40:19.0156 0804 mraid35x - ok
23:40:19.0171 0804 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINNT\system32\DRIVERS\mrxdav.sys
23:40:19.0171 0804 MRxDAV - ok
23:40:19.0218 0804 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINNT\system32\DRIVERS\mrxsmb.sys
23:40:19.0234 0804 MRxSmb - ok
23:40:19.0296 0804 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
23:40:19.0312 0804 MSCamSvc - ok
23:40:19.0343 0804 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINNT\System32\msdtc.exe
23:40:19.0343 0804 MSDTC - ok
23:40:19.0359 0804 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINNT\system32\drivers\Msfs.sys
23:40:19.0359 0804 Msfs - ok
23:40:19.0390 0804 [ 5119FFC2A6B51089CDB0EFDC75808C97 ] MSHUSBVideo C:\WINNT\system32\Drivers\nx6000.sys
23:40:19.0390 0804 MSHUSBVideo - ok
23:40:19.0406 0804 MSIServer - ok
23:40:19.0437 0804 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
23:40:19.0437 0804 MSK80Service - ok
23:40:19.0453 0804 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINNT\system32\drivers\MSKSSRV.sys
23:40:19.0453 0804 MSKSSRV - ok
23:40:19.0468 0804 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINNT\system32\drivers\MSPCLOCK.sys
23:40:19.0468 0804 MSPCLOCK - ok
23:40:19.0500 0804 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINNT\system32\drivers\MSPQM.sys
23:40:19.0500 0804 MSPQM - ok
23:40:19.0515 0804 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINNT\system32\DRIVERS\mssmbios.sys
23:40:19.0515 0804 mssmbios - ok
23:40:19.0546 0804 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINNT\system32\drivers\MSTEE.sys
23:40:19.0546 0804 MSTEE - ok
23:40:19.0562 0804 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINNT\system32\drivers\Mup.sys
23:40:19.0562 0804 Mup - ok
23:40:19.0593 0804 [ 1DDC53D670C6E853C4EE8558EFDE7B34 ] mv2 C:\WINNT\system32\DRIVERS\mv2.sys
23:40:19.0593 0804 mv2 - ok
23:40:19.0625 0804 [ 88F57A15B786BF2AF9458F7903768085 ] MxlW2k C:\WINNT\system32\drivers\MxlW2k.sys
23:40:19.0625 0804 MxlW2k - ok
23:40:19.0656 0804 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINNT\system32\DRIVERS\NABTSFEC.sys
23:40:19.0656 0804 NABTSFEC - ok
23:40:19.0703 0804 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINNT\System32\qagentrt.dll
23:40:19.0718 0804 napagent - ok
23:40:19.0750 0804 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINNT\system32\drivers\NDIS.sys
23:40:19.0750 0804 NDIS - ok
23:40:19.0781 0804 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINNT\system32\DRIVERS\NdisIP.sys
23:40:19.0781 0804 NdisIP - ok
23:40:19.0812 0804 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINNT\system32\DRIVERS\ndistapi.sys
23:40:19.0812 0804 NdisTapi - ok
23:40:19.0828 0804 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINNT\system32\DRIVERS\ndisuio.sys
23:40:19.0828 0804 Ndisuio - ok
23:40:19.0828 0804 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINNT\system32\DRIVERS\ndiswan.sys
23:40:19.0828 0804 NdisWan - ok
23:40:19.0859 0804 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINNT\system32\drivers\NDProxy.sys
23:40:19.0859 0804 NDProxy - ok
23:40:19.0859 0804 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINNT\system32\DRIVERS\netbios.sys
23:40:19.0859 0804 NetBIOS - ok
23:40:19.0890 0804 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINNT\system32\DRIVERS\netbt.sys
23:40:19.0890 0804 NetBT - ok
23:40:19.0921 0804 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINNT\system32\netdde.exe
23:40:19.0937 0804 NetDDE - ok
23:40:19.0937 0804 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINNT\system32\netdde.exe
23:40:19.0937 0804 NetDDEdsdm - ok
23:40:19.0984 0804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINNT\system32\lsass.exe
23:40:19.0984 0804 Netlogon - ok
23:40:20.0000 0804 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINNT\System32\netman.dll
23:40:20.0000 0804 Netman - ok
23:40:20.0046 0804 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:40:20.0046 0804 NetTcpPortSharing - ok
23:40:20.0062 0804 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINNT\system32\DRIVERS\nic1394.sys
23:40:20.0062 0804 NIC1394 - ok
23:40:20.0125 0804 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINNT\System32\mswsock.dll
23:40:20.0125 0804 Nla - ok
23:40:20.0140 0804 [ 1E421A6BCF2203CC61B821ADA9DE878B ] nm C:\WINNT\system32\DRIVERS\NMnt.sys
23:40:20.0140 0804 nm - ok
23:40:20.0187 0804 [ 6623E51595C0076755C29C00846C4EB2 ] NPF C:\WINNT\system32\drivers\npf.sys
23:40:20.0187 0804 NPF - ok
23:40:20.0187 0804 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINNT\system32\drivers\Npfs.sys
23:40:20.0187 0804 Npfs - ok
23:40:20.0250 0804 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINNT\system32\drivers\Ntfs.sys
23:40:20.0250 0804 Ntfs - ok
23:40:20.0265 0804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINNT\System32\lsass.exe
23:40:20.0265 0804 NtLmSsp - ok
23:40:20.0312 0804 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINNT\system32\ntmssvc.dll
23:40:20.0312 0804 NtmsSvc - ok
23:40:20.0343 0804 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINNT\system32\drivers\Null.sys
23:40:20.0343 0804 Null - ok
23:40:20.0437 0804 [ 981666C0FBD10816DB943CBCEAC82AB3 ] nv C:\WINNT\system32\DRIVERS\nv4_mini.sys
23:40:20.0453 0804 nv - ok
23:40:20.0484 0804 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINNT\system32\DRIVERS\nwlnkflt.sys
23:40:20.0484 0804 NwlnkFlt - ok
23:40:20.0500 0804 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
23:40:20.0500 0804 NwlnkFwd - ok
23:40:20.0515 0804 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINNT\system32\DRIVERS\ohci1394.sys
23:40:20.0515 0804 ohci1394 - ok
23:40:20.0546 0804 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:40:20.0546 0804 ose - ok
23:40:20.0578 0804 [ 61C85AFEAA6EF0C1B32D43F84F7BFBCF ] ossrv C:\WINNT\system32\drivers\ctoss2k.sys
23:40:20.0578 0804 ossrv - ok
