Author Topic: Rootkit.Win32.TDSS.d on Vista (Read 79763 times)

SuperDave · « **Reply #15 on:** April 18, 2010, 07:25:27 AM »

Quote

Those paths you gave to upload at Jotti's malware scan are directories, not files. Is there a way to scan entire directories using Jotti's malware scan? It would take forever to upload each file in each directory and subdirectory, one at a time. (There are 1,031 files in those 4 directories)

Oops. That's what I get for trying to do too many things at the same time. Sorry. We'll try to check those out some other way.

Quote

I already have antivirus software. I have Kaspersky Internet Security 2010.

The ComboFix log only shows Anti-spyware. No evidence of Kaspersky.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
=================================

Download this << file >> & extract TDSSKiller.exe onto your Desktop

Then create this batch file to be placed next to TDSSKiller

=====

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code: [Select]

@ECHO OFF
START /WAIT TDSSKILLER.exe -l Logit.txt -v
START Logit.txt
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says.
===========================
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DirLook::
C:\CF

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

==========================

Next post please include log from Security Check, ComboFix log and log from TDSSKiller.

pancakejohn · « **Reply #16 on:** April 18, 2010, 11:53:20 AM »

My Security check log:

Results of screen317's Security Check version 0.99.3
Windows Vista Service Pack 1 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Kaspersky Internet Security 2010
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
DH Driver Cleaner Professional Edition
Java(TM) 6 Update 20
Adobe Flash Player 10
Adobe Reader 9.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Kaspersky Lab Kaspersky Internet Security 2010 avp.exe
Kaspersky Lab Kaspersky Internet Security 2010 klwtblfs.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

----------------------------------------------------------------------------------------------------------------------------------------------

My TDSSkiller log:

12:51:04:596 3000   TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
12:51:04:596 3000   ================================================================================
12:51:04:596 3000   SystemInfo:

12:51:04:596 3000   OS Version: 6.0.6001 ServicePack: 1.0
12:51:04:596 3000   Product type: Workstation
12:51:04:596 3000   ComputerName: HEAVENH-IPND9NT
12:51:04:596 3000   UserName: Administrator
12:51:04:596 3000   Windows directory: C:\Windows
12:51:04:596 3000   Processor architecture: Intel x86
12:51:04:596 3000   Number of processors: 4
12:51:04:596 3000   Page size: 0x1000
12:51:04:596 3000   Boot type: Normal boot
12:51:04:596 3000   ================================================================================
12:51:04:596 3000   UnloadDriverW: NtUnloadDriver error 2
12:51:04:596 3000   ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
12:51:04:939 3000   wfopen_ex: Trying to open file C:\Windows\system32\config\system
12:51:04:939 3000   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:51:04:939 3000   wfopen_ex: Trying to KLMD file open
12:51:04:939 3000   wfopen_ex: File opened ok (Flags 2)
12:51:04:954 3000   wfopen_ex: Trying to open file C:\Windows\system32\config\software
12:51:04:954 3000   wfopen_ex: MyNtCreateFileW error 32 (C0000043)
12:51:04:954 3000   wfopen_ex: Trying to KLMD file open
12:51:04:954 3000   wfopen_ex: File opened ok (Flags 2)
12:51:04:954 3000   Initialize success
12:51:04:954 3000
12:51:04:954 3000   Scanning   Services ...
12:51:07:139 3000   Raw services enum returned 506 services
12:51:07:154 3000
12:51:07:154 3000   Scanning   Kernel memory ...
12:51:07:154 3000   Devices to scan: 3
12:51:07:154 3000
12:51:07:154 3000   Driver Name: atapi
12:51:07:154 3000   IRP_MJ_CREATE : 86B610FC
12:51:07:154 3000   IRP_MJ_CREATE_NAMED_PIPE : 86099887
12:51:07:154 3000   IRP_MJ_CLOSE : 86B610FC
12:51:07:154 3000   IRP_MJ_READ : 86099887
12:51:07:154 3000   IRP_MJ_WRITE : 86099887
12:51:07:154 3000   IRP_MJ_QUERY_INFORMATION : 86099887
12:51:07:154 3000   IRP_MJ_SET_INFORMATION : 86099887
12:51:07:154 3000   IRP_MJ_QUERY_EA : 86099887
12:51:07:154 3000   IRP_MJ_SET_EA : 86099887
12:51:07:154 3000   IRP_MJ_FLUSH_BUFFERS : 86099887
12:51:07:154 3000   IRP_MJ_QUERY_VOLUME_INFORMATION : 86099887
12:51:07:154 3000   IRP_MJ_SET_VOLUME_INFORMATION : 86099887
12:51:07:154 3000   IRP_MJ_DIRECTORY_CONTROL : 86099887
12:51:07:154 3000   IRP_MJ_FILE_SYSTEM_CONTROL : 86099887
12:51:07:154 3000   IRP_MJ_DEVICE_CONTROL : 86B4F9D6
12:51:07:154 3000   IRP_MJ_INTERNAL_DEVICE_CONTROL : 86B4F9A8
12:51:07:154 3000   IRP_MJ_SHUTDOWN : 86099887
12:51:07:154 3000   IRP_MJ_LOCK_CONTROL : 86099887
12:51:07:154 3000   IRP_MJ_CLEANUP : 86099887
12:51:07:154 3000   IRP_MJ_CREATE_MAILSLOT : 86099887
12:51:07:154 3000   IRP_MJ_QUERY_SECURITY : 86099887
12:51:07:154 3000   IRP_MJ_SET_SECURITY : 86099887
12:51:07:154 3000   IRP_MJ_POWER : 86B4FA04
12:51:07:154 3000   IRP_MJ_SYSTEM_CONTROL : 86B5CB70
12:51:07:154 3000   IRP_MJ_DEVICE_CHANGE : 86099887
12:51:07:154 3000   IRP_MJ_QUERY_QUOTA : 86099887
12:51:07:154 3000   IRP_MJ_SET_QUOTA : 86099887
12:51:07:186 3000   C:\Windows\system32\drivers\atapi.sys - Verdict: 1
12:51:07:186 3000
12:51:07:186 3000   Driver Name: atapi
12:51:07:186 3000   IRP_MJ_CREATE : 86B610FC
12:51:07:186 3000   IRP_MJ_CREATE_NAMED_PIPE : 86099887
12:51:07:186 3000   IRP_MJ_CLOSE : 86B610FC
12:51:07:186 3000   IRP_MJ_READ : 86099887
12:51:07:186 3000   IRP_MJ_WRITE : 86099887
12:51:07:186 3000   IRP_MJ_QUERY_INFORMATION : 86099887
12:51:07:186 3000   IRP_MJ_SET_INFORMATION : 86099887
12:51:07:186 3000   IRP_MJ_QUERY_EA : 86099887
12:51:07:186 3000   IRP_MJ_SET_EA : 86099887
12:51:07:186 3000   IRP_MJ_FLUSH_BUFFERS : 86099887
12:51:07:186 3000   IRP_MJ_QUERY_VOLUME_INFORMATION : 86099887
12:51:07:186 3000   IRP_MJ_SET_VOLUME_INFORMATION : 86099887
12:51:07:186 3000   IRP_MJ_DIRECTORY_CONTROL : 86099887
12:51:07:186 3000   IRP_MJ_FILE_SYSTEM_CONTROL : 86099887
12:51:07:186 3000   IRP_MJ_DEVICE_CONTROL : 86B4F9D6
12:51:07:186 3000   IRP_MJ_INTERNAL_DEVICE_CONTROL : 86B4F9A8
12:51:07:186 3000   IRP_MJ_SHUTDOWN : 86099887
12:51:07:186 3000   IRP_MJ_LOCK_CONTROL : 86099887
12:51:07:186 3000   IRP_MJ_CLEANUP : 86099887
12:51:07:186 3000   IRP_MJ_CREATE_MAILSLOT : 86099887
12:51:07:186 3000   IRP_MJ_QUERY_SECURITY : 86099887
12:51:07:186 3000   IRP_MJ_SET_SECURITY : 86099887
12:51:07:186 3000   IRP_MJ_POWER : 86B4FA04
12:51:07:186 3000   IRP_MJ_SYSTEM_CONTROL : 86B5CB70
12:51:07:186 3000   IRP_MJ_DEVICE_CHANGE : 86099887
12:51:07:186 3000   IRP_MJ_QUERY_QUOTA : 86099887
12:51:07:186 3000   IRP_MJ_SET_QUOTA : 86099887
12:51:07:186 3000   C:\Windows\system32\drivers\atapi.sys - Verdict: 1
12:51:07:186 3000
12:51:07:186 3000   Driver Name: atapi
12:51:07:186 3000   IRP_MJ_CREATE : 86B610FC
12:51:07:186 3000   IRP_MJ_CREATE_NAMED_PIPE : 86099887
12:51:07:186 3000   IRP_MJ_CLOSE : 86B610FC
12:51:07:186 3000   IRP_MJ_READ : 86099887
12:51:07:186 3000   IRP_MJ_WRITE : 86099887
12:51:07:186 3000   IRP_MJ_QUERY_INFORMATION : 86099887
12:51:07:186 3000   IRP_MJ_SET_INFORMATION : 86099887
12:51:07:186 3000   IRP_MJ_QUERY_EA : 86099887
12:51:07:186 3000   IRP_MJ_SET_EA : 86099887
12:51:07:186 3000   IRP_MJ_FLUSH_BUFFERS : 86099887
12:51:07:186 3000   IRP_MJ_QUERY_VOLUME_INFORMATION : 86099887
12:51:07:186 3000   IRP_MJ_SET_VOLUME_INFORMATION : 86099887
12:51:07:186 3000   IRP_MJ_DIRECTORY_CONTROL : 86099887
12:51:07:186 3000   IRP_MJ_FILE_SYSTEM_CONTROL : 86099887
12:51:07:186 3000   IRP_MJ_DEVICE_CONTROL : 86B4F9D6
12:51:07:186 3000   IRP_MJ_INTERNAL_DEVICE_CONTROL : 86B4F9A8
12:51:07:186 3000   IRP_MJ_SHUTDOWN : 86099887
12:51:07:186 3000   IRP_MJ_LOCK_CONTROL : 86099887
12:51:07:186 3000   IRP_MJ_CLEANUP : 86099887
12:51:07:186 3000   IRP_MJ_CREATE_MAILSLOT : 86099887
12:51:07:186 3000   IRP_MJ_QUERY_SECURITY : 86099887
12:51:07:186 3000   IRP_MJ_SET_SECURITY : 86099887
12:51:07:186 3000   IRP_MJ_POWER : 86B4FA04
12:51:07:186 3000   IRP_MJ_SYSTEM_CONTROL : 86B5CB70
12:51:07:186 3000   IRP_MJ_DEVICE_CHANGE : 86099887
12:51:07:186 3000   IRP_MJ_QUERY_QUOTA : 86099887
12:51:07:186 3000   IRP_MJ_SET_QUOTA : 86099887
12:51:07:186 3000   C:\Windows\system32\drivers\atapi.sys - Verdict: 1
12:51:07:186 3000
12:51:07:186 3000   Completed
12:51:07:186 3000
12:51:07:186 3000   Results:
12:51:07:186 3000   Memory objects infected / cured / cured on reboot:   0 / 0 / 0
12:51:07:186 3000   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
12:51:07:186 3000   File objects infected / cured / cured on reboot:   0 / 0 / 0
12:51:07:186 3000
12:51:07:186 3000   fclose_ex: Trying to close file C:\Windows\system32\config\system
12:51:07:186 3000   fclose_ex: Trying to close file C:\Windows\system32\config\software
12:51:07:232 3000   MyDeleteFileW: MyNtCreateFile (C:\Windows\system32\drivers\klmd.sys) error 32
12:51:07:232 3000   KLMD(ARK) unloaded successfully
----------------------------------------------------------------------------------------------------------------------------------------------My combofix log:

