Author Topic: Rootkit.Win32.TDSS.d on Vista (Read 85479 times)

pancakejohn · « **Reply #60 on:** April 23, 2010, 07:37:07 PM »

IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [msvcrt.dll!_wstrdate] 00003C24
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [msvcrt.dll!wcscpy_s] 0774C085
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [ntdll.dll!RtlInitUnicodeString] 8B46EB80
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [ntdll.dll!RtlCreateServiceSid] 75FF530E
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [ntdll.dll!RtlNtStatusToDosError] [75E85708] C:\Windows\system32\NTDSAPI.dll (Active Directory Domain Services API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [ntdll.dll!RtlReportException] 8B000041
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [ntdll.dll!RtlFreeHeap] [75DB85D8] C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [ntdll.dll!RtlAllocateHeap] E8CF8B1D
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [ntdll.dll!RtlImageNtHeader] FFFFF939
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [ntdll.dll!RtlOemStringToUnicodeString] 8F8D168B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [ntdll.dll!RtlInitAnsiString] 000000A0
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [WS2_32.dll!GetAddrInfoW] 00000364
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [WS2_32.dll!FreeAddrInfoW] 0450FF52
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!OpenCluster] 50E80000
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!GetClusterKey] 8B000035
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterRegQueryInfoKey] 05EB5BC3
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterRegSetValue] 070057B8
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterRegQueryValue] 5D5E5F80
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterRegEnumKey] 900008C2
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterRegDeleteValue] 90909090
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterRegDeleteKey] 8B56FF8B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterRegCreateKey] 1C7E83F1
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!OpenClusterResource] 3D8B5700
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!OfflineClusterResource] [6C1B10A8] C:\Windows\system32\wbem\wmiaprpl.dll (WMI Performance Reverse Adapter/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!GetClusterResourceState] 7E831B74
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!CloseClusterResource] 07750140
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!CloseCluster] FFF8FEE8
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!GetClusterResourceNetworkName] E805EBFF
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!GetClusterResourceKey] FFFFF92F
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterRegOpenKey] FF1C76FF
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterRegCloseKey] 1C6683D7
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterResourceControl] 20468B00
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterEnum] 0774C085
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!OnlineClusterResource] 83D7FF50
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterControl] 8B002066
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterGroupEnum] C0852446
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterGroupOpenEnum] FF500774
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterCloseEnum] 246683D7
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterGetEnumCount] C35E5F00
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterResourceTypeControl] 90909090
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterOpenEnum] 55FF8B90
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!GetClusterNotify] 7D83EC8B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!CreateClusterNotifyPort] 5653010C
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!ClusterGroupCloseEnum] 75F98B57
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!GetClusterResourceTypeKey] 1C8F8D0A
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!GetNodeClusterState] 8B000001
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!CloseClusterGroup] 8D10FF01
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [CLUSAPI.dll!OpenClusterGroup] B78D084D
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ClusWorkerCheckTerminate] 8B51068B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ResUtilTerminateServiceProcessFromResDl l] 2450FFCE
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ResUtilEnumProperties] FB83D88B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ResUtilGetProperties] 8B0C7501
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ResUtilSetPropertyTable] 8356084D
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ResUtilVerifyPropertyTable] 26E81CC1
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ClusWorkerTerminate] 83FFFFFB
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ClusWorkerCreate] 75010C7D
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ResUtilFindDependentDiskResourceDriveLe tter] 1C8F8D0B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ResUtilEnumResourcesEx] 8B000001
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ResUtilFindSzProperty] 0450FF01
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ResUtilFindBinaryProperty] C38B5E5F
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [RESUTILS.dll!ResUtilPropertyListFromParameterBlock] 08C25D5B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [VERSION.dll!VerQueryValueW] 106A9090
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [bcrypt.dll!BCryptGenerateSymmetricKey] 916FE86C
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [bcrypt.dll!BCryptDestroyKey] C1810001
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [bcrypt.dll!BCryptGetProperty] 000000A0
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [bcrypt.dll!BCryptSetProperty] E44D8D51
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [bcrypt.dll!BCryptGenRandom] 00ACECE8
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [bcrypt.dll!BCryptOpenAlgorithmProvider] FC658300
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [bcrypt.dll!BCryptCloseAlgorithmProvider] 8B1AEB00
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [bcrypt.dll!BCryptExportKey] 4D8DE445
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [MSDTCPRX.dll!CreateTmInstanceForRemoteAdmin] 5A15E850
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [MSDTCPRX.dll!CreateLocalTmInstance] 458B0000
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [MSDTCPRX.dll!CreateLegacyTmInstance] 8D006AE4
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [MSDTCPRX.dll!CreateRemoteProxyTmInstance] 50FFE44D
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\MTXCLU.DLL [NETAPI32.dll!NetAlertRaiseEx] FFE44D8D
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\perfts.dll [UTILDLL.dll!StrConnectState] [6C273D58] C:\Windows\system32\MSDTCPRX.dll (MS DTCOLE Transactions interface proxy DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!?terminate@@YAXXZ] [7651C0C6] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!wcschr] [764F3B73] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!_wtol] [764F0A5B] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!??0exception@@QAE@ABQBD@Z] [764F488F] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!strlen] [764E1CA9] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!wcsrchr] [7651CC4E] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!_vsnwprintf] [76518BA6] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!??1exception@@UAE@XZ] [764F956D] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!??0exception@@QAE@ABV0@@Z] [76518A41] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!free] [76518591] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!_CxxThrowException] [76518DA1] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!_callnewh] [764F4926] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!malloc] [76518AC0] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!_XcptFilter] [764D1C36] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!_initterm] [764FCEC9] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!_amsg_exit] [765185EC] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!_adjust_fdiv] [7651A37A] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!??1type_info@@UAE@XZ] [77D8298C] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!_unlock] [764D6FAD] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!__dllonexit] [764EA770] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!_lock] [764EBBA2] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!?what@exception@@UBEPBDXZ] [77D898AC] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!??0exception@@QAE@XZ] [764E9FF7] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!_onexit] [76514293] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [msvcrt.dll!memmove] &n

pancakejohn · « **Reply #61 on:** April 23, 2010, 07:37:36 PM »

IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!GetCurrentProcess] [7651C8AF] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!SwitchToThread] [764FCE5C] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!InterlockedExchange] [764F951A] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!InterlockedCompareExchange] [76515851] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!OutputDebugStringA] [764F6E2D] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!QueryPerformanceCounter] [7656F4A1] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!GetTickCount] [764D18EF] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!GetCurrentThreadId] [764D18C0] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!GetCurrentProcessId] [7651C5AF] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!GetSystemTimeAsFileTime] [764F9491] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!TerminateProcess] [7651B8B6] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!UnhandledExceptionFilter] [765108F8] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [7651D198] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!GetLocaleInfoW] [77D82F9F] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!lstrlenA] [77D87DC0] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!GetVersionExW] [77D87D80] C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [KERNEL32.dll!WideCharToMultiByte] [7651BDC0] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!RegEnumValueW] [764F429D] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!RegOpenKeyW] [7651C6AE] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!RegisterEventSourceW] [7651BDFC] C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!DeregisterEventSource] 00000000
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!OpenProcessToken] [768EE188] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!GetTokenInformation] [768BB36E] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!IsValidSid] [768F0E28] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!GetLengthSid] [768EDAB0] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!CopySid] [768EC4B8] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!RegQueryValueExW] [768B8BAE] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!RegCreateKeyExW] [768EE59E] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!RegSetValueExW] [768F4E90] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!RegDeleteValueW] [768EDC40] C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!RegOpenKeyExW] 00000000
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!RegEnumKeyExW] [76774524] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!RegDeleteKeyW] [767C6BB1] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!RegCloseKey] [767C76C1] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!OpenServiceW] [7675EECF] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!QueryServiceStatus] [76783BEE] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!StartServiceW] [76759D63] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!OpenSCManagerW] [7677F79F] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!CloseServiceHandle] [7676BCE1] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!MakeAbsoluteSD] [7675B8F1] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [7676BA90] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecuri tyDescriptorW] [7675B5E7] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ADVAPI32.dll!RegQueryInfoKeyW] [7675A275] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [USER32.dll!LoadStringW] [767543DB] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [USER32.dll!CharNextW] [7675748D] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ole32.dll!CoInitializeEx] [7676D80B] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ole32.dll!CoUninitialize] [76773D0E] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ole32.dll!CoSetProxyBlanket] [7675B0C7] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [ole32.dll!CoCreateInstance] [7677412D] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [loadperf.dll!LoadPerfCounterTextStringsW] [7676A6E2] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [loadperf.dll!UnloadPerfCounterTextStringsW] [7677FC09] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [wbemcomn.dll!??1CStaticCritSec@@QAE@XZ] [767A3DEA] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [wbemcomn.dll!?Throttle@@YGJKKKKK@Z] [76772EDB] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [wbemcomn.dll!?anyFailure@CStaticCritSec@@SGHXZ] [7675FFC3] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\wbem\wmiaprpl.dll [wbemcomn.dll!??0CStaticCritSec@@QAE@XZ] [767C6FA9] C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!wprintf] DB335308
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!memset] 0041063D
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!fprintf] F18B5600
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!_iob] 053D4C7F
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!iswctype] 7D000041
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!_except_handler4_common] 74C32B7D
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!_adjust_fdiv] 09E8831E
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!_amsg_exit] FA2D1174
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!_initterm] 74000040
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!free] 41754850
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!malloc] 0B6C46C7
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!_XcptFilter] 8B000000
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!_vsnwprintf] 5D5B5EC3
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!_wfopen] 57000CC2
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!fgetws] 8B087E8D
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!fclose] 6C46C7CF
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!vfwprintf] 0000000B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!_ultow_s] FFD592E8
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!wcsstr] E8CF8BFF
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!wcschr] FFFFD8FA
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!wcstoul] 70E8CE8B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!swscanf_s] 5FFFFFF7
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!_wsplitpath_s] 072DD5EB
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [msvcrt.dll!memcpy] 74000041
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [ntdll.dll!NtOpenPrivateNamespace] 741AE883
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [ntdll.dll!NtCreatePrivateNamespace] FB98E80C
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [ntdll.dll!NtCreateMutant] FFBBFFFF
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [ntdll.dll!RtlNtStatusToDosError] EB8000FF
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!SearchPathW] 0000000B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!AddSIDToBoundaryDescriptor] 3B70768B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!SetUnhandledExceptionFilter] B80775F3
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!UnhandledExceptionFilter] 8000FFFF
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!GetCurrentProcess] 068BA7EB
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!TerminateProcess] 0C50FF56
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!GetCurrentProcessId] 46C79DEB
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!GetCurrentThreadId] 00000B6C
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!GetTickCount] 70768B00
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!QueryPerformanceCounter] E374F33B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!Sleep] FF56068B
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!InterlockedExchange] 87EB1450
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!SetLastError] 90909090
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!GetLastError] 55FF8B90
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [KERNEL32.dll!CompareStringW]

pancakejohn · « **Reply #62 on:** April 23, 2010, 07:38:31 PM »

IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [ADVAPI32.dll!RegisterEventSourceW] 00000B6C
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\loadperf.dll [USER32.dll!LoadStringW] 00000001
IAT C:\Windows\system32\wbem\wmiprvse.exe[4024] @ C:\Windows\system32\tquery.dll [query.dll!CITextToSelectTreeEx] [6F4D523A] C:\Windows\system32\query.dll (Content Index Utility DLL/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe (CMSPCSUtilSvc/SprintNextel) [AUTO] Access Utility Service
Service C:\Windows\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service C:\Windows\system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [DISABLED] adp94xx
Service C:\Windows\system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [DISABLED] adpahci
Service C:\Windows\system32\drivers\adpu160m.sys (Adaptec LH Ultra160 Driver (x86)/Adaptec, Inc.) [DISABLED] adpu160m
Service C:\Windows\system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver/Adaptec, Inc.) [DISABLED] adpu320
Service adsi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AeLookupSvc
Service C:\Windows\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service C:\Windows\system32\drivers\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440
Service C:\Windows\system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [DISABLED] aic78xx
Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service C:\Windows\system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [DISABLED] aliide
Service C:\Windows\system32\drivers\amdagp.sys (AMD NT AGP Filter/Microsoft Corporation) [MANUAL] amdagp
Service C:\Windows\system32\drivers\amdide.sys (AMD IDE Driver/Microsoft Corporation) [DISABLED] amdide
Service C:\Windows\system32\drivers\amdk7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] AmdK7
Service C:\Windows\system32\drivers\amdk8.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] AmdK8
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo
Service C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AppMgmt
Service C:\Windows\system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [DISABLED] arc
Service C:\Windows\system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [DISABLED] arcsas
Service C:\??\C:\Program Files\ASTRA32\ASTRA32.sys [AUTO] ASTRA32
Service C:\Windows\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\Windows\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Audiosrv
Service C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Anti-Virus/Kaspersky Lab) [AUTO] AVP
Service (Battery Class Driver/Microsoft Corporation) BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BITS
Service C:\Windows\system32\drivers\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [DISABLED] blbdrive
Service [DISABLED] BOHCI
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service C:\Windows\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
Service C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Browser
Service C:\Windows\system32\drivers\brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [DISABLED] Brserid
Service C:\Windows\System32\Drivers\BrSerIf.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [MANUAL] BrSerIf
Service C:\Windows\system32\drivers\brserwdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [DISABLED] BrSerWdm
Service C:\Windows\system32\drivers\brusbmdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [DISABLED] BrUsbMdm
Service C:\Windows\System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service C:\Windows\system32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [DISABLED] BTHMODEM
Service [DISABLED] BUHCI
Service [DISABLED] BUSBD
Service C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [MANUAL] catchme
Service C:\Windows\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
Service C:\Windows\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc
Service C:\Windows\system32\drivers\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [DISABLED] circlass
Service C:\Windows\System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service C:\Windows\system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] cmdide
Service C:\Windows\system32\drivers\COMMONFX.SYS (Creative Common FX Plug-in/Creative Technology Ltd) [MANUAL] COMMONFX
Service C:\Windows\System32\drivers\COMMONFX.SYS (Creative Common FX Plug-in/Creative Technology Ltd) [MANUAL] COMMONFX.SYS
Service C:\Windows\system32\drivers\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [DISABLED] Compbatt
Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service C:\Windows\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [BOOT] crcdisk
Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (System Level Service Utility/Creative Labs) [MANUAL] Creative ALchemy AL6 Licensing Service
Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (System Level Service Utility/Creative Labs) [MANUAL] Creative Audio Engine Licensing Service
Service C:\Windows\system32\drivers\crusoe.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Crusoe
Service crypt32
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc
Service C:\Windows\system32\drivers\csc.sys (Windows Client Side Caching Driver/Microsoft Corporation) [SYSTEM] CSC
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CscService
Service C:\Windows\system32\CSHelper.exe [AUTO] CSHelper
Service C:\Windows\system32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctac32k
Service C:\Windows\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd) [MANUAL] ctaud2k
Service C:\Windows\system32\drivers\CTAUDFX.SYS (Creative SB FX Plug-in/Creative Technology Ltd) [MANUAL] CTAUDFX
Service C:\Windows\System32\drivers\CTAUDFX.SYS (Creative SB FX Plug-in/Creative Technology Ltd) [MANUAL] CTAUDFX.SYS
Service C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd) [AUTO] CTAudSvcService
Service C:\Windows\system32\drivers\ctdvda2k.sys (Creative DVD-Audio Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctdvda2k
Service C:\Windows\system32\drivers\CTERFXFX.SYS (E-MU E-DSP Effects Plugin Module/Creative Technology Ltd) [MANUAL] CTERFXFX
Service C:\Windows\System32\drivers\CTERFXFX.SYS (E-MU E-DSP Effects Plugin Module/Creative Technology Ltd) [MANUAL] CTERFXFX.SYS
Service C:\Windows\system32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd) [MANUAL] ctprxy2k
Service C:\Windows\system32\drivers\CTSBLFX.SYS (Creative SB FX Plug-in/Creative Technology Ltd) [MANUAL] CTSBLFX
Service C:\Windows\System32\drivers\CTSBLFX.SYS (Creative SB FX Plug-in/Creative Technology Ltd) [MANUAL] CTSBLFX.SYS
Service C:\Windows\system32\drivers\ctsfm2k.sys (SoundFont(R) Manager (WDM)/Creative Technology Ltd) [MANUAL] ctsfm2k
Service C:\Windows\system32\DRIVERS\CVirtA.sys (Cisco Systems VPN Adapter/Cisco Systems, Inc.) [MANUAL] CVirtA
Service DCLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\Windows\System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC
Service C:\Windows\system32\DFSR.exe (Distributed File System Replication/Microsoft Corporation) [MANUAL] DFSR
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporatio

pancakejohn · « **Reply #63 on:** April 23, 2010, 07:38:55 PM »