23:40:20.0625 0804 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINNT\system32\DRIVERS\parport.sys
23:40:20.0625 0804 Parport - ok
23:40:20.0640 0804 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINNT\system32\drivers\PartMgr.sys
23:40:20.0640 0804 PartMgr - ok
23:40:20.0671 0804 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINNT\system32\drivers\ParVdm.sys
23:40:20.0671 0804 ParVdm - ok
23:40:20.0687 0804 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINNT\system32\DRIVERS\pci.sys
23:40:20.0687 0804 PCI - ok
23:40:20.0687 0804 PCIDump - ok
23:40:20.0718 0804 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINNT\system32\DRIVERS\pciide.sys
23:40:20.0718 0804 PCIIde - ok
23:40:20.0750 0804 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINNT\system32\drivers\Pcmcia.sys
23:40:20.0750 0804 Pcmcia - ok
23:40:20.0750 0804 PDCOMP - ok
23:40:20.0765 0804 PDFRAME - ok
23:40:20.0765 0804 PDRELI - ok
23:40:20.0781 0804 PDRFRAME - ok
23:40:20.0781 0804 perc2 - ok
23:40:20.0796 0804 perc2hib - ok
23:40:20.0843 0804 [ 6DABB70783EF470492ADB7B9A6E60BF3 ] PfDetNT C:\WINNT\system32\drivers\PfModNT.sys
23:40:20.0843 0804 PfDetNT - ok
23:40:20.0859 0804 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINNT\system32\services.exe
23:40:20.0859 0804 PlugPlay - ok
23:40:20.0875 0804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINNT\system32\lsass.exe
23:40:20.0875 0804 PolicyAgent - ok
23:40:20.0890 0804 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINNT\system32\DRIVERS\raspptp.sys
23:40:20.0890 0804 PptpMiniport - ok
23:40:20.0906 0804 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINNT\system32\DRIVERS\processr.sys
23:40:20.0906 0804 Processor - ok
23:40:20.0906 0804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINNT\system32\lsass.exe
23:40:20.0906 0804 ProtectedStorage - ok
23:40:20.0921 0804 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINNT\system32\DRIVERS\psched.sys
23:40:20.0921 0804 PSched - ok
23:40:20.0921 0804 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINNT\system32\DRIVERS\ptilink.sys
23:40:20.0937 0804 Ptilink - ok
23:40:20.0953 0804 [ C6DD0AC8E371E49AA615CDFF7601D869 ] pwd_2k C:\WINNT\system32\drivers\pwd_2k.sys
23:40:20.0968 0804 pwd_2k - ok
23:40:20.0984 0804 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINNT\system32\Drivers\PxHelp20.sys
23:40:20.0984 0804 PxHelp20 - ok
23:40:20.0984 0804 ql1080 - ok
23:40:21.0000 0804 Ql10wnt - ok
23:40:21.0000 0804 ql12160 - ok
23:40:21.0015 0804 ql1240 - ok
23:40:21.0015 0804 ql1280 - ok
23:40:21.0046 0804 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINNT\system32\DRIVERS\rasacd.sys
23:40:21.0046 0804 RasAcd - ok
23:40:21.0078 0804 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINNT\System32\rasauto.dll
23:40:21.0078 0804 RasAuto - ok
23:40:21.0093 0804 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINNT\system32\DRIVERS\rasl2tp.sys
23:40:21.0093 0804 Rasl2tp - ok
23:40:21.0156 0804 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINNT\System32\rasmans.dll
23:40:21.0156 0804 RasMan - ok
23:40:21.0156 0804 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINNT\system32\DRIVERS\raspppoe.sys
23:40:21.0171 0804 RasPppoe - ok
23:40:21.0171 0804 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINNT\system32\DRIVERS\raspti.sys
23:40:21.0171 0804 Raspti - ok
23:40:21.0187 0804 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINNT\system32\DRIVERS\rdbss.sys
23:40:21.0203 0804 Rdbss - ok
23:40:21.0203 0804 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINNT\system32\DRIVERS\RDPCDD.sys
23:40:21.0203 0804 RDPCDD - ok
23:40:21.0250 0804 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINNT\system32\drivers\RDPWD.sys
23:40:21.0250 0804 RDPWD - ok
23:40:21.0281 0804 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINNT\system32\sessmgr.exe
23:40:21.0281 0804 RDSessMgr - ok
23:40:21.0296 0804 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINNT\system32\DRIVERS\redbook.sys
23:40:21.0312 0804 redbook - ok
23:40:21.0343 0804 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINNT\System32\mprdim.dll
23:40:21.0343 0804 RemoteAccess - ok
23:40:21.0343 0804 RFWSXP - ok
23:40:21.0375 0804 [ E51A8D02B4BD33EBA1F7A5B76C3766ED ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
23:40:21.0375 0804 rpcapd - ok
23:40:21.0406 0804 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINNT\System32\locator.exe
23:40:21.0406 0804 RpcLocator - ok
23:40:21.0437 0804 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINNT\System32\rpcss.dll
23:40:21.0453 0804 RpcSs - ok
23:40:21.0484 0804 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINNT\System32\rsvp.exe
23:40:21.0500 0804 RSVP - ok
23:40:21.0515 0804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINNT\system32\lsass.exe
23:40:21.0515 0804 SamSs - ok
23:40:21.0593 0804 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:40:21.0593 0804 SASDIFSV - ok
23:40:21.0609 0804 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:40:21.0609 0804 SASKUTIL - ok
23:40:21.0640 0804 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINNT\System32\SCardSvr.exe
23:40:21.0640 0804 SCardSvr - ok
23:40:21.0687 0804 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINNT\system32\schedsvc.dll
23:40:21.0687 0804 Schedule - ok
23:40:21.0765 0804 [ 3505926FB3651D134CF413A3296B4FEB ] Seagate Sync Service C:\Program Files\Seagate\Sync\SeaSyncServices.exe
23:40:21.0765 0804 Seagate Sync Service - ok
23:40:21.0843 0804 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:40:21.0843 0804 SeaPort - ok
23:40:21.0890 0804 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINNT\system32\DRIVERS\secdrv.sys
23:40:21.0890 0804 Secdrv - ok
23:40:21.0921 0804 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINNT\System32\seclogon.dll
23:40:21.0921 0804 seclogon - ok
23:40:21.0953 0804 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINNT\system32\sens.dll