ComboFix 10-04-15.05 - Administrator 04/18/2010 12:59:28.6.4 - x86
Windows Windows Vista™ Extreme Edition 6.0.6001.1.1252.1.1033.18.3326.1740 [GMT -5:00]
Running from: C:\Users\Administrator\Desktop\commy.exe
Command switches used :: C:\Users\Administrator\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

SuperDave · « **Reply #17 on:** April 19, 2010, 11:10:51 AM »

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second

Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
When downloaded double click and this will then open ISOBurner to burn the file to CD
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
Change Drivers to Non-Microsoft
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\_OTL\MovedFiles
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

pancakejohn · « **Reply #18 on:** April 19, 2010, 10:06:23 PM »

my OTL log:

OTL logfile created on: 4/19/2010 11:51:15 PM - Run
OTLPE by OldTimer - Version 3.1.37.2 Folder = X:\Programs\OTLPE
Windows Vista (TM) Ultimate Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 9.72 Gb Free Space | 6.52% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 464.32 Gb Free Space | 99.69% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 163.22 Gb Free Space | 35.04% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (WSearch)
SRV - File not found [On_Demand] -- -- (wbengine)
SRV - File not found [Auto] -- -- (VMware NAT Service)
SRV - File not found [Auto] -- -- (VMnetDHCP)
SRV - File not found [Auto] -- -- (VMAuthdService)
SRV - File not found [On_Demand] -- -- (vds)
SRV - File not found [On_Demand] -- -- (UI0Detect)
SRV - File not found [On_Demand] -- -- (ufad-ws60)
SRV - File not found [On_Demand] -- -- (TrustedInstaller)
SRV - File not found [Auto] -- -- (Stereo Service)
SRV - File not found [On_Demand] -- -- (Steam Client Service)
SRV - File not found [On_Demand] -- -- (SNMPTRAP)
SRV - File not found [Auto] -- -- (slsvc)
SRV - File not found [Auto] -- -- (SandraAgentSrv)
SRV - File not found [Auto] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto] -- -- (nvsvc)
SRV - File not found [On_Demand] -- -- (NMIndexingService)
SRV - File not found [On_Demand] -- -- (NBService)
SRV - File not found [On_Demand] -- -- (Microsoft Office Groove Audit Service)
SRV - File not found [On_Demand] -- -- (IDriverT)
SRV - File not found [On_Demand] -- -- (FLEXnet Licensing Service)
SRV - File not found [On_Demand] -- -- (Fax)
SRV - File not found [On_Demand] -- -- (ehSched)
SRV - File not found [On_Demand] -- -- (ehRecvr)
SRV - File not found [On_Demand] -- -- (DFSR)
SRV - File not found [Auto] -- -- (CTAudSvcService)
SRV - File not found [Auto] -- -- (CSHelper)
SRV - File not found [On_Demand] -- -- (Creative Audio Engine Licensing Service)
SRV - File not found [On_Demand] -- -- (Creative ALchemy AL6 Licensing Service)
SRV - File not found [Auto] -- -- (AVP)
SRV - [2008/04/04 05:44:51 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2008/04/04 05:42:27 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\svchost.exe -- (gpsvc)
SRV - [2008/04/04 05:42:27 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\System32\svchost.exe -- (ehstart)
SRV - [2008/04/04 05:41:43 | 000,243,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2007/06/28 14:54:44 | 000,151,552 | ---- | M] (SprintNextel) [Auto] -- C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe -- (Access Utility Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WmXlCore)
DRV - File not found [Kernel | On_Demand] -- -- (WmVirHid)
DRV - File not found [Kernel | On_Demand] -- -- (WmFilter)
DRV - File not found [Kernel | On_Demand] -- -- (WmBEnum)
DRV - File not found [Kernel | Auto] -- -- (WinRing0_1_2_0)
DRV - File not found [Kernel | Auto] -- -- (WIBUKEY)
DRV - File not found [Kernel | Boot] -- -- (Wdf01000)
DRV - File not found [Kernel | Auto] -- -- (vstor2-ws60)
DRV - File not found [Kernel | Boot] -- -- (volmgrx)
DRV - File not found [Kernel | Boot] -- -- (volmgr)
DRV - File not found [Kernel | Auto] -- -- (vmx86)
DRV - File not found [Kernel | On_Demand] -- -- (vmusb)
DRV - File not found [Kernel | Auto] -- -- (VMparport)
DRV - File not found [Kernel | Auto] -- -- (VMnetuserif)
DRV - File not found [Kernel | Auto] -- -- (VMnetBridge)
DRV - File not found [Kernel | On_Demand] -- -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand] -- -- (vmkbd)
DRV - File not found [Kernel | Auto] -- -- (vmci)
DRV - File not found [Kernel | On_Demand] -- -- (VirtualDK)
DRV - File not found [Kernel | On_Demand] -- -- (V0500Dev)
DRV - File not found [Kernel | On_Demand] -- -- (umbus)
DRV - File not found [Kernel | On_Demand] -- -- (uliagpkx)
DRV - File not found [Kernel | On_Demand] -- -- (tunnel)
DRV - File not found [Kernel | On_Demand] -- -- (tssecsrv)
DRV - File not found [Kernel | On_Demand] -- -- (TotRec7)
DRV - File not found [Kernel | On_Demand] -- -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV - File not found [Kernel | System] -- -- (tdx)
DRV - File not found [Kernel | Auto] -- -- (tcpipreg)
DRV - File not found [Kernel | On_Demand] -- -- (StillCam)
DRV - File not found [Kernel | On_Demand] -- -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - File not found [Kernel | On_Demand] -- -- (sscdmdm)
DRV - File not found [Kernel | On_Demand] -- -- (sscdmdfl)
DRV - File not found [Kernel | On_Demand] -- -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - File not found [File_System | On_Demand] -- -- (srvnet)
DRV - File not found [File_System | On_Demand] -- -- (srv2)
DRV - File not found [Kernel | Boot] -- -- (spldr)
DRV - File not found [Kernel | System] -- -- (Smb)
DRV - File not found [Kernel | On_Demand] -- -- (SANDRA)
DRV - File not found [Kernel | On_Demand] -- -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0)
DRV - File not found [Kernel | On_Demand] -- -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV - File not found [Kernel | On_Demand] -- -- (RTL8169)
DRV - File not found [Kernel | Auto] -- -- (rspndr)
DRV - File not found [Kernel | On_Demand] -- -- (RivaTuner32)
DRV - File not found [Kernel | System] -- -- (RDPENCDD)
DRV - File not found [Kernel | On_Demand] -- -- (RasSstp)
DRV - File not found [Kernel | On_Demand] -- -- (QWAVEdrv)
DRV - File not found [Kernel | On_Demand] -- -- (pnetmdm)
DRV - File not found [Kernel | Auto] -- -- (PEAUTH)
DRV - File not found [Kernel | On_Demand] -- -- (PalmUSBD)
DRV - File not found [Kernel | Auto] -- -- (P2k)
DRV - File not found [Kernel | On_Demand] -- -- (nvlddmkm)
DRV - File not found [Kernel | On_Demand] -- -- (nv_agp)
DRV - File not found [Kernel | System] -- -- (nsiproxy)
DRV - File not found [Kernel | On_Demand] -- -- (NativeWifiP)
DRV - File not found [Kernel | On_Demand] -- -- (MsRPC)
DRV - File not found [Kernel | Boot] -- -- (msisadrv)
DRV - File not found [File_System | On_Demand] -- -- (mrxsmb20)
DRV - File not found [File_System | On_Demand] -- -- (mrxsmb10)
DRV - File not found [Kernel | On_Demand] -- -- (mpsdrv)
DRV - File not found [Kernel | On_Demand] -- -- (motmodem)
DRV - File not found [Kernel | On_Demand] -- -- (monitor)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand] -- -- (MarvinBus)
DRV - File not found [Kernel | System] -- -- (MagicTune)
DRV - File not found [File_System | Auto] -- -- (luafv)
DRV - File not found [Kernel | Auto] -- -- (lltdio)
DRV - File not found [File_System | Boot] -- -- (Lbd)
DRV - File not found [Kernel | On_Demand] -- -- (klmouflt)
DRV - File not found [Kernel | System] -- -- (KLIM6)
DRV - File not found [File_System | System] -- -- (KLIF)
DRV - File not found [Kernel | Boot] -- -- (klbg)
DRV - File not found [Kernel | System] -- -- (kl1)
DRV - File not found [File_System | System] -- -- (ISODrive)
DRV - File not found [Kernel | On_Demand] -- -- (iScsiPrt)
DRV - File not found [Kernel | Auto] -- -- (hcmon)
DRV - File not found [Kernel | On_Demand] -- -- (hap17v2k)
DRV - File not found [Kernel | On_Demand] -- -- (hap16v2k)
DRV - File not found [Kernel | Boot] -- -- (fvevol)
DRV - File not found [File_System | On_Demand] -- -- (Filetrace)
DRV - File not found [File_System | Boot] -- -- (FileInfo)
DRV - File not found [File_System | On_Demand] -- -- (exfat)
DRV - File not found [Kernel | Boot] -- -- (Ecache)
DRV - File not found [Kernel | On_Demand] -- -- (E1G60) Intel(R)
DRV - File not found [Kernel | On_Demand] -- -- (DXGKrnl)
DRV - File not found [File_System | System] -- -- (DfsC)
DRV - File not found [Kernel | On_Demand] -- -- (CTSBLFX.SYS)
DRV - File not found [Kernel | On_Demand] -- -- (CTERFXFX.SYS)
DRV - File not found [Kernel | On_Demand] -- -- (CTERFXFX)
DRV - File not found [Kernel | On_Demand] -- -- (ctdvda2k)
DRV - File not found [Kernel | On_Demand] -- -- (CTAUDFX.SYS)
DRV - File not found [Kernel | On_Demand] -- -- (CTAUDFX)
DRV - File not found [Kernel | System] -- -- (CSC)
DRV - File not found [Kernel | Boot] -- -- (crcdisk)
DRV - File not found [Kernel | On_Demand] -- -- (COMMONFX.SYS)
DRV - File not found [Kernel | Boot] -- -- (CLFS) Common Log (CLFS)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (BrFiltUp)
DRV - File not found [Kernel | On_Demand] -- -- (BrFiltLo)
DRV - File not found [File_System | On_Demand] -- -- (bowser)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | Auto] -- -- (ASTRA32)
DRV - [2009/12/13 16:45:31 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/05/08 12:42:50 | 000,215,872 | ---- | M] (TrueCrypt Foundation) [Kernel | System] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/04/23 12:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/06 12:22:56 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/30 22:21:08 | 000,079,960 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand] -- C:\Windows\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/23 10:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 10:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 10:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/12 12:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/03 10:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2004/03/17 16:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002/07/24 01:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/18 22:55:42 | 000,643,072 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX)
DRV - [2002/07/18 22:54:10 | 000,110,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX)
DRV - [2002/07/18 22:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/18 22:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/18 22:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/18 22:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/18 22:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/18 22:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Administrator_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/19 00:27:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/11 22:01:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt

[2009/10/31 13:09:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/12/03 14:46:05 | 000,061,440 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2004/07/02 15:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\components\np32asw.dll
[2004/07/02 15:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32asw.dll