Service C:\Windows\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] KtmRm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation
Service system32\DRIVERS\Lbd.sys [BOOT] Lbd
Service ldap
Service C:\Windows\system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts
Service Lsa
Service C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic Fusion-MPT FC Driver (StorPort)/LSI Logic) [DISABLED] LSI_FC
Service C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic Fusion-MPT SAS Driver (StorPort)/LSI Logic) [DISABLED] LSI_SAS
Service C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) [DISABLED] LSI_SCSI
Service C:\Windows\system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv
Service C:\Windows\system32\drivers\MTiCtwl.sys (MagicTunePremium Driver/Samsung Electronics, Inc. ) [SYSTEM] MagicTune
Service C:\Windows\system32\DRIVERS\MarvinBus.sys (Pinnacle Marvin Discrete Bus Enumerator/Pinnacle Systems GmbH) [MANUAL] MarvinBus
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc
Service C:\Windows\system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Corporation) [DISABLED] megasas
Service C:\Windows\system32\drivers\megasr.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [DISABLED] MegaSR
Service C:\Windows\system32\270.tmp [MANUAL] MEMSWEEP2
Service Messenger
Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS
Service C:\Windows\system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\Windows\system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
Service C:\Windows\system32\DRIVERS\motmodem.sys (Motorola USB Modem and Ports Driver/Motorola) [MANUAL] motmodem
Service C:\Windows\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] mouclass
Service C:\Windows\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service C:\Windows\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [BOOT] MountMgr
Service C:\Windows\system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [DISABLED] mpio
Service C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc
Service C:\Windows\system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) [DISABLED] Mraid35x
Service C:\Windows\system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\Windows\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
Service C:\Windows\system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
Service C:\Windows\system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
Service C:\Windows\system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [DISABLED] msahci
Service C:\Windows\system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [DISABLED] msdsm
Service C:\Windows\System32\msdtc.exe (MS DTCconsole program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\Windows\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] msiserver
Service C:\Windows\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\Windows\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\Windows\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC
Service MSSCNTRS
Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\Windows\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service C:\Windows\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent
Service C:\Windows\system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP
Service C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero BackItUp/Nero AG) [MANUAL] NBService
Service C:\Windows\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\Windows\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\Windows\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\Windows\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\Windows\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\Windows\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] netbt
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Netman
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] netprofm
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service C:\Windows\system32\drivers\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [DISABLED] nfrd960
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] NlaSvc
Service C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero Home/Nero AG) [MANUAL] NMIndexingService
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] nsi
Service C:\Windows\system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy
Service NTDS
Service (NT File System Driver/Microsoft Corporation) [MANUAL] Ntfs
Service C:\Windows\system32\drivers\ntrigdigi.sys (N-trig tablet digitizer in-box driver/N-trig Innovative Technologies) [DISABLED] ntrigdigi
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 191.07 /NVIDIA Corporation) [MANUAL] nvlddmkm
Service C:\Windows\system32\drivers\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation) [DISABLED] nvraid
Service C:\Windows\system32\drivers\nvstor.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [DISABLED] nvstor
Service C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 191.07/NVIDIA Corporation) [AUTO] nvsvc
Service C:\Windows\system32\drivers\nv_agp.sys (NForce NT AGP Filter/Microsoft Corporation) [MANUAL] nv_agp
Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv
Service C:\Windows\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service C:\Windows\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.) [MANUAL] ossrv
Service Outlook
Service [AUTO] P2k
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2pimsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2psvc
Service C:\Windows\system32\drivers\PalmUSBD.sys (USB Driver for Palm OS Handheld Devices/PalmSource, Inc.) [MANUAL] PalmUSBD
Service C:\Windows\system32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation)

pancakejohn · « **Reply #64 on:** April 23, 2010, 07:41:39 PM »