23:40:21.0953 0804 SENS - ok
23:40:21.0984 0804 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINNT\system32\DRIVERS\serenum.sys
23:40:21.0984 0804 serenum - ok
23:40:22.0000 0804 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINNT\system32\DRIVERS\serial.sys
23:40:22.0000 0804 Serial - ok
23:40:22.0046 0804 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINNT\system32\drivers\Sfloppy.sys
23:40:22.0046 0804 Sfloppy - ok
23:40:22.0093 0804 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINNT\System32\ipnathlp.dll
23:40:22.0109 0804 SharedAccess - ok
23:40:22.0140 0804 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINNT\System32\shsvcs.dll
23:40:22.0140 0804 ShellHWDetection - ok
23:40:22.0156 0804 Simbad - ok
23:40:22.0156 0804 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINNT\system32\DRIVERS\SLIP.sys
23:40:22.0156 0804 SLIP - ok
23:40:22.0171 0804 Sparrow - ok
23:40:22.0187 0804 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINNT\system32\drivers\splitter.sys
23:40:22.0187 0804 splitter - ok
23:40:22.0203 0804 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINNT\system32\spoolsv.exe
23:40:22.0203 0804 Spooler - ok
23:40:22.0218 0804 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINNT\system32\DRIVERS\sr.sys
23:40:22.0218 0804 sr - ok
23:40:22.0250 0804 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINNT\system32\srsvc.dll
23:40:22.0250 0804 srservice - ok
23:40:22.0265 0804 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINNT\system32\DRIVERS\srv.sys
23:40:22.0296 0804 Srv - ok
23:40:22.0312 0804 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINNT\System32\ssdpsrv.dll
23:40:22.0328 0804 SSDPSRV - ok
23:40:22.0375 0804 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINNT\system32\wiaservc.dll
23:40:22.0375 0804 stisvc - ok
23:40:22.0406 0804 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINNT\system32\DRIVERS\StreamIP.sys
23:40:22.0406 0804 streamip - ok
23:40:22.0437 0804 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINNT\system32\DRIVERS\swenum.sys
23:40:22.0437 0804 swenum - ok
23:40:22.0437 0804 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINNT\system32\drivers\swmidi.sys
23:40:22.0437 0804 swmidi - ok
23:40:22.0453 0804 SwPrv - ok
23:40:22.0453 0804 symc810 - ok
23:40:22.0468 0804 symc8xx - ok
23:40:22.0468 0804 sym_hi - ok
23:40:22.0484 0804 sym_u3 - ok
23:40:22.0500 0804 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINNT\system32\drivers\sysaudio.sys
23:40:22.0500 0804 sysaudio - ok
23:40:22.0531 0804 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINNT\system32\smlogsvc.exe
23:40:22.0531 0804 SysmonLog - ok
23:40:22.0562 0804 [ A657C455314D2F44C45C356D25A7592D ] T1PExGrp C:\WINNT\system32\DRIVERS\T1PExGrp.sys
23:40:22.0562 0804 T1PExGrp - ok
23:40:22.0593 0804 [ 92285799050065970CCC2FB5093E7AB9 ] T1PMrGrp C:\WINNT\system32\drivers\T1PMrGrp.sys
23:40:22.0593 0804 T1PMrGrp - ok
23:40:22.0625 0804 [ 17E147D9974F0A7A2B5DD75C201EC4C1 ] t1pusb C:\WINNT\system32\drivers\t1pusb.sys
23:40:22.0625 0804 t1pusb - ok
23:40:22.0671 0804 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINNT\System32\tapisrv.dll
23:40:22.0687 0804 TapiSrv - ok
23:40:22.0734 0804 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINNT\system32\DRIVERS\tcpip.sys
23:40:22.0734 0804 Tcpip - ok
23:40:22.0750 0804 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINNT\system32\drivers\TDPIPE.sys
23:40:22.0765 0804 TDPIPE - ok
23:40:22.0765 0804 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINNT\system32\drivers\TDTCP.sys
23:40:22.0781 0804 TDTCP - ok
23:40:22.0875 0804 [ EFD6843C137991CD253CA959E300E886 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
23:40:22.0937 0804 TeamViewer6 - ok
23:40:22.0968 0804 [ 88155247177638048422893737429D9E ] TermDD C:\WINNT\system32\DRIVERS\termdd.sys
23:40:22.0968 0804 TermDD - ok
23:40:22.0984 0804 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINNT\System32\termsrv.dll
23:40:22.0984 0804 TermService - ok
23:40:23.0015 0804 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINNT\System32\shsvcs.dll
23:40:23.0015 0804 Themes - ok
23:40:23.0015 0804 TosIde - ok
23:40:23.0046 0804 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINNT\system32\trkwks.dll
23:40:23.0046 0804 TrkWks - ok
23:40:23.0078 0804 [ 61BBDD8BB7786EBAB2A57F1A1B3464A0 ] U2VSvr C:\WINNT\system32\U2VSvr.exe
23:40:23.0078 0804 U2VSvr - ok
23:40:23.0109 0804 [ 679D19FB2D9683FB906DA15E02A91139 ] UDFReadr C:\WINNT\system32\drivers\UDFReadr.sys
23:40:23.0125 0804 UDFReadr - ok
23:40:23.0156 0804 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINNT\system32\drivers\Udfs.sys
23:40:23.0156 0804 Udfs - ok
23:40:23.0156 0804 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINNT\system32\DRIVERS\ultra.sys
23:40:23.0156 0804 ultra - ok
23:40:23.0187 0804 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINNT\system32\DRIVERS\update.sys
23:40:23.0218 0804 Update - ok
23:40:23.0250 0804 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINNT\System32\upnphost.dll
23:40:23.0250 0804 upnphost - ok
23:40:23.0281 0804 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINNT\System32\ups.exe
23:40:23.0281 0804 UPS - ok
23:40:23.0312 0804 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINNT\system32\Drivers\usbaapl.sys
23:40:23.0328 0804 USBAAPL - ok
23:40:23.0359 0804 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINNT\system32\drivers\usbaudio.sys
23:40:23.0359 0804 usbaudio - ok
23:40:23.0390 0804 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINNT\system32\DRIVERS\usbccgp.sys
23:40:23.0390 0804 usbccgp - ok
23:40:23.0437 0804 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINNT\system32\DRIVERS\usbehci.sys
23:40:23.0437 0804 usbehci - ok
23:40:23.0453 0804 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINNT\system32\DRIVERS\usbhub.sys
23:40:23.0468 0804 usbhub - ok