Hosts file not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O3 - HKU\Administrator_ON_E\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe File not found
O4 - HKU\.DEFAULT..\Run: [DevconDefaultDB] C:\Windows\READREG.exe (Creative Technology Limited)
O4 - HKU\Administrator_ON_E..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe File not found
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\Administrator_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll File not found
O16 - DPF: {7557F5AA-D486-401D-BE55-0163FA78B5B8} https://skyfex.com/download/SkyFexExpert.cab (SkyFex Expert Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll File not found
O22 - SharedTaskScheduler: {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - Ave's FolderBg - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll File not found
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll File not found
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll File not found
O24 - Desktop WallPaper: C:\Windows\resources\Themes\GlassGlow\Ginkakuji Default 169.jpg
O24 - Desktop BackupWallPaper: C:\Windows\resources\Themes\GlassGlow\Ginkakuji Default 169.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1cab8272-e57e-11dd-a7ee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1cab8272-e57e-11dd-a7ee-806e6f6e6963}\Shell\AutoRun\command - "" = G:\reatogoMenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/12 22:50:54 | 000,000,000 | ---D | C] -- C:\Windows\XP
[2008/10/02 21:45:31 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/10/18 20:54:31 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/12/14 22:56:43 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008/12/11 17:11:17 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/11/12 21:53:48 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2008/10/28 19:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/10/25 19:48:25 | 000,000,204 | ---- | C] () -- C:\Windows\RtlRack.ini
[2008/10/22 19:35:38 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/10/22 19:35:38 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/10/22 19:35:01 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/10/22 19:35:01 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/10/22 19:34:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/10/22 19:34:12 | 000,000,086 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/10/22 19:33:18 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/10/19 22:07:31 | 000,000,000 | ---- | C] () -- C:\Windows\ATIMMC.INI
[2008/10/18 15:07:56 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/10/04 20:07:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/10/02 21:45:57 | 000,000,000 | ---- | C] () -- C:\Windows\SBWIN.INI
[2008/10/02 21:45:48 | 000,000,231 | ---- | C] () -- C:\Windows\AC3API.INI
[2008/10/02 21:45:35 | 000,037,727 | ---- | C] () -- C:\Windows\System32\Emu10kx.ini
[2008/10/02 21:45:35 | 000,000,029 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2008/10/02 21:45:27 | 000,000,180 | ---- | C] () -- C:\Windows\System32\KILL.INI
[2008/10/02 21:42:46 | 000,000,073 | ---- | C] () -- C:\Windows\wb.ini
[2008/10/02 21:34:03 | 000,363,520 | ---- | C] () -- C:\Windows\System32\psisdecd.dll
[2008/06/11 11:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 11:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 11:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 11:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 11:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 11:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 11:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 11:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 11:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 10:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/06/01 03:13:10 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008/04/23 20:34:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2007/03/12 14:01:30 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2007/01/31 15:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/05/18 10:56:29 | 001,703,936 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2006/05/18 10:56:29 | 001,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2006/05/18 10:56:25 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll
[2006/05/18 10:56:21 | 001,486,848 | ---- | C] () -- C:\Windows\System32\nview.dll
[2006/05/18 10:56:21 | 000,286,720 | ---- | C] () -- C:\Windows\System32\nvnt4cpl.dll
[2006/05/18 10:56:20 | 000,573,440 | ---- | C] () -- C:\Windows\System32\nvhwvid.dll
[2004/10/15 20:31:56 | 000,218,264 | ---- | C] () -- C:\Windows\System32\SetAid.dll
[2004/01/28 12:42:06 | 000,066,560 | ---- | C] () -- C:\Windows\System32\atiyuv12.dll
[2004/01/28 12:42:06 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2004/01/28 12:42:06 | 000,013,601 | ---- | C] () -- C:\Windows\System32\vctest.ini
[2003/01/03 13:07:20 | 000,589,824 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2002/05/15 20:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002/05/04 10:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

========== Purity Check ==========

< End of report >

SuperDave · « **Reply #19 on:** April 21, 2010, 01:06:31 PM »

Please re-boot in Normal Mode and run this scan.

Download GMER Rootkit Detector and save it your desktop.

* Extract it to your desktop and double-click GMER.exe
* Make sure all of the boxes on the right of the screen are checked, EXCEPT for "Show All".
* Click the Rootkit tab and then Scan.
* Don't check the Show All box while scanning in progress!
* When scanning is finished click Copy.
* This copies the log to clipboard
* Post the log in your reply.

pancakejohn · « **Reply #20 on:** April 22, 2010, 03:07:17 PM »

I cannot get GMER to complete the scan. It keeps crashing, which locks up my computer until I reboot.

SuperDave · « **Reply #21 on:** April 22, 2010, 05:18:42 PM »

That is weird. Let's try to run this one to see what's happening with your computer.

Download WhoCrashed from here
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply

pancakejohn · « **Reply #22 on:** April 22, 2010, 06:06:34 PM »

Sorry, should have been more specific.

When I said "It keeps crashing" I meant GMER.exe stops responding, not that the PC crashes or bluescreens, however, when GMER.exe stops responding the PC completely locks up so I must reboot.

Nevertheless here is my whocrashed log, note the last time is 4/17/10 from when I was trying to run combofix , nothing from yesterday or today.

Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Sat 4/17/2010 4:06:09 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000007E (0xC0000005, 0x860A8EB3, 0x807B0858, 0x807B0554)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Dump file: C:\Windows\Minidump\Mini041710-01.dmp
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.

On Fri 4/16/2010 3:57:52 AM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000007E (0xC0000005, 0x860DAEB3, 0x807BC858, 0x807BC554)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Dump file: C:\Windows\Minidump\Mini041610-03.dmp
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.

On Fri 4/16/2010 3:40:38 AM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000007E (0xC0000005, 0x860A8EB3, 0x807B0858, 0x807B0554)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Dump file: C:\Windows\Minidump\Mini041610-02.dmp
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.

On Fri 4/16/2010 3:27:04 AM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x1000007E (0xC0000005, 0x860D4EB3, 0x807B8858, 0x807B8554)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Dump file: C:\Windows\Minidump\Mini041610-01.dmp
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit is in another driver on your system which cannot be identified at this time.

SuperDave · « **Reply #23 on:** April 22, 2010, 07:52:59 PM »

I know it's frustrating but please try this:

Launch GMER and in the right panel, untick all except the following:

Modules
Processes
Libraries
Services
Show All

Then click the scan button & show me the log it produces.

pancakejohn · « **Reply #24 on:** April 23, 2010, 01:41:51 PM »

Quote from: SuperDave on April 22, 2010, 07:52:59 PM

I know it's frustrating but please try this:

Yes it's quite frustrating, but I sincerely appreciate all the help you have given me so far and hopefully we can resolve the problem.

I was able to run the scan and get a log, the system freezes up about 5 seconds after the scan completes, but some very fast copy and paste and save and I was able to get the log.

The log you requested: (broken up due to 50000 character limit)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 14:25:28
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pggdikod.sys