[MANUAL] Parport
Service C:\Windows\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr
Service C:\Windows\system32\DRIVERS\parvdm.sys (VDM Parallel Driver/Microsoft Corporation) [AUTO] Parvdm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PcaSvc
Service C:\Windows\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] pci
Service C:\Windows\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] pciide
Service C:\Windows\system32\drivers\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] pcmcia
Service C:\Windows\System32\Drivers\pcouffin.sys (low level access layer for CD/DVD/BD devices/VSO Software) [MANUAL] pcouffin
Service C:\Windows\system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] pla
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PlugPlay
Service C:\Windows\system32\DRIVERS\pnetmdm.sys (PdaNet Driver/June Fabrics Technology) [MANUAL] pnetmdm
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPAutoReg
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PolicyAgent
Service PortProxy
Service C:\Windows\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\Windows\system32\drivers\processr.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Processor
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ProfSvc
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage
Service C:\Windows\system32\DRIVERS\pacer.sys (QoS Packet Scheduler/Microsoft Corporation) [SYSTEM] PSched
Service C:\Windows\system32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\Windows\system32\drivers\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [DISABLED] ql2300
Service C:\Windows\system32\drivers\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [DISABLED] ql40xx
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] QWAVE
Service C:\Windows\system32\drivers\qwavedrv.sys (Microsoft Quality Windows Audio Video Experience (qWave) Support Driver/Microsoft Corporation) [MANUAL] QWAVEdrv
Service C:\Windows\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\Windows\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\Windows\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\Windows\system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp
Service C:\Windows\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] rdbss
Service C:\Windows\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\Windows\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr
Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
Service RDPNP
Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RemoteRegistry
Service C:\Program Files\CyberLink\Shared files\RichVideo.exe [AUTO] RichVideo
Service C:\??\C:\Program Files\RivaTuner v2.22\RivaTuner32.sys [MANUAL] RivaTuner32
Service C:\Windows\System32\Drivers\RootMdm.sys (Legacy Non-Pnp Modem Device Driver/Microsoft Corporation) [MANUAL] ROOTMODEM
Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\Windows\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
Service C:\Windows\system32\DRIVERS\Rtlh86.sys (Realtek 8136/8168/8169 NDIS6 32-bit Driver /Realtek ) [MANUAL] RTL8169
Service C:\Windows\system32\DRIVERS\RtTeam60.sys (Realtek NDIS 6.0 Intermediate Miniport Driver for Teaming/Realtek Corporation) [MANUAL] RTTEAMPT
Service C:\Windows\system32\DRIVERS\RtVlan60.sys (Sample NDIS 6.0 Intermediate Miniport Driver/Windows (R) Codename Longhorn DDK provider) [MANUAL] RTVLANPT
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs
Service C:\??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\WNt500x86\Sandra.sys [MANUAL] SANDRA
Service C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe (SiSoftware Deployment Agent Service (NT)(Unicode)/SiSoftware) [AUTO] SandraAgentSrv
Service C:\Windows\system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [DISABLED] sbp2port
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Schedule
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCPolicySvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SDRSVC
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] seclogon
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SENS
Service C:\Windows\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum
Service C:\Windows\system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) [SYSTEM] Serial
Service C:\Windows\system32\drivers\sermouse.sys (Serial Mouse Filter Driver/Microsoft Corporation) [DISABLED] sermouse
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SessionEnv
Service C:\Windows\system32\drivers\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [DISABLED] sffdisk
Service C:\Windows\system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc
Service C:\Windows\system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
Service C:\Windows\system32\DRIVERS\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [MANUAL] sfloppy
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service C:\Windows\system32\drivers\sisagp.sys (SIS NT AGP Filter/Microsoft Corporation) [MANUAL] sisagp
Service C:\Windows\system32\drivers\sisraid2.sys (SiS RAID Stor Miniport Driver/Microsoft Corporation) [DISABLED] SiSRaid2
Service C:\Windows\system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [DISABLED] SiSRaid4
Service C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) [AUTO] slsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SLUINotify
Service C:\Windows\system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [SYSTEM] Smb
Service SMSvcHost 3.0.0.0
Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP
Service (loader for security processor/Microsoft Corporation) [BOOT] spldr
Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\Windows\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) [DISABLED] sptd
Service C:\Windows\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv
Service C:\Windows\System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2
Service C:\Windows\System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet
Service C:\Windows\system32\DRIVERS\sscdbus.sys (SAMSUNG USB Composite Device Driver/MCCI) [MANUAL] sscdbus
Service C:\Windows\system32\DRIVERS\sscdmdfl.sys (SAMSUNG CDMA Modem Filter Driver/MCCI) [MANUAL] sscdmdfl
Service C:\Windows\system32\DRIVERS\sscdmdm.sys (SAMSUNG CDMA Modem WDM/MCCI) &n

pancakejohn · « **Reply #65 on:** April 23, 2010, 08:27:16 PM »

Service C:\Windows\system32\DRIVERS\sscdserd.sys (SAMSUNG CDMA Modem Diagnostic Serial Port Device Driver/MCCI) [MANUAL] sscdserd
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SstpSvc
Service C:\Program [MANUAL] Steam Client Service
Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Stereo Vision Control Panel API Server/NVIDIA Corporation) [AUTO] Stereo Service
Service C:\Windows\system32\DRIVERS\serscan.sys (Serial Imaging Device Driver/Microsoft Corporation) [MANUAL] StillCam
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] stisvc
Service C:\Windows\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv
Service C:\Windows\system32\drivers\symc8xx.sys (LSI Logic 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] Symc8xx
Service C:\Windows\system32\drivers\sym_hi.sys (LSI Logic Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_hi
Service C:\Windows\system32\drivers\sym_u3.sys (LSI Logic Ultra160 SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_u3
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TabletInputService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TBS
Service C:\Windows\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [BOOT] Tcpip
Service C:\Windows\system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] Tcpip6
Service C:\Windows\System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg
Service C:\Windows\system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service C:\Windows\system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\Windows\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx
Service C:\Windows\system32\DRIVERS\RtTeam60.sys (Realtek NDIS 6.0 Intermediate Miniport Driver for Teaming/Realtek Corporation) [MANUAL] TEAM
Service C:\Windows\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TermService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER
Service C:\Windows\system32\drivers\TotRec7.sys (Total Recorder WDM audio driver/High Criteria inc.) [MANUAL] TotRec7
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks
Service C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Driver/TrueCrypt Foundation) [SYSTEM] truecrypt
Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller
Service TSDDD
Service C:\Windows\System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv
Service C:\Windows\system32\DRIVERS\tunmp.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunmp
Service C:\Windows\system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel
Service C:\Windows\system32\drivers\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35
Service C:\Windows\system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs
Service C:\Program Files\VMware\VMware Player\vmware-ufad.exe (VMware Host Process for Ufa Services/VMware, Inc.) [MANUAL] ufad-ws60
Service UGatherer
Service UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect
Service C:\Windows\system32\drivers\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx
Service C:\Windows\system32\drivers\uliahci.sys (ULi SATA Controller Driver/ULi Electronics Inc.) [DISABLED] uliahci
Service C:\Windows\system32\drivers\ulsata.sys (Promise Ultra/Sata Series Driver for Win2003/Promise Technology, Inc.)

---- EOF - GMER 1.0.15 ----

Dr Jay · « **Reply #66 on:** April 23, 2010, 08:39:38 PM »

Open GMER, only checkmark Sections. Do the scan, and post a log, please.

pancakejohn · « **Reply #67 on:** April 24, 2010, 10:02:54 AM »