23:40:23.0484 0804 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINNT\system32\DRIVERS\usbprint.sys
23:40:23.0484 0804 usbprint - ok
23:40:23.0500 0804 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINNT\system32\DRIVERS\usbscan.sys
23:40:23.0500 0804 usbscan - ok
23:40:23.0531 0804 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINNT\system32\DRIVERS\USBSTOR.SYS
23:40:23.0531 0804 USBSTOR - ok
23:40:23.0546 0804 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINNT\system32\DRIVERS\usbuhci.sys
23:40:23.0546 0804 usbuhci - ok
23:40:23.0562 0804 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINNT\system32\Drivers\usbvideo.sys
23:40:23.0562 0804 usbvideo - ok
23:40:23.0593 0804 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINNT\System32\drivers\vga.sys
23:40:23.0593 0804 VgaSave - ok
23:40:23.0593 0804 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINNT\system32\DRIVERS\viaide.sys
23:40:23.0609 0804 ViaIde - ok
23:40:23.0609 0804 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINNT\system32\drivers\VolSnap.sys
23:40:23.0609 0804 VolSnap - ok
23:40:23.0640 0804 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINNT\System32\vssvc.exe
23:40:23.0640 0804 VSS - ok
23:40:23.0671 0804 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINNT\system32\w32time.dll
23:40:23.0671 0804 W32Time - ok
23:40:23.0687 0804 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINNT\system32\DRIVERS\wanarp.sys
23:40:23.0687 0804 Wanarp - ok
23:40:23.0687 0804 wanatw - ok
23:40:23.0734 0804 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINNT\system32\DRIVERS\wdcsam.sys
23:40:23.0734 0804 WDC_SAM - ok
23:40:23.0781 0804 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINNT\system32\Drivers\wdf01000.sys
23:40:23.0812 0804 Wdf01000 - ok
23:40:23.0812 0804 WDICA - ok
23:40:23.0843 0804 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINNT\system32\drivers\wdmaud.sys
23:40:23.0843 0804 wdmaud - ok
23:40:23.0859 0804 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINNT\System32\webclnt.dll
23:40:23.0859 0804 WebClient - ok
23:40:23.0953 0804 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINNT\system32\wbem\WMIsvc.dll
23:40:23.0953 0804 winmgmt - ok
23:40:23.0968 0804 WMDM PMSP Service - ok
23:40:24.0000 0804 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINNT\system32\MsPMSNSv.dll
23:40:24.0000 0804 WmdmPmSN - ok
23:40:24.0031 0804 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINNT\System32\wbem\wmiapsrv.exe
23:40:24.0031 0804 WmiApSrv - ok
23:40:24.0125 0804 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
23:40:24.0140 0804 WMPNetworkSvc - ok
23:40:24.0171 0804 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINNT\system32\Drivers\wpdusb.sys
23:40:24.0171 0804 WpdUsb - ok
23:40:24.0296 0804 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINNT\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:40:24.0328 0804 WPFFontCache_v0400 - ok
23:40:24.0343 0804 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINNT\System32\drivers\ws2ifsl.sys
23:40:24.0343 0804 WS2IFSL - ok
23:40:24.0375 0804 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINNT\system32\wscsvc.dll
23:40:24.0375 0804 wscsvc - ok
23:40:24.0406 0804 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINNT\system32\DRIVERS\WSTCODEC.SYS
23:40:24.0406 0804 WSTCODEC - ok
23:40:24.0437 0804 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINNT\system32\wuauserv.dll
23:40:24.0437 0804 wuauserv - ok
23:40:24.0484 0804 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINNT\system32\DRIVERS\WudfPf.sys
23:40:24.0484 0804 WudfPf - ok
23:40:24.0515 0804 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINNT\system32\DRIVERS\wudfrd.sys
23:40:24.0515 0804 WudfRd - ok
23:40:24.0531 0804 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINNT\System32\WUDFSvc.dll
23:40:24.0546 0804 WudfSvc - ok
23:40:24.0593 0804 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINNT\System32\wzcsvc.dll
23:40:24.0640 0804 WZCSVC - ok
23:40:24.0671 0804 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINNT\System32\xmlprov.dll
23:40:24.0671 0804 xmlprov - ok
23:40:24.0687 0804 ================ Scan global ===============================
23:40:24.0718 0804 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINNT\system32\basesrv.dll
23:40:24.0765 0804 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll
23:40:24.0796 0804 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll
23:40:24.0812 0804 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINNT\system32\services.exe
23:40:24.0812 0804 [Global] - ok
23:40:24.0812 0804 ================ Scan MBR ==================================
23:40:24.0812 0804 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk0\DR0
23:40:24.0984 0804 \Device\Harddisk0\DR0 - ok
23:40:25.0015 0804 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:40:25.0187 0804 \Device\Harddisk1\DR1 - ok
23:40:25.0203 0804 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR4
23:40:25.0250 0804 \Device\Harddisk2\DR4 - ok
23:40:25.0250 0804 ================ Scan VBR ==================================
23:40:25.0265 0804 [ 9BA7683C18921E704B6BE1E3A600B37D ] \Device\Harddisk0\DR0\Partition1
23:40:25.0265 0804 \Device\Harddisk0\DR0\Partition1 - ok
23:40:25.0265 0804 [ 763C4523C4FE79117E3DE032A32DBBD8 ] \Device\Harddisk1\DR1\Partition1
23:40:25.0265 0804 \Device\Harddisk1\DR1\Partition1 - ok
23:40:25.0281 0804 [ FEFBD2001E1595B5FC136615926ED098 ] \Device\Harddisk2\DR4\Partition1
23:40:25.0281 0804 \Device\Harddisk2\DR4\Partition1 - ok
23:40:25.0281 0804 ============================================================
23:40:25.0281 0804 Scan finished
23:40:25.0281 0804 ============================================================
23:40:25.0281 1712 Detected object count: 0
23:40:25.0281 1712 Actual detected object count: 0
23:44:09.0140 0144 Deinitialize success