---- Modules - GMER 1.0.15 ----

Module \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 85E06000-861BF000 (3903488 bytes)
Module \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 861BF000-861F2000 (208896 bytes)
Module \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation) 80602000-8060A000 (32768 bytes)
Module \SystemRoot\system32\mcupdate_GenuineIntel.dll (Intel Microcode Update Library/Microsoft Corporation) 8060A000-8066A000 (393216 bytes)
Module \SystemRoot\system32\PSHED.dll (Platform Specific Hardware Error Driver/Microsoft Corporation) 8066A000-8067B000 (69632 bytes)
Module \SystemRoot\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) 8067B000-80683000 (32768 bytes)
Module \SystemRoot\system32\CLFS.SYS (Common Log File System Driver/Microsoft Corporation) 80683000-806C4000 (266240 bytes)
Module \SystemRoot\system32\CI.dll (Code Integrity Module/Microsoft Corporation) 806C4000-807A4000 (917504 bytes)
Module \SystemRoot\system32\drivers\klbg.sys (Kaspersky Lab Boot Guard Driver/Kaspersky Lab) 807A4000-807B1000 (53248 bytes)
Module \SystemRoot\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) 86809000-86885000 (507904 bytes)
Module \SystemRoot\system32\drivers\WDFLDR.SYS (WDFLDR/Microsoft Corporation) 86885000-86892000 (53248 bytes)
Module \SystemRoot\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) 86892000-868D8000 (286720 bytes)
Module \SystemRoot\system32\drivers\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) 868D8000-868E1000 (36864 bytes)
Module \SystemRoot\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) 868E1000-868E9000 (32768 bytes)
Module \SystemRoot\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) 868E9000-86910000 (159744 bytes)
Module \SystemRoot\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) 86910000-8691F000 (61440 bytes)
Module \SystemRoot\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) 8691F000-8692E000 (61440 bytes)
Module \SystemRoot\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) 8692E000-86978000 (303104 bytes)
Module \SystemRoot\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) 86978000-8697F000 (28672 bytes)
Module \SystemRoot\system32\drivers\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) 8697F000-8698D000 (57344 bytes)
Module \SystemRoot\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) 8698D000-8699D000 (65536 bytes)
Module \SystemRoot\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) 8699D000-869A5000 (32768 bytes)
Module \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 869A5000-869C3000 (122880 bytes)
Module \SystemRoot\system32\DRIVERS\jraid.sys (JMicron JMB36X RAID Driver/JMicron Technology Corp.) 869C3000-869DB000 (98304 bytes)
Module \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) 807B1000-807D7000 (155648 bytes)
Module \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) 86A0C000-86A3E000 (204800 bytes)
Module \SystemRoot\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) 86A3E000-86A4E000 (65536 bytes)
Module \SystemRoot\system32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) 86A4E000-86A57000 (36864 bytes)
Module \SystemRoot\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) 86A57000-86AC8000 (462848 bytes)
Module \SystemRoot\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) 86AC8000-86BD3000 (1093632 bytes)
Module \SystemRoot\system32\drivers\msrpc.sys (Kernel Remote Procedure Call Provider/Microsoft Corporation) 86BD3000-86BFE000 (176128 bytes)
Module \SystemRoot\system32\drivers\NETIO.SYS (Network I/O Subsystem/Microsoft Corporation) 86C05000-86C3F000 (237568 bytes)
Module \SystemRoot\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) 86C3F000-86D28000 (954368 bytes)
Module \SystemRoot\System32\drivers\fwpkclnt.sys (FWP/IPsec Kernel-Mode API/Microsoft Corporation) 86D28000-86D43000 (110592 bytes)
Module \SystemRoot\System32\Drivers\Ntfs.sys (NT File System Driver/Microsoft Corporation) 86E00000-86F0F000 (1110016 bytes)
Module \SystemRoot\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) 86F0F000-86F48000 (233472 bytes)
Module \SystemRoot\System32\Drivers\spldr.sys (loader for security processor/Microsoft Corporation) 86F48000-86F50000 (32768 bytes)
Module \SystemRoot\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) 86F50000-86F5F000 (61440 bytes)
Module \SystemRoot\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) 86F5F000-86F86000 (159744 bytes)
Module \SystemRoot\System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) 86F86000-86FAA000 (147456 bytes)
Module \SystemRoot\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) 86FAA000-86FBB000 (69632 bytes)
Module \SystemRoot\system32\drivers\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) 86FBB000-86FDC000 (135168 bytes)
Module \SystemRoot\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) 86FDC000-86FE5000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) 86D5C000-86D67000 (45056 bytes)
Module \SystemRoot\system32\drivers\TotRec7.sys (Total Recorder WDM audio driver/High Criteria inc.) 86D67000-86D8F000 (163840 bytes)
Module \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) 86D8F000-86DBC000 (184320 bytes)
Module \SystemRoot\system32\drivers\drmk.sys (Microsoft Kernel DRM Descrambler Filter/Microsoft Corporation) 86DBC000-86DE1000 (151552 bytes)
Module \SystemRoot\system32\drivers\ks.sys (Kernel CSA Library/Microsoft Corporation) 95A0E000-95A38000 (172032 bytes)
Module \SystemRoot\system32\DRIVERS\tunmp.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) 95A38000-95A41000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) 95A41000-95A50000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 191.07 /NVIDIA Corporation) 95C04000-96515000 (9506816 bytes)
Module \SystemRoot\system32\DRIVERS\nvBridge.kmd (NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 191.07 /NVIDIA Corporation) 96515000-96517000 (8192 bytes)
Module \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) 96517000-965B6000 (651264 bytes)
Module \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) 965B6000-965C3000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) 965C3000-965CE000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 95A50000-95A8E000 (253952 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) 965CE000-965DD000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) 965DD000-965EF000 (73728 bytes)
Module \SystemRoot\system32\DRIVERS\Rtlh86.sys (Realtek 8136/8168/8169 NDIS6 32-bit Driver /Realtek ) 95A8E000-95AD0000 (270336 bytes)
Module \SystemRoot\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) 965EF000-965FA000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) 95AD0000-95AEA000 (106496 bytes)
Module \SystemRoot\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) 95AEA000-95AF4000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) 95AF4000-95B0C000 (98304 bytes)
Module \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) 95B0C000-95B24000 (98304 bytes)
Module \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) 95B24000-95B2E000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\serscan.sys (Serial Imaging Device Driver/Microsoft Corporation) 95B2E000-95B36000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) 95B36000-95B64000 (188416 bytes)
Module \SystemRoot\system32\DRIVERS\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 95B64000-95BA5000 (266240 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) 95BA5000-95BB0000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) 95BB0000-95BC7000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) 95BC7000-95BD2000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) 95BD2000-95BF5000 (143360 bytes)
Module \SystemRoot\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) 86DE1000-86DF0000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) 869DB000-869EF000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) 807D7000-807EC000 (86016 bytes)
Module \SystemRoot\System32\Drivers\pcouffin.sys (low level access layer for CD/DVD/BD devices/VSO Software) 95A00000-95A0C000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\pnetmdm.sys (PdaNet Driver/June Fabrics Technology) 965FA000-965FD000 (12288 bytes)
Module \SystemRoot\system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) 86DF0000-86DFD000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) 96802000-9688B000 (561152 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) 9688B000-9689B000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) 9689B000-968A6000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) 968A6000-968B1000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) 968B1000-968B3000 (8192 bytes)
Module \SystemRoot\system32\drivers\WmBEnum.sys (Logitech WingMan Virtual Bus Enumerator Driver/Logitech Inc.) 968B3000-968B7000 (16384 bytes)
Module \SystemRoot\system32\drivers\WmXlCore.sys (Logitech WingMan Translation Driver/Logitech Inc.) 968B7000-968C2000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 968C2000-968CC000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) 968CC000-968D9000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) 968D9000-9690D000 (212992 bytes)
Module \SystemRoot\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) 9690D000-96917000 (40960 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation) 96917000-96928000 (69632 bytes)
Module \SystemRoot\system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) 96928000-96967000 (258048 bytes)
Module \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) 96967000-969B8000 (331776 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) 969B8000-969C1000 (36864 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) 969C1000-969C8000 (28672 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) 969C8000-969CF000 (28672 bytes)
Module \SystemRoot\system32\drivers\MTiCtwl.sys (MagicTunePremium Driver/Samsung Electronics, Inc. ) 969CF000-969D8000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\HIDPARSE.SYS (Hid Parsing Library/Microsoft Corporation) 969E1000-969E8000 (28672 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) 969E8000-969F4000 (49152 bytes)
Module \SystemRoot\System32\drivers\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) 96A05000-96A26000 (135168 bytes)
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) 96A26000-96A2E000 (32768 bytes)
Module \SystemRoot\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) 96A2E000-96A36000 (32768 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) 96A36000-96A41000 (45056 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) 96A41000-96A4F000 (57344 bytes)
Module \SystemRoot\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) 96A4F000-96A58000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) 96A58000-96A6E000 (90112 bytes)
Module \SystemRoot\system32\DRIVERS\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) 96C00000-97120000 (5373952 bytes)
Module \SystemRoot\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) 97120000-97129000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\HIDCLASS.SYS (Hid Class Library/Microsoft Corporation) 97129000-97139000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) 97139000-9713B000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) 9713B000-97143000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\klmouflt.sys (KLMOUFLT Mouse Device Filter [fre_wlh_x86]/Kaspersky Lab) 97143000-9714C000 (36864 bytes)
Module \Sys

pancakejohn · « **Reply #25 on:** April 23, 2010, 01:50:03 PM »