My "Sections" only log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-24 11:02:19
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pggdikod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 34C 85EFCA10 4 Bytes [D0, 5B, 78, 96] {RCR BYTE [EBX+0x78], 0x1; XCHG ESI, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 370 85EFCA34 8 Bytes [2C, 75, 78, 96, 82, 77, 78, ...] {SUB AL, 0x75; JS 0xffffffffffffff9a; XOR BYTE [EDI+0x78], -0x6a}
.text ntkrnlpa.exe!KeSetTimerEx + 3B4 85EFCA78 4 Bytes [FC, 79, 78, 96] {CLD ; JNS 0x7b; XCHG ESI, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 3DC 85EFCAA0 4 Bytes [50, 64, 78, 96]
.text ntkrnlpa.exe!KeSetTimerEx + 3F4 85EFCAB8 4 Bytes [32, 6B, 78, 96] {XOR CH, [EBX+0x78]; XCHG ESI, EAX}
.text ...
PAGE spsys.sys!?SPVersion@@3PADA + 1A67 81E5403F 240 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B58 81E54130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1B5F 81E54137 2214 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 2406 81E549DE 47 Bytes [04, BB, A8, 01, 00, 00, 8D, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 2436 81E54A0E 44 Bytes [05, 00, 00, 39, 54, 8D, D0, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2152] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2152] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 32.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2152] USER32.dll!GetAppCompatFlags2 + 880 76706390 4 Bytes [70, 11, 33, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2556] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2556] C:\Windows\system32\kernel32.dll time/date stamp mismatch; unknown module: 32.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[2556] USER32.dll!GetAppCompatFlags2 + 880 76706390 4 Bytes [70, 11, 33, 6D]

---- EOF - GMER 1.0.15 ----

Dr Jay · « **Reply #68 on:** April 24, 2010, 11:38:44 AM »

Please go to VirSCAN.org FREE on-line scan

service[/u][/color][/url]

Browse for the following file path into the "Suspicious files to scan" box on the top of the page:
- C:\windows\system32\drivers\spsys.sys
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

pancakejohn · « **Reply #69 on:** April 24, 2010, 12:22:56 PM »

VirSCAN.org Scanned Report :
Scanned time : 2010/04/24 13:23:38 (CDT)
Scanner results: Scanners did not find malware!
File Name : spsys.sys
File Size : 681984 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : f713e67c329ce82ff1e1ebb497887427
SHA1 : 5cf16ea140cfd9b1b555776d936ae63df4cca0e b
Online report : http://virscan.org/report/55fe8b3c24fb9ef257844cb8e8cd14b2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100424050718 2010-04-24 5.46 -
AhnLab V3 2010.04.25.00 2010.04.25 2010-04-25 1.24 -
AntiVir 8.2.1.224 7.10.6.197 2010-04-23 0.26 -
Antiy 2.0.18 20100423.4250129 2010-04-23 0.02 -
Arcavir 2009 201004232019 2010-04-23 0.10 -
Authentium 5.1.1 201004240338 2010-04-24 4.27 -
AVAST! 4.7.4 100424-0 2010-04-24 0.03 -
AVG 8.5.720 271.1.1/2832 2010-04-24 0.22 -
BitDefender 7.81008.5687802 7.31365 2010-04-25 3.65 -
ClamAV 0.95.3 10807 2010-04-24 0.10 -
Comodo 3.13.579 4675 2010-04-24 0.91 -
CP Secure 1.3.0.5 2010.04.20 2010-04-20 0.10 -
Dr.Web 5.0.2.3300 2010.04.24 2010-04-24 6.74 -
F-Prot 4.4.4.56 20100424 2010-04-24 3.87 -
F-Secure 7.02.73807 2010.04.24.05 2010-04-24 10.95 -
Fortinet 4.0.14 11.739 2010-04-24 0.23 -
GData 21.17/21.7 20100424 2010-04-24 11.09 -
ViRobot 20100423 2010.04.23 2010-04-23 0.41 -
Ikarus T3.1.01.80 2010.04.24.75707 2010-04-24 5.95 -
JiangMin 13.0.900 2010.04.24 2010-04-24 3.92 -
Kaspersky 5.5.10 2010.04.24 2010-04-24 0.09 -
KingSoft 2009.2.5.15 2010.4.24.17 2010-04-24 0.65 -
McAfee 5400.1158 5955 2010-04-18 0.02 -
Microsoft 1.5703 2010.04.24 2010-04-24 7.27 -
Norman 6.04.11 6.04.00 2010-04-22 8.01 -
Panda 9.05.01 2010.04.24 2010-04-24 4.28 -
Trend Micro 9.120-1004 7.124.07 2010-04-24 0.00 -
Quick Heal 10.00 2010.04.23 2010-04-23 1.94 -
Rising 20.0 22.44.05.04 2010-04-24 1.29 -
Sophos 3.06.0 4.52 2010-04-25 3.60 -
Sunbelt 3.9.2418.2 6215 2010-04-23 5.52 -
Symantec 1.3.0.24 20100424.006 2010-04-24 0.22 -
nProtect 20100424.01 8042441 2010-04-24 8.49 -
The Hacker 6.5.2.0 v00268 2010-04-23 0.76 -
VBA32 3.12.12.4 20100423.0824 2010-04-23 3.00 -
VirusBuster 4.5.11.10 10.125.1/2032637 2010-04-23 2.97 -

Dr Jay · « **Reply #70 on:** April 24, 2010, 10:05:36 PM »

Delete any old version of TDSSKiller.

Download this << file >> & extract TDSSKiller.exe onto your Desktop.. but first rename it to WINlogON.exe

Then create this batch file to be placed next to TDSSKiller

=====

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code: [Select]

@ECHO OFF
START /WAIT WINlogON.exe -l Logit.txt -v
START Logit.txt
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says

pancakejohn · « **Reply #71 on:** April 25, 2010, 09:08:13 AM »

10:11:32:838 4560   TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
10:11:32:838 4560   ================================================================================
10:11:32:838 4560   SystemInfo:

10:11:32:838 4560   OS Version: 6.0.6001 ServicePack: 1.0
10:11:32:838 4560   Product type: Workstation
10:11:32:838 4560   ComputerName: HEAVENH-IPND9NT
10:11:32:838 4560   UserName: Administrator
10:11:32:838 4560   Windows directory: C:\Windows
10:11:32:838 4560   Processor architecture: Intel x86
10:11:32:838 4560   Number of processors: 4
10:11:32:838 4560   Page size: 0x1000
10:11:32:838 4560   Boot type: Normal boot
10:11:32:838 4560   ================================================================================
10:11:32:838 4560   UnloadDriverW: NtUnloadDriver error 2
10:11:32:838 4560   ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
10:11:32:947 4560   wfopen_ex: Trying to open file C:\Windows\system32\config\system
10:11:32:947 4560   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:11:32:947 4560   wfopen_ex: Trying to KLMD file open
10:11:32:947 4560   wfopen_ex: File opened ok (Flags 2)
10:11:32:979 4560   wfopen_ex: Trying to open file C:\Windows\system32\config\software
10:11:32:979 4560   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:11:32:979 4560   wfopen_ex: Trying to KLMD file open
10:11:32:979 4560   wfopen_ex: File opened ok (Flags 2)
10:11:32:979 4560   Initialize success
10:11:32:979 4560
10:11:32:979 4560   Scanning   Services ...
10:11:35:256 4560   Raw services enum returned 506 services
10:11:35:256 4560
10:11:35:256 4560   Scanning   Kernel memory ...
10:11:35:256 4560   Devices to scan: 3
10:11:35:256 4560
10:11:35:256 4560   Driver Name: atapi
10:11:35:256 4560   IRP_MJ_CREATE : 869C10FC
10:11:35:256 4560   IRP_MJ_CREATE_NAMED_PIPE : 85E38013
10:11:35:256 4560   IRP_MJ_CLOSE : 869C10FC
10:11:35:256 4560   IRP_MJ_READ : 85E38013
10:11:35:256 4560   IRP_MJ_WRITE : 85E38013
10:11:35:256 4560   IRP_MJ_QUERY_INFORMATION : 85E38013
10:11:35:256 4560   IRP_MJ_SET_INFORMATION : 85E38013
10:11:35:256 4560   IRP_MJ_QUERY_EA : 85E38013
10:11:35:256 4560   IRP_MJ_SET_EA : 85E38013
10:11:35:256 4560   IRP_MJ_FLUSH_BUFFERS : 85E38013
10:11:35:256 4560   IRP_MJ_QUERY_VOLUME_INFORMATION : 85E38013
10:11:35:256 4560   IRP_MJ_SET_VOLUME_INFORMATION : 85E38013
10:11:35:256 4560   IRP_MJ_DIRECTORY_CONTROL : 85E38013
10:11:35:256 4560   IRP_MJ_FILE_SYSTEM_CONTROL : 85E38013
10:11:35:256 4560   IRP_MJ_DEVICE_CONTROL : 869AF9D6
10:11:35:256 4560   IRP_MJ_INTERNAL_DEVICE_CONTROL : 869AF9A8
10:11:35:256 4560   IRP_MJ_SHUTDOWN : 85E38013
10:11:35:256 4560   IRP_MJ_LOCK_CONTROL : 85E38013
10:11:35:256 4560   IRP_MJ_CLEANUP : 85E38013
10:11:35:256 4560   IRP_MJ_CREATE_MAILSLOT : 85E38013
10:11:35:256 4560   IRP_MJ_QUERY_SECURITY : 85E38013
10:11:35:256 4560   IRP_MJ_SET_SECURITY : 85E38013
10:11:35:256 4560   IRP_MJ_POWER : 869AFA04
10:11:35:256 4560   IRP_MJ_SYSTEM_CONTROL : 869BCB70
10:11:35:256 4560   IRP_MJ_DEVICE_CHANGE : 85E38013
10:11:35:256 4560   IRP_MJ_QUERY_QUOTA : 85E38013
10:11:35:256 4560   IRP_MJ_SET_QUOTA : 85E38013
10:11:35:272 4560   C:\Windows\system32\drivers\atapi.sys - Verdict: 1
10:11:35:272 4560
10:11:35:272 4560   Driver Name: atapi
10:11:35:272 4560   IRP_MJ_CREATE : 869C10FC
10:11:35:272 4560   IRP_MJ_CREATE_NAMED_PIPE : 85E38013
10:11:35:272 4560   IRP_MJ_CLOSE : 869C10FC
10:11:35:272 4560   IRP_MJ_READ : 85E38013
10:11:35:272 4560   IRP_MJ_WRITE : 85E38013
10:11:35:272 4560   IRP_MJ_QUERY_INFORMATION : 85E38013
10:11:35:272 4560   IRP_MJ_SET_INFORMATION : 85E38013
10:11:35:272 4560   IRP_MJ_QUERY_EA : 85E38013
10:11:35:272 4560   IRP_MJ_SET_EA : 85E38013
10:11:35:272 4560   IRP_MJ_FLUSH_BUFFERS : 85E38013
10:11:35:272 4560   IRP_MJ_QUERY_VOLUME_INFORMATION : 85E38013
10:11:35:272 4560   IRP_MJ_SET_VOLUME_INFORMATION : 85E38013
10:11:35:272 4560   IRP_MJ_DIRECTORY_CONTROL : 85E38013
10:11:35:272 4560   IRP_MJ_FILE_SYSTEM_CONTROL : 85E38013
10:11:35:272 4560   IRP_MJ_DEVICE_CONTROL : 869AF9D6
10:11:35:272 4560   IRP_MJ_INTERNAL_DEVICE_CONTROL : 869AF9A8
10:11:35:272 4560   IRP_MJ_SHUTDOWN : 85E38013
10:11:35:272 4560   IRP_MJ_LOCK_CONTROL : 85E38013
10:11:35:272 4560   IRP_MJ_CLEANUP : 85E38013
10:11:35:272 4560   IRP_MJ_CREATE_MAILSLOT : 85E38013
10:11:35:272 4560   IRP_MJ_QUERY_SECURITY : 85E38013
10:11:35:272 4560   IRP_MJ_SET_SECURITY : 85E38013
10:11:35:272 4560   IRP_MJ_POWER : 869AFA04
10:11:35:272 4560   IRP_MJ_SYSTEM_CONTROL : 869BCB70
10:11:35:272 4560   IRP_MJ_DEVICE_CHANGE : 85E38013
10:11:35:272 4560   IRP_MJ_QUERY_QUOTA : 85E38013
10:11:35:272 4560   IRP_MJ_SET_QUOTA : 85E38013
10:11:35:272 4560   C:\Windows\system32\drivers\atapi.sys - Verdict: 1
10:11:35:272 4560
10:11:35:272 4560   Driver Name: atapi
10:11:35:272 4560   IRP_MJ_CREATE : 869C10FC
10:11:35:272 4560   IRP_MJ_CREATE_NAMED_PIPE : 85E38013
10:11:35:272 4560   IRP_MJ_CLOSE : 869C10FC
10:11:35:272 4560   IRP_MJ_READ : 85E38013
10:11:35:272 4560   IRP_MJ_WRITE : 85E38013
10:11:35:272 4560   IRP_MJ_QUERY_INFORMATION : 85E38013
10:11:35:272 4560   IRP_MJ_SET_INFORMATION : 85E38013
10:11:35:272 4560   IRP_MJ_QUERY_EA : 85E38013
10:11:35:272 4560   IRP_MJ_SET_EA : 85E38013
10:11:35:272 4560   IRP_MJ_FLUSH_BUFFERS : 85E38013
10:11:35:272 4560   IRP_MJ_QUERY_VOLUME_INFORMATION : 85E38013
10:11:35:272 4560   IRP_MJ_SET_VOLUME_INFORMATION : 85E38013
10:11:35:272 4560   IRP_MJ_DIRECTORY_CONTROL : 85E38013
10:11:35:272 4560   IRP_MJ_FILE_SYSTEM_CONTROL : 85E38013
10:11:35:272 4560   IRP_MJ_DEVICE_CONTROL : 869AF9D6
10:11:35:272 4560   IRP_MJ_INTERNAL_DEVICE_CONTROL : 869AF9A8
10:11:35:272 4560   IRP_MJ_SHUTDOWN : 85E38013
10:11:35:272 4560   IRP_MJ_LOCK_CONTROL : 85E38013
10:11:35:272 4560   IRP_MJ_CLEANUP : 85E38013
10:11:35:272 4560   IRP_MJ_CREATE_MAILSLOT : 85E38013
10:11:35:272 4560   IRP_MJ_QUERY_SECURITY : 85E38013
10:11:35:272 4560   IRP_MJ_SET_SECURITY : 85E38013
10:11:35:272 4560   IRP_MJ_POWER : 869AFA04
10:11:35:272 4560   IRP_MJ_SYSTEM_CONTROL : 869BCB70
10:11:35:272 4560   IRP_MJ_DEVICE_CHANGE : 85E38013
10:11:35:272 4560   IRP_MJ_QUERY_QUOTA : 85E38013
10:11:35:272 4560   IRP_MJ_SET_QUOTA : 85E38013
10:11:35:272 4560   C:\Windows\system32\drivers\atapi.sys - Verdict: 1
10:11:35:272 4560
10:11:35:272 4560   Completed
10:11:35:272 4560
10:11:35:272 4560   Results:
10:11:35:272 4560   Memory objects infected / cured / cured on reboot:   0 / 0 / 0
10:11:35:272 4560   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
10:11:35:272 4560   File objects infected / cured / cured on reboot:   0 / 0 / 0
10:11:35:272 4560
10:11:35:287 4560   fclose_ex: Trying to close file C:\Windows\system32\config\system
10:11:35:287 4560   fclose_ex: Trying to close file C:\Windows\system32\config\software
10:11:35:334 4560   MyDeleteFileW: MyNtCreateFile (C:\Windows\system32\drivers\klmd.sys) error 32
10:11:35:334 4560   KLMD(ARK) unloaded successfully