Attached File  MBR.zip   499bytes   1 downloads

#11 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 15 October 2012 - 03:30 AM

You must run ComboFix from desktop and not from USB drive. Delete the copy you have now and download a fresh one here then save it to desktop.


Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

DirLook::
c:\winnt\system32\drivers\49AE~1

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"=-
"1701:UDP"=-
"500:UDP"=-

Driver::
BDLLWQSJAK
DAWVZCOZG
GNIWKC
RFWSXP

File::
c:\docume~1\C539393\LOCALS~1\Temp\BDLLWQSJAK.exe
c:\docume~1\C539393\LOCALS~1\Temp\DAWVZCOZG.exe
c:\docume~1\C539393\LOCALS~1\Temp\GNIWKC.exe
c:\docume~1\C539393\LOCALS~1\Temp\RFWSXP.exe


In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#12 mavericktwo

mavericktwo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 15 October 2012 - 01:11 PM

ComboFix 12-10-14.03 - C539393 10/15/2012 12:21:12.4.2 - x86 DSREPAIR
Running from: c:\documents and settings\C539393\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-09 04:34 . 2012-10-09 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-10-09 04:34 . 2012-10-09 04:34 -------- d-----w- c:\program files\Security Task Manager
2012-10-09 02:05 . 2012-10-09 02:05 -------- d-----w- c:\program files\Tweaking.com
2012-10-07 04:36 . 2012-10-07 04:36 -------- dc----w- C:\rei
2012-10-07 04:36 . 2012-10-07 04:36 -------- d-----w- c:\program files\Reimage
2012-10-07 04:26 . 2012-10-07 04:26 -------- d-----w- c:\documents and settings\C539393\Application Data\SpeedyPC Software
2012-10-07 04:26 . 2012-10-10 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-10-07 04:26 . 2012-10-07 04:26 -------- d-----w- c:\program files\SpeedyPC Software
2012-10-06 23:35 . 2012-10-06 23:35 -------- d-s---w- c:\documents and settings\LocalService
2012-10-06 23:35 . 2012-10-09 04:25 -------- d-s---w- c:\documents and settings\NetworkService
2012-10-06 19:38 . 2006-06-19 18:01 69632 ----a-w- c:\winnt\system32\ztvcabinet.dll
2012-10-06 19:38 . 2006-05-25 20:52 162304 ----a-w- c:\winnt\system32\ztvunrar36.dll
2012-10-06 19:38 . 2005-08-26 06:50 77312 ----a-w- c:\winnt\system32\ztvunace26.dll
2012-10-06 19:38 . 2002-03-06 06:00 75264 ----a-w- c:\winnt\system32\unacev2.dll
2012-10-06 19:38 . 2003-02-03 01:06 153088 ----a-w- c:\winnt\system32\UNRAR3.dll
2012-10-06 19:38 . 2012-10-06 19:38 -------- d-----w- c:\program files\Trojan Remover
2012-10-06 19:38 . 2012-10-06 19:38 -------- d-----w- c:\documents and settings\C539393\Application Data\Simply Super Software
2012-10-06 19:38 . 2012-10-06 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2012-10-05 03:48 . 2012-10-07 13:27 40776 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2012-10-04 23:23 . 2012-10-04 23:23 -------- d-----w- c:\program files\Uniblue
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\documents and settings\C539393\Application Data\DriverCure
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\documents and settings\C539393\Application Data\PC Utility Kit
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\program files\PC Utility Kit
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\program files\Common Files\PC Utility Kit
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Utility Kit
2012-10-04 02:50 . 2012-10-04 02:50 -------- d-----w- c:\program files\Citrix
2012-10-01 00:37 . 2012-10-01 00:37 -------- d-----w- c:\program files\New Folder
2012-10-01 00:36 . 2012-10-14 17:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-30 23:57 . 2012-09-30 23:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer
2012-09-30 20:49 . 2012-09-30 20:49 -------- d-----w- c:\documents and settings\C539393\Local Settings\Application Data\Sun
2012-09-30 06:19 . 2012-09-30 06:18 821736 ----a-w- c:\winnt\system32\npDeployJava1.dll
2012-09-30 05:51 . 2012-02-22 18:29 9608 ----a-w- c:\winnt\system32\drivers\mfeclnk.sys
2012-09-30 05:51 . 2012-02-22 18:29 87656 ----a-w- c:\winnt\system32\drivers\mferkdet.sys
2012-09-30 05:51 . 2012-02-22 18:29 83856 ----a-w- c:\winnt\system32\drivers\mfendisk.sys
2012-09-30 05:51 . 2012-02-22 18:29 59456 ----a-w- c:\winnt\system32\drivers\mfebopk.sys
2012-09-30 05:51 . 2012-02-22 18:29 57600 ----a-w- c:\winnt\system32\drivers\cfwids.sys
2012-09-30 05:51 . 2012-02-22 18:29 340920 ----a-w- c:\winnt\system32\drivers\mfefirek.sys
2012-09-30 05:51 . 2012-02-22 18:29 180848 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
2012-09-30 05:51 . 2012-09-30 05:52 -------- d-----w- c:\program files\Common Files\Mcafee
2012-09-30 05:51 . 2012-09-30 06:04 -------- d-----w- c:\program files\McAfee
2012-09-30 05:40 . 2012-07-17 20:09 166320 ----a-w- c:\winnt\system32\mfevtps.exe
2012-09-30 05:40 . 2012-09-30 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-09-30 04:54 . 2012-10-12 03:13 -------- d-----w- c:\documents and settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet
2012-09-29 20:45 . 2008-04-14 00:12 116224 ----a-w- c:\winnt\system32\dllcache\xrxwiadr.dll
2012-09-29 20:45 . 2001-08-18 03:36 23040 ----a-w- c:\winnt\system32\dllcache\xrxwbtmp.dll
2012-09-29 20:45 . 2008-04-14 00:12 18944 ----a-w- c:\winnt\system32\dllcache\xrxscnui.dll
2012-09-29 20:45 . 2001-08-18 03:37 4608 ----a-w- c:\winnt\system32\dllcache\xrxflnch.exe
2012-09-29 20:45 . 2001-08-18 03:37 27648 ----a-w- c:\winnt\system32\dllcache\xrxftplt.exe
2012-09-29 20:45 . 2001-08-18 03:37 99865 ----a-w- c:\winnt\system32\dllcache\xlog.exe
2012-09-29 20:45 . 2001-08-17 17:11 16970 ----a-w- c:\winnt\system32\dllcache\xem336n5.sys
2012-09-29 20:45 . 2004-08-04 05:29 19455 ----a-w- c:\winnt\system32\dllcache\wvchntxx.sys
2012-09-29 20:43 . 2008-04-13 18:45 26112 ----a-w- c:\winnt\system32\dllcache\usbser.sys
2012-09-29 20:42 . 2001-08-17 17:51 58368 ----a-w- c:\winnt\system32\dllcache\smiminib.sys
2012-09-29 20:41 . 2001-08-17 18:51 19584 ----a-w- c:\winnt\system32\dllcache\rasirda.sys
2012-09-29 20:40 . 2001-08-17 17:20 87040 ----a-w- c:\winnt\system32\dllcache\nm6wdm.sys
2012-09-29 20:39 . 2008-04-13 18:41 26112 ----a-w- c:\winnt\system32\dllcache\memstpci.sys
2012-09-29 20:38 . 2003-03-31 12:00 44032 ----a-w- c:\winnt\system32\dllcache\imekrmig.exe
2012-09-29 20:37 . 2001-08-17 18:52 7040 ----a-w- c:\winnt\system32\dllcache\exabyte2.sys
2012-09-29 20:36 . 2001-08-18 03:36 4096 ----a-w- c:\winnt\system32\dllcache\ctwdm32.dll
2012-09-29 20:35 . 2001-08-17 18:28 871388 ----a-w- c:\winnt\system32\dllcache\bcmdm.sys
2012-09-29 20:34 . 2001-08-17 19:56 66048 ----a-w- c:\winnt\system32\dllcache\s3legacy.dll
2012-09-29 13:37 . 2012-09-29 13:37 -------- d-----w- c:\documents and settings\C539393\Application Data\SUPERAntiSpyware.com
2012-09-29 13:36 . 2012-09-29 13:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-29 12:02 . 2012-09-29 12:02 -------- d-----w- c:\winnt\system32\wbem\Repository