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process C:\Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation) 516
Library C:\Windows\System32\smss.exe (Windows Session Manager/Microsoft Corporation) 0x475D0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 584
Library C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x4A0F0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x758B0000
Library C:\Windows\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\winsrv.dll (Multi-User Windows Server DLL/Microsoft Corporation) 0x75830000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x75C70000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75D30000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x756D0000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 644
Library C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x4A0F0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x758B0000
Library C:\Windows\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x75890000
Library C:\Windows\system32\winsrv.dll (Multi-User Windows Server DLL/Microsoft Corporation) 0x75830000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x75C70000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75D30000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x756D0000

Process C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 652
Library C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 0x00BA0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75810000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76000000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x75C70000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75D30000
Library C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x75790000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x75BC0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x75DB0000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x74F80000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x74C40000
Library C:\Windows\System32\wship6.dll (Winsock2 Helper DLL (TL/IPv6)/Microsoft Corporation) 0x75060000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x752A0000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75400000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75090000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x74D10000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75650000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75950000

Process C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 688
Library C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 0x00FB0000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75810000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\SCESRV.dll (Windows Security Configuration Editor Engine/Microsoft Corporation) 0x75740000
Library C:\Windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x757D0000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75650000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75950000
Library C:\Windows\system32\NCObjAPI.DLL (Microsoft Corporation) 0x757C0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76000000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x75C70000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75D30000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x752A0000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75400000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75090000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x74D10000
Library C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x75790000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74C80000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76410000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x75BC0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x75DB0000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75420000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76650000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x74F80000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x74C40000
Library C:\Windows\System32\wship6.dll (Winsock2 Helper DLL (TL/IPv6)/Microsoft Corporation) 0x75060000

Process C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 704
Library C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 0x00870000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation) 0x75510000
Library C:\Windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\SAMSRV.dll (SAM Server DLL/Microsoft Corporation) 0x75490000
Library C:\Windows\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x75470000
Library C:\Windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x75440000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x75BC0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation)

pancakejohn · « **Reply #26 on:** April 23, 2010, 01:51:01 PM »

Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x75DB0000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75420000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76650000
Library C:\Windows\system32\SHSVCS.dll (Windows Shell Services Dll/Microsoft Corporation) 0x73C10000
Library C:\Windows\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x74830000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74F00000
Library C:\Windows\system32\WindowsCodecs.dll (Microsoft Windows Codecs Library/Microsoft Corporation) 0x739A0000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75650000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75260000
Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x753A0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 924
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00940000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library c:\windows\system32\umpnpmgr.dll (User-mode Plug-and-Play Service/Microsoft Corporation) 0x74C00000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library c:\windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75810000
Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76000000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x75C70000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75D30000
Library C:\Windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74C60000
Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x74EE0000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75260000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x74AE0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x75BC0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x75DB0000
Library c:\windows\system32\FirewallAPI.dll (Windows Firewall API/Microsoft Corporation) 0x74B90000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76650000
Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75070000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x752A0000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75400000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75090000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x74D10000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75650000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75950000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x75A30000
Library C:\Windows\system32\Cabinet.dll (Microsoft® Cabinet File API/Microsoft Corporation) 0x74770000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74C80000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76410000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75420000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76210000
Library C:\Windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x750A0000
Library C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x75790000
Library C:\Windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x74C50000

Process C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 191.07/NVIDIA Corporation) 972
Library C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 191.07/NVIDIA Corporation) 0x00400000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x774B0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x767A0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76650000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76000000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x75C70000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75D30000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x748C0000
Library C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x75790000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74C80000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76410000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x75BC0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x75DB0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75950000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75420000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1000
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00940000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x74AE0000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x75BC0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x75DB0000
Library c:\windows\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757F0000
Library c:\windows\system32\FirewallAPI.dll (Windows Firewall API/Microsoft Corporation) 0x74B90000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76650000
Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75070000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76000000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x75C70000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75D30000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x752A0000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75400000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75810000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75090000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x74D10000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75650000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75950000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74F00000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x74F80000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x74C40000
Library C:\Windows\System32\wship6.dll (Winsock2 Helper DLL (TL/IPv6)/Microsoft Corporation) 0x75060000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76210000
Library C:\Windows\system32\fwpuclnt.dll (FWP/IPsec User-Mode API/Microsoft Corporation) 0x73570000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1068
Library C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00940000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

pancakejohn · « **Reply #27 on:** April 23, 2010, 01:52:01 PM »

Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x75A30000
Library C:\Windows\System32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x74AB0000
Library C:\Windows\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x75C40000
Library C:\Windows\System32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74F00000
Library C:\Windows\System32\audioses.dll (Audio Session/Microsoft Corporation) 0x73E00000
Library C:\Windows\System32\audioeng.dll (Audio Engine/Microsoft Corporation) 0x73D90000
Library C:\Windows\System32\AVRT.dll (Multimedia Realtime Runtime/Microsoft Corporation) 0x74790000
Library c:\windows\system32\lmhsvc.dll (TCPIP NetBios Transport Services DLL/Microsoft Corporation) 0x73AB0000
Library c:\windows\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x751F0000
Library c:\windows\system32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x751B0000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x75440000
Library c:\windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x751A0000
Library c:\windows\system32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75170000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1172
Library C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00940000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library C:\Windows\System32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74C80000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76410000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x75BC0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x75DB0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75950000
Library C:\Windows\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75420000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76650000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76000000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x75C70000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75D30000
Library c:\windows\system32\audiosrv.dll (Windows Audio Service/Microsoft Corporation) 0x743A0000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x75EA0000
Library c:\windows\system32\MMDevAPI.DLL (MMDevice API/Microsoft Corporation) 0x747D0000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x774B0000
Library c:\windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x74C50000
Library c:\windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x750A0000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x748C0000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76210000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x75A30000
Library C:\Windows\System32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x74AB0000
Library C:\Windows\System32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x752A0000
Library C:\Windows\System32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75400000
Library C:\Windows\System32\USERENV.dll (Userenv/Microsoft Corporation) 0x75810000
Library C:\Windows\System32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x75C40000
Library c:\windows\system32\cscsvc.dll (CSC Service DLL/Microsoft Corporation) 0x73C90000
Library C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x767A0000
Library c:\windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x753A0000
Library C:\Windows\System32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74F00000
Library C:\Windows\System32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x74EE0000
Library C:\Windows\System32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75260000
Library c:\windows\system32\uxsms.dll (Microsoft User Experience Session Management Service/Microsoft Corporation) 0x73C60000
Library c:\windows\system32\tabsvc.dll (Microsoft Tablet PC Input Service/Microsoft Corporation) 0x73A90000
Library c:\windows\system32\HID.DLL (Hid User Library/Microsoft Corporation) 0x73C80000
Library c:\windows\system32\wudfsvc.dll (Windows Driver Foundation - User-mode Driver Framework Service/Microsoft Corporation) 0x73C00000
Library c:\windows\system32\WUDFPlatform.dll (Windows Driver Foundation - User-mode Platform Library/Microsoft Corporation) 0x73A60000
Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75070000
Library c:\windows\system32\wevtapi.dll (Eventing Consumption and Configuration API/Microsoft Corporation) 0x75220000
Library C:\Windows\System32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75650000
Library C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x75790000
Library c:\windows\system32\emdmgmt.dll (ReadyBoost Service/Microsoft Corporation) 0x6F2A0000
Library c:\windows\system32\WDSCORE.dll (Panther Engine Module/Microsoft Corporation) 0x70930000
Library c:\windows\system32\SLWGA.dll (Software Licensing WGA API/Microsoft Corporation) 0x732C0000
Library C:\Windows\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x760D0000
Library C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x76460000
Library c:\windows\system32\hidserv.dll (HID Service/Microsoft Corporation) 0x740C0000
Library c:\windows\system32\netman.dll (Network Connections Manager/Microsoft Corporation) 0x6F180000
Library c:\windows\system32\RASAPI32.dll (Remote Access API/Microsoft Corporation) 0x6F370000
Library c:\windows\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x6F350000
Library c:\windows\system32\TAPI32.dll (Microsoft® Windows(TM) Telephony API Client DLL/Microsoft Corporation) 0x6F140000
Library c:\windows\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x74380000
Library c:\windows\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x74080000
Library c:\windows\system32\OLEACC.dll (Active Accessibility Core Component/Microsoft Corporation) 0x74040000
Library c:\windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x751A0000
Library c:\windows\system32\pcasvc.dll (Program Compatibility Assistant Service/Microsoft Corporation) 0x6F340000
Library c:\windows\system32\sysmain.dll (Superfetch Service Host/Microsoft Corporation) 0x6E8E0000
Library c:\windows\system32\trkwks.dll (Distributed Link Tracking Client/Microsoft Corporation) 0x6F010000
Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75090000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x74D10000
Library c:\windows\system32\wpdbusenum.dll (Portable Device Enumerator/Microsoft Corporation) 0x6E8C0000
Library C:\Windows\system32\PortableDeviceApi.dll (Windows Portable Device API Components/Microsoft Corporation) 0x6E660000
Library C:\Windows\System32\netshell.dll (Network Connections Shell/Microsoft Corporation) 0x6CE50000
Library C:\Windows\System32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x751F0000
Library C:\Windows\System32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x751B0000
Library C:\Windows\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x75440000
Library C:\Windows\System32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75170000
Library C:\Windows\System32\nlaapi.dll (Network Location Awareness 2/Microsoft Corporation) 0x74030000
Library C:\Windows\System32\RASDLG.dll (Remote Access Common Dialog API/Microsoft Corporation) 0x6D5E0000
Library C:\Windows\System32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x6DBD0000
Library C:\Windows\System32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x733F0000
Library C:\Windows\System32\adsldpc.dll (ADs LDAP Provider C DLL/Microsoft Corporation) 0x733B0000