Dr Jay · « **Reply #72 on:** April 25, 2010, 12:17:52 PM »

Hmm....

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

Link:

Code: [Select]

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Double-click on drweb-cureit.exe to start the program.
An Express Scan of your PC notice will appear.
Under Start the Express Scan Now, Click OK to start the scan.
This is a short scan that will scan the files currently running in memory.
If something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the Scan tab and UNcheck Heuristic analysis
Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
When finished, a message will be displayed at the bottom advising if any viruses were found.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, look if you can see the icon next to the files found.

If so, click it, then click the next icon right below and select Move incurable.
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)

Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit when you have finished.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

pancakejohn · « **Reply #73 on:** April 26, 2010, 09:56:39 PM »

Hi,
The scan finally completed. It took about 20 hours. The log file it created is 172 MB and over 4000 pages long. I cannot attach it because the maximum attachment size allowed is 700 KB and I am not going to sit here and copy and paste 4000 pages into the forum. Let me know what to do from here. Thanks

Here are the scan statistics though:
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 1275155
Infected: 0
Modifications: 4
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 4
Ignored: 0
Scan speed: 50 Kb/s
Scan time: 20:11:27
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Scanned: 1316457
Infected: 0
Modifications: 4
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 4
Ignored: 0
Scan speed: 55 Kb/s
Scan time: 20:44:51
=============================================================================

Dr Jay · « **Reply #74 on:** April 26, 2010, 10:00:02 PM »

Odd.

Delete your copy of ComboFix, and download an updated one from here and run it, post a log:

BleepingComputer.com

Computer Hope Forum

News:

Author Topic: Rootkit.Win32.TDSS.d on Vista (Read 85479 times)

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

Dr Jay

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

Dr Jay

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

Dr Jay

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

Dr Jay

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

Dr Jay

Re: Rootkit.Win32.TDSS.d on Vista