2012-09-17 03:27 . 2012-09-29 12:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2012-09-15 23:00 . 2012-09-29 12:02 -------- d-----w- c:\program files\McAfee Online Backup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 05:20 . 2012-10-09 05:20 15600 ----a-w- c:\winnt\system32\drivers\49AE~1
2012-09-30 06:19 . 2004-02-17 16:59 93672 ----a-w- c:\winnt\system32\WindowsAccessBridge.dll
2012-09-30 06:19 . 2009-08-05 01:06 143872 ----a-w- c:\winnt\system32\javacpl.cpl
2012-09-30 04:49 . 2012-04-21 01:21 696240 ----a-w- c:\winnt\system32\FlashPlayerApp.exe
2012-09-30 04:49 . 2011-06-09 02:47 73136 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2012-07-17 20:09 . 2012-07-17 20:09 91168 ----a-w- c:\winnt\system32\drivers\mfetdi2k.sys
2012-07-17 20:07 . 2012-07-17 20:07 554048 ----a-w- c:\winnt\system32\drivers\mfehidk.sys
2012-07-17 20:04 . 2012-07-17 20:04 127992 ----a-w- c:\winnt\system32\drivers\mfeapfk.sys
2003-08-27 20:19 . 2004-02-17 16:57 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-09-06 01:27 . 2012-10-02 04:05 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2003-11-17 3022848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"09DAF04D-7E90-40FE-98A2-103A986BCA72"="start" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-10-04 02:51 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33716833.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\winnt\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 07:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\winnt\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 17:32 19456 ----a-w- c:\winnt\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 16:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
2004-02-08 22:30 73728 ----a-w- c:\program files\Gateway\GWCares\gwcares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 21:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2012-03-22 02:16 1318816 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 16:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-07 12:32 50688 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 18:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12 169984 ----a-w- c:\winnt\PCHealth\HelpCtr\Binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-r- c:\winnt\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-11-17 16:33 3022848 ----a-w- c:\winnt\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
2003-04-29 15:40 524288 ----a-w- c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2012-07-08 19:39 68000 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2004-11-17 15:21 1691648 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2009-09-01 14:21 79872 ----a-w- c:\documents and settings\C539393\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-04 00:06 45056 ----a-w- c:\program files\Creative\SB Drive Det\SBDrvDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
2007-01-18 18:20 190008 ----a-w- c:\program files\Seagate\SystemTray\StxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-01 23:32 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\winnt\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Util]
2009-08-26 23:25 189816 ----a-w- c:\winnt\system32\Util.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BDLLWQSJAK"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SM1BG"=c:\winnt\SM1BG.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 Cdr4vsd;Cdr4vsd; [x]
R1 MOBKFilter;MOBKFilter;c:\winnt\system32\DRIVERS\MOBK.sys [x]
R2 LMIRescue_67d6deaa-f9b9-4899-8257-8a760547511d;LogMeIn Rescue (67d6deaa-f9b9-4899-8257-8a760547511d);c:\documents and settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_InstantChat_srv.exe [x]
R2 LMIRescue_9f7b1284-de02-4884-812c-c5dc60a95457;LogMeIn Rescue (9f7b1284-de02-4884-812c-c5dc60a95457);c:\documents and settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_InstantChat_srv.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\winnt\system32\mfevtps.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\winnt\system32\DRIVERS\motfilt.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\winnt\system32\drivers\cfwids.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\winnt\system32\drivers\mbamswissarmy.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\winnt\system32\drivers\mfefirek.sys [x]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\winnt\system32\DRIVERS\mfendisk.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\winnt\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\winnt\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\winnt\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\winnt\system32\DRIVERS\motusbdevice.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 mv2;mv2;c:\winnt\system32\DRIVERS\mv2.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\winnt\system32\DRIVERS\wdcsam.sys [x]
R4 BDLLWQSJAK;BDLLWQSJAK;c:\docume~1\C539393\LOCALS~1\Temp\BDLLWQSJAK.exe [x]
R4 DAWVZCOZG;DAWVZCOZG;c:\docume~1\C539393\LOCALS~1\Temp\DAWVZCOZG.exe [x]
R4 GNIWKC;GNIWKC;c:\docume~1\C539393\LOCALS~1\Temp\GNIWKC.exe [x]
R4 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [x]
R4 RFWSXP;RFWSXP;c:\docume~1\C539393\LOCALS~1\Temp\RFWSXP.exe [x]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
R4 U2VSvr;U2VSvr;c:\winnt\system32\U2VSvr.exe [x]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\winnt\system32\drivers\mfetdi2k.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 PfDetNT;PfDetNT;c:\winnt\system32\drivers\PfModNT.sys [x]
S2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\winnt\system32\Drivers\nx6000.sys [x]
S3 T1PExGrp;T1PExGrp;c:\winnt\system32\DRIVERS\T1PExGrp.sys [x]
S3 T1PMrGrp;T1PMrGrp;c:\winnt\system32\drivers\T1PMrGrp.sys [x]
S3 t1pusb;Trigger 1+ Graphics Card;c:\winnt\system32\drivers\t1pusb.sys [x]
.
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: download.com
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\C539393\Application Data\Mozilla\Firefox\Profiles\1bcg20gq.default\
FF - ExtSQL: 2012-10-01 23:12; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files\Common Files\McAfee\SystemCore
FF - ExtSQL: !HIDDEN! 2009-09-02 07:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-15 12:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winnt\system32\WININET.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(736)
c:\winnt\system32\WININET.dll
.
Completion time: 2012-10-15 12:31:13
ComboFix-quarantined-files.txt 2012-10-15 17:31
ComboFix2.txt 2012-10-15 04:38
ComboFix3.txt 2012-10-08 03:16
ComboFix4.txt 2012-10-06 22:14
.
Pre-Run: 105,059,033,088 bytes free
Post-Run: 105,053,245,440 bytes free
.
- - End Of File - - 81E06B1FF724F58AF109FE082F061B91