Library C:\Windows\System32\credui.dll (Credential Manager User Interface/Microsoft Corporation) 0x73380000
Library C:\Windows\System32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x73D70000
Library C:\Windows\system32\cscobj.dll (In-proc COM object used by clients of CSC API/Microsoft Corporation) 0x6D160000
Library C:\Windows\system32\CSCAPI.dll (Offline Files Win32 API/Microsoft Corporation) 0x719F0000
Library C:\Windows\System32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x6DEB0000
Library C:\Windows\System32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x73510000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x74F80000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x74C40000
Library C:\Windows\system32\upnp.dll (UPnP Control Point API/Microsoft Corporation) 0x6C630000
Library C:\Windows\system32\SSDPAPI.dll (SSDP Client API DLL/Microsoft Corporation) 0x70920000
Library C:\Windows\System32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x756D0000
Library C:\Windows\System32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x70FE0000
Library C:\Windows\system32\netcfgx.dll (Network Configuration Objects/Microsoft Corporation) 0x6E240000
Library C:\Windows\System32\Cabinet.dll (Microsoft® Cabinet File API/Microsoft Corporation) 0x74770000
Library C:\Windows\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x6E7A0000
Library C:\Windows\system32\wbemcomn.dll (WMI/Microsoft Corporation) 0x6E6B0000
Library C:\Windows\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x6E230000
Library C:\Windows\system32\wbem\fastprox.dll (WMI Custom Marshaller/Microsoft Corporation) 0x6DC90000
Library C:\Windows\system32\NTDSAPI.dll (Active Directory Domain Services API/Microsoft Corporation) 0x753E0000
Library C:\Windows\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) &

pancakejohn · « **Reply #28 on:** April 23, 2010, 01:53:03 PM »

Library C:\Windows\system32\RESUTILS.DLL (Microsoft Cluster Resource Utility DLL/Microsoft Corporation) 0x73670000
Library C:\Windows\system32\PROPSYS.dll (Microsoft Property System/Microsoft Corporation) 0x73F20000
Library C:\Windows\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x756D0000
Library C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x75790000
Library C:\Windows\system32\tschannel.dll (Task Scheduler Proxy/Microsoft Corporation) 0x72E90000
Library C:\Windows\system32\ACTXPRXY.DLL (ActiveX Interface Marshaling Library/Microsoft Corporation) 0x71840000
Library c:\windows\system32\browser.dll (Computer Browser Service DLL/Microsoft Corporation) 0x74360000
Library c:\windows\system32\aelupsvc.dll (Application Experience Service/Microsoft Corporation) 0x74390000
Library c:\windows\system32\ikeext.dll (IKE extension/Microsoft Corporation) 0x6F230000
Library c:\windows\system32\fwpuclnt.dll (FWP/IPsec User-Mode API/Microsoft Corporation) 0x73570000
Library C:\Windows\system32\ncrypt.dll (Windows cryptographic library/Microsoft Corporation) 0x75120000
Library C:\Windows\system32\BCRYPT.dll (Windows Cryptographic Primitives Library/Microsoft Corporation) 0x750D0000
Library c:\windows\system32\seclogon.dll (Secondary Logon Service DLL/Microsoft Corporation) 0x6F120000
Library c:\windows\system32\wbem\wmisvc.dll (WMI/Microsoft Corporation) 0x6E7E0000
Library C:\Windows\system32\wbemcomn.dll (WMI/Microsoft Corporation) 0x6E6B0000
Library c:\windows\system32\iphlpsvc.dll (Service that offers IPv6 connectivity over an IPv4 network./Microsoft Corporation) 0x6E1E0000
Library c:\windows\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x74380000
Library c:\windows\system32\sqmapi.dll (SQM Client/Microsoft Corporation) 0x6E890000
Library c:\windows\system32\rasmans.dll (Remote Access Connection Manager/Microsoft Corporation) 0x6E2A0000
Library C:\Windows\system32\rastapi.dll (Remote Access TAPI Compliance Layer/Microsoft Corporation) 0x6EF20000
Library C:\Windows\system32\TAPI32.dll (Microsoft® Windows(TM) Telephony API Client DLL/Microsoft Corporation) 0x6F140000
Library C:\Windows\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x74080000
Library C:\Windows\system32\OLEACC.dll (Active Accessibility Core Component/Microsoft Corporation) 0x74040000
Library C:\Windows\system32\Cabinet.dll (Microsoft® Cabinet File API/Microsoft Corporation) 0x74770000
Library C:\Windows\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x6DEB0000
Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x74EE0000
Library C:\Windows\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x73510000
Library C:\Windows\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x6F3C0000
Library C:\Windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x74340000
Library C:\Windows\system32\XmlLite.dll (Microsoft XmlLite Library/Microsoft Corporation) 0x747A0000
Library C:\Windows\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x753A0000
Library C:\Windows\system32\wbem\wbemcore.dll (Windows Management Instrumentation/Microsoft Corporation) 0x6DD30000
Library C:\Windows\system32\wbem\esscli.dll (WMI/Microsoft Corporation) 0x6DE60000
Library C:\Windows\system32\wbem\FastProx.dll (WMI Custom Marshaller/Microsoft Corporation) 0x6DC90000
Library C:\Windows\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x6E230000
Library C:\Windows\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x6DE40000
Library C:\Windows\system32\wbem\repdrvfs.dll (WMI Repository Driver/Microsoft Corporation) 0x6DC40000
Library C:\Windows\system32\rasppp.dll (Remote Access PPP/Microsoft Corporation) 0x6DBF0000
Library C:\Windows\system32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x6DBD0000
Library C:\Windows\system32\RASAPI32.dll (Remote Access API/Microsoft Corporation) 0x6F370000
Library C:\Windows\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x6F350000
Library C:\Windows\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x74FC0000
Library C:\Windows\system32\RASQEC.DLL (RAS Quarantine Enforcement Client/Microsoft Corporation) 0x6DBB0000
Library C:\Windows\system32\QUtil.dll (Quarantine Utilities/Microsoft Corporation) 0x6DB90000
Library C:\Windows\system32\wbem\wmiprvsd.dll (WMI/Microsoft Corporation) 0x6DA90000
Library C:\Windows\system32\NCObjAPI.DLL (Microsoft Corporation) 0x757C0000
Library C:\Windows\System32\raschap.dll (Remote Access PPP CHAP/Microsoft Corporation) 0x6DA40000
Library C:\Windows\System32\rastls.dll (Remote Access PPP EAP-TLS/Microsoft Corporation) 0x6DB10000
Library C:\Windows\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x6F650000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x74B70000
Library C:\Windows\system32\WinSCard.dll (Microsoft Smart Card API/Microsoft Corporation) 0x6DB70000
Library C:\Windows\system32\wbem\wbemess.dll (WMI/Microsoft Corporation) 0x6D980000
Library C:\Windows\system32\napinsp.dll (E-mail Naming Shim Provider/Microsoft Corporation) 0x713C0000
Library C:\Windows\system32\pnrpnsp.dll (PNRP Name Space Provider/Microsoft Corporation) 0x711D0000
Library C:\Windows\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x71200000
Library C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.) 0x16080000
Library C:\Windows\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x72EA0000
Library C:\Windows\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x6CE00000
Library C:\Windows\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x74F40000