#13 mavericktwo

mavericktwo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 15 October 2012 - 02:48 PM

ComboFix 12-10-14.03 - C539393 10/15/2012 12:21:12.4.2 - x86 DSREPAIR
Running from: c:\documents and settings\C539393\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-09 04:34 . 2012-10-09 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-10-09 04:34 . 2012-10-09 04:34 -------- d-----w- c:\program files\Security Task Manager
2012-10-09 02:05 . 2012-10-09 02:05 -------- d-----w- c:\program files\Tweaking.com
2012-10-07 04:36 . 2012-10-07 04:36 -------- dc----w- C:\rei
2012-10-07 04:36 . 2012-10-07 04:36 -------- d-----w- c:\program files\Reimage
2012-10-07 04:26 . 2012-10-07 04:26 -------- d-----w- c:\documents and settings\C539393\Application Data\SpeedyPC Software
2012-10-07 04:26 . 2012-10-10 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-10-07 04:26 . 2012-10-07 04:26 -------- d-----w- c:\program files\SpeedyPC Software
2012-10-06 23:35 . 2012-10-06 23:35 -------- d-s---w- c:\documents and settings\LocalService
2012-10-06 23:35 . 2012-10-09 04:25 -------- d-s---w- c:\documents and settings\NetworkService
2012-10-06 19:38 . 2006-06-19 18:01 69632 ----a-w- c:\winnt\system32\ztvcabinet.dll
2012-10-06 19:38 . 2006-05-25 20:52 162304 ----a-w- c:\winnt\system32\ztvunrar36.dll
2012-10-06 19:38 . 2005-08-26 06:50 77312 ----a-w- c:\winnt\system32\ztvunace26.dll
2012-10-06 19:38 . 2002-03-06 06:00 75264 ----a-w- c:\winnt\system32\unacev2.dll
2012-10-06 19:38 . 2003-02-03 01:06 153088 ----a-w- c:\winnt\system32\UNRAR3.dll
2012-10-06 19:38 . 2012-10-06 19:38 -------- d-----w- c:\program files\Trojan Remover
2012-10-06 19:38 . 2012-10-06 19:38 -------- d-----w- c:\documents and settings\C539393\Application Data\Simply Super Software
2012-10-06 19:38 . 2012-10-06 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2012-10-05 03:48 . 2012-10-07 13:27 40776 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2012-10-04 23:23 . 2012-10-04 23:23 -------- d-----w- c:\program files\Uniblue
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\documents and settings\C539393\Application Data\DriverCure
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\documents and settings\C539393\Application Data\PC Utility Kit
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\program files\PC Utility Kit
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\program files\Common Files\PC Utility Kit
2012-10-04 03:00 . 2012-10-04 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Utility Kit
2012-10-04 02:50 . 2012-10-04 02:50 -------- d-----w- c:\program files\Citrix
2012-10-01 00:37 . 2012-10-01 00:37 -------- d-----w- c:\program files\New Folder
2012-10-01 00:36 . 2012-10-14 17:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-30 23:57 . 2012-09-30 23:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer
2012-09-30 20:49 . 2012-09-30 20:49 -------- d-----w- c:\documents and settings\C539393\Local Settings\Application Data\Sun
2012-09-30 06:19 . 2012-09-30 06:18 821736 ----a-w- c:\winnt\system32\npDeployJava1.dll
2012-09-30 05:51 . 2012-02-22 18:29 9608 ----a-w- c:\winnt\system32\drivers\mfeclnk.sys
2012-09-30 05:51 . 2012-02-22 18:29 87656 ----a-w- c:\winnt\system32\drivers\mferkdet.sys
2012-09-30 05:51 . 2012-02-22 18:29 83856 ----a-w- c:\winnt\system32\drivers\mfendisk.sys
2012-09-30 05:51 . 2012-02-22 18:29 59456 ----a-w- c:\winnt\system32\drivers\mfebopk.sys
2012-09-30 05:51 . 2012-02-22 18:29 57600 ----a-w- c:\winnt\system32\drivers\cfwids.sys
2012-09-30 05:51 . 2012-02-22 18:29 340920 ----a-w- c:\winnt\system32\drivers\mfefirek.sys
2012-09-30 05:51 . 2012-02-22 18:29 180848 ----a-w- c:\winnt\system32\drivers\mfeavfk.sys
2012-09-30 05:51 . 2012-09-30 05:52 -------- d-----w- c:\program files\Common Files\Mcafee
2012-09-30 05:51 . 2012-09-30 06:04 -------- d-----w- c:\program files\McAfee
2012-09-30 05:40 . 2012-07-17 20:09 166320 ----a-w- c:\winnt\system32\mfevtps.exe
2012-09-30 05:40 . 2012-09-30 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-09-30 04:54 . 2012-10-12 03:13 -------- d-----w- c:\documents and settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet
2012-09-29 20:45 . 2008-04-14 00:12 116224 ----a-w- c:\winnt\system32\dllcache\xrxwiadr.dll
2012-09-29 20:45 . 2001-08-18 03:36 23040 ----a-w- c:\winnt\system32\dllcache\xrxwbtmp.dll
2012-09-29 20:45 . 2008-04-14 00:12 18944 ----a-w- c:\winnt\system32\dllcache\xrxscnui.dll
2012-09-29 20:45 . 2001-08-18 03:37 4608 ----a-w- c:\winnt\system32\dllcache\xrxflnch.exe
2012-09-29 20:45 . 2001-08-18 03:37 27648 ----a-w- c:\winnt\system32\dllcache\xrxftplt.exe
2012-09-29 20:45 . 2001-08-18 03:37 99865 ----a-w- c:\winnt\system32\dllcache\xlog.exe
2012-09-29 20:45 . 2001-08-17 17:11 16970 ----a-w- c:\winnt\system32\dllcache\xem336n5.sys
2012-09-29 20:45 . 2004-08-04 05:29 19455 ----a-w- c:\winnt\system32\dllcache\wvchntxx.sys
2012-09-29 20:43 . 2008-04-13 18:45 26112 ----a-w- c:\winnt\system32\dllcache\usbser.sys
2012-09-29 20:42 . 2001-08-17 17:51 58368 ----a-w- c:\winnt\system32\dllcache\smiminib.sys
2012-09-29 20:41 . 2001-08-17 18:51 19584 ----a-w- c:\winnt\system32\dllcache\rasirda.sys
2012-09-29 20:40 . 2001-08-17 17:20 87040 ----a-w- c:\winnt\system32\dllcache\nm6wdm.sys
2012-09-29 20:39 . 2008-04-13 18:41 26112 ----a-w- c:\winnt\system32\dllcache\memstpci.sys
2012-09-29 20:38 . 2003-03-31 12:00 44032 ----a-w- c:\winnt\system32\dllcache\imekrmig.exe
2012-09-29 20:37 . 2001-08-17 18:52 7040 ----a-w- c:\winnt\system32\dllcache\exabyte2.sys
2012-09-29 20:36 . 2001-08-18 03:36 4096 ----a-w- c:\winnt\system32\dllcache\ctwdm32.dll
2012-09-29 20:35 . 2001-08-17 18:28 871388 ----a-w- c:\winnt\system32\dllcache\bcmdm.sys
2012-09-29 20:34 . 2001-08-17 19:56 66048 ----a-w- c:\winnt\system32\dllcache\s3legacy.dll
2012-09-29 13:37 . 2012-09-29 13:37 -------- d-----w- c:\documents and settings\C539393\Application Data\SUPERAntiSpyware.com
2012-09-29 13:36 . 2012-09-29 13:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-29 12:02 . 2012-09-29 12:02 -------- d-----w- c:\winnt\system32\wbem\Repository
2012-09-17 03:27 . 2012-09-29 12:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2012-09-15 23:00 . 2012-09-29 12:02 -------- d-----w- c:\program files\McAfee Online Backup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 05:20 . 2012-10-09 05:20 15600 ----a-w- c:\winnt\system32\drivers\49AE~1
2012-09-30 06:19 . 2004-02-17 16:59 93672 ----a-w- c:\winnt\system32\WindowsAccessBridge.dll
2012-09-30 06:19 . 2009-08-05 01:06 143872 ----a-w- c:\winnt\system32\javacpl.cpl
2012-09-30 04:49 . 2012-04-21 01:21 696240 ----a-w- c:\winnt\system32\FlashPlayerApp.exe
2012-09-30 04:49 . 2011-06-09 02:47 73136 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2012-07-17 20:09 . 2012-07-17 20:09 91168 ----a-w- c:\winnt\system32\drivers\mfetdi2k.sys
2012-07-17 20:07 . 2012-07-17 20:07 554048 ----a-w- c:\winnt\system32\drivers\mfehidk.sys
2012-07-17 20:04 . 2012-07-17 20:04 127992 ----a-w- c:\winnt\system32\drivers\mfeapfk.sys
2003-08-27 20:19 . 2004-02-17 16:57 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-09-06 01:27 . 2012-10-02 04:05 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2003-11-17 3022848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"09DAF04D-7E90-40FE-98A2-103A986BCA72"="start" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-10-04 02:51 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33716833.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\winnt\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 07:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\winnt\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 17:32 19456 ----a-w- c:\winnt\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 16:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
2004-02-08 22:30 73728 ----a-w- c:\program files\Gateway\GWCares\gwcares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 21:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2012-03-22 02:16 1318816 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 16:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-07 12:32 50688 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 18:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12 169984 ----a-w- c:\winnt\PCHealth\HelpCtr\Binaries\msconfig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-r- c:\winnt\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-11-17 16:33 3022848 ----a-w- c:\winnt\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
2003-04-29 15:40 524288 ----a-w- c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2012-07-08 19:39 68000 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2004-11-17 15:21 1691648 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2009-09-01 14:21 79872 ----a-w- c:\documents and settings\C539393\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
2002-12-04 00:06 45056 ----a-w- c:\program files\Creative\SB Drive Det\SBDrvDet.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
2007-01-18 18:20 190008 ----a-w- c:\program files\Seagate\SystemTray\StxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-05-01 23:32 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\winnt\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Util]
2009-08-26 23:25 189816 ----a-w- c:\winnt\system32\Util.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BDLLWQSJAK"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SM1BG"=c:\winnt\SM1BG.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 Cdr4vsd;Cdr4vsd; [x]
R1 MOBKFilter;MOBKFilter;c:\winnt\system32\DRIVERS\MOBK.sys [x]
R2 LMIRescue_67d6deaa-f9b9-4899-8257-8a760547511d;LogMeIn Rescue (67d6deaa-f9b9-4899-8257-8a760547511d);c:\documents and settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_InstantChat_srv.exe [x]
R2 LMIRescue_9f7b1284-de02-4884-812c-c5dc60a95457;LogMeIn Rescue (9f7b1284-de02-4884-812c-c5dc60a95457);c:\documents and settings\C539393\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_InstantChat_srv.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\winnt\system32\mfevtps.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\winnt\system32\DRIVERS\motfilt.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\winnt\system32\drivers\cfwids.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\winnt\system32\drivers\mbamswissarmy.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\winnt\system32\drivers\mfefirek.sys [x]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\winnt\system32\DRIVERS\mfendisk.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\winnt\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\winnt\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\winnt\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\winnt\system32\DRIVERS\motusbdevice.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 mv2;mv2;c:\winnt\system32\DRIVERS\mv2.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\winnt\system32\DRIVERS\wdcsam.sys [x]
R4 BDLLWQSJAK;BDLLWQSJAK;c:\docume~1\C539393\LOCALS~1\Temp\BDLLWQSJAK.exe [x]
R4 DAWVZCOZG;DAWVZCOZG;c:\docume~1\C539393\LOCALS~1\Temp\DAWVZCOZG.exe [x]
R4 GNIWKC;GNIWKC;c:\docume~1\C539393\LOCALS~1\Temp\GNIWKC.exe [x]
R4 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [x]
R4 RFWSXP;RFWSXP;c:\docume~1\C539393\LOCALS~1\Temp\RFWSXP.exe [x]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
R4 U2VSvr;U2VSvr;c:\winnt\system32\U2VSvr.exe [x]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\winnt\system32\drivers\mfetdi2k.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 PfDetNT;PfDetNT;c:\winnt\system32\drivers\PfModNT.sys [x]
S2 Seagate Sync Service;Seagate Sync Service;c:\program files\Seagate\Sync\SeaSyncServices.exe [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\winnt\system32\Drivers\nx6000.sys [x]
S3 T1PExGrp;T1PExGrp;c:\winnt\system32\DRIVERS\T1PExGrp.sys [x]
S3 T1PMrGrp;T1PMrGrp;c:\winnt\system32\drivers\T1PMrGrp.sys [x]
S3 t1pusb;Trigger 1+ Graphics Card;c:\winnt\system32\drivers\t1pusb.sys [x]
.
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
Trusted Zone: download.com
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\C539393\Application Data\Mozilla\Firefox\Profiles\1bcg20gq.default\
FF - ExtSQL: 2012-10-01 23:12; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files\Common Files\McAfee\SystemCore
FF - ExtSQL: !HIDDEN! 2009-09-02 07:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\winnt\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-15 12:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winnt\system32\WININET.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(736)
c:\winnt\system32\WININET.dll
.
Completion time: 2012-10-15 12:31:13
ComboFix-quarantined-files.txt 2012-10-15 17:31
ComboFix2.txt 2012-10-15 04:38
ComboFix3.txt 2012-10-08 03:16
ComboFix4.txt 2012-10-06 22:14
.
Pre-Run: 105,059,033,088 bytes free
Post-Run: 105,053,245,440 bytes free
.
- - End Of File - - 81E06B1FF724F58AF109FE082F061B91

#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 15 October 2012 - 10:06 PM

You can post your response or queries right here. There is no need to use the PM. :)

Was there any error when dragging the script to ComboFix?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 mavericktwo

mavericktwo
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 15 October 2012 - 10:17 PM

No errors, script looked tagged but could not move it, tried to move other icons and no go.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users