Process C:\Windows\system32\AUDIODG.EXE (Windows Audio Device Graph Isolation /Microsoft Corporation) 1320
Library C:\Windows\system32\AUDIODG.EXE (Windows Audio Device Graph Isolation /Microsoft Corporation) 0x00A30000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\System32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\System32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\System32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library C:\Windows\System32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\System32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76650000
Library C:\Windows\System32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\System32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\System32\MMDevAPI.DLL (MMDevice API/Microsoft Corporation) 0x747D0000
Library C:\Windows\System32\OLEAUT32.dll (Microsoft Corporation) 0x75EA0000
Library C:\Windows\System32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x774B0000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76000000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x75C70000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75D30000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74C80000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76410000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x75BC0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x75DB0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75950000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75420000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76210000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74F00000
Library C:\Windows\System32\audioses.dll (Audio Session/Microsoft Corporation) 0x73E00000
Library C:\Windows\System32\audioeng.dll (Audio Engine/Microsoft Corporation) 0x73D90000
Library C:\Windows\System32\AVRT.dll (Multimedia Realtime Runtime/Microsoft Corporation) 0x74790000
Library C:\Windows\System32\audiokse.dll (Audio Ks Endpoint/Microsoft Corporation) 0x73B20000
Library C:\Windows\System32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x75A30000
Library C:\Windows\System32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x752A0000
Library C:\Windows\System32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75400000
Library C:\Windows\System32\USERENV.dll (Userenv/Microsoft Corporation) 0x75810000
Library C:\Windows\System32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757F0000
Library C:\Windows\System32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x74AB0000
Library C:\Windows\System32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x75C40000
Library C:\Windows\System32\ksuser.dll (User CSA Library/Microsoft Corporation) 0x74B80000

Process C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd) 1348
Library C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd) 0x00400000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73ED0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x767A0000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x774B0000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76650000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\DSOUND.dll (DirectSound/Microsoft Corporation) 0x73E60000
Library C:\Windows\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x74080000
Library C:\Windows\system32\OLEACC.dll (Active Accessibility Core Component/

pancakejohn · « **Reply #29 on:** April 23, 2010, 01:53:44 PM »

Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76650000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x75EA0000
Library C:\Windows\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x74830000
Library C:\Windows\system32\IMM32.dll (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76000000
Library C:\Windows\system32\dwmredir.dll (Microsoft Desktop Window Manager Redirection Component/Microsoft Corporation) 0x732D0000
Library C:\Windows\system32\SLWGA.dll (Software Licensing WGA API/Microsoft Corporation) 0x732C0000
Library C:\Windows\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x760D0000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x774B0000
Library C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x76460000
Library C:\Windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x74C50000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75260000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x75C70000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75D30000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x748C0000
Library C:\Windows\system32\milcore.dll (Microsoft MIL Core Library/Microsoft Corporation) 0x730D0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75950000
Library C:\Windows\system32\d3d9.dll (Microsoft Direct3D/Microsoft Corporation) 0x72F10000
Library C:\Windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75070000
Library C:\Windows\system32\d3d8thk.dll (Microsoft Direct3D OS Thunk Layer/Microsoft Corporation) 0x72F00000
Library C:\Windows\system32\dwmapi.dll (Microsoft Desktop Window Manager API/Microsoft Corporation) 0x73C50000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74C80000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76410000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x75BC0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x75DB0000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75420000
Library C:\Windows\system32\nvd3dum.dll (NVIDIA Compatible Vista WDDM D3D Driver, Version 191.07 /NVIDIA Corporation) 0x721A0000
Library C:\Windows\system32\uDWM.dll (Microsoft Desktop Window Manager/Microsoft Corporation) 0x72EC0000
Library C:\Windows\system32\WindowsCodecs.dll (Microsoft Windows Codecs Library/Microsoft Corporation) 0x739A0000
Library C:\Windows\system32\powrprof.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74C60000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1476
Library C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 0x00940000
Library C:\Windows\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x772B0000
Library C:\Windows\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x75DC0000
Library C:\Windows\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x75C80000
Library C:\Windows\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x75F30000
Library C:\Windows\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x75960000
Library C:\Windows\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x74C80000
Library C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation) 0x77410000
Library C:\Windows\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x75BF0000
Library C:\Windows\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76410000
Library C:\Windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x75BC0000
Library C:\Windows\system32\NSI.dll (NSI User-mode interface DLL/Microsoft Corporation) 0x75DB0000
Library C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x75950000
Library C:\Windows\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x75420000
Library C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x76650000
Library C:\Windows\system32\IMM32.DLL (Multi-User Windows IMM32 API Client DLL/Microsoft Corporation) 0x773E0000
Library C:\Windows\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x76000000
Library C:\Windows\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x75C70000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x75D30000
Library c:\windows\system32\es.dll (COM+/Microsoft Corporation) 0x73AD0000
Library C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation) 0x75EA0000
Library c:\windows\system32\PROPSYS.dll (Microsoft Property System/Microsoft Corporation) 0x73F20000
Library C:\Windows\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x74F00000
Library C:\Windows\system32\CLBCatQ.DLL (COM+ Configuration Catalog/Microsoft Corporation) 0x76210000
Library c:\windows\system32\nsisvc.dll (Network Store Interface RPC server/Microsoft Corporation) 0x73970000
Library C:\Windows\system32\secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x757F0000
Library C:\Windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x752A0000
Library C:\Windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x75400000
Library C:\Windows\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x75810000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75090000
Library C:\Windows\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x74D10000
Library C:\Windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x75650000
Library c:\windows\system32\webclnt.dll (Web DAV Service DLL/Microsoft Corporation) 0x73690000
Library c:\windows\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x73510000
Library C:\Windows\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x774B0000
Library C:\Windows\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x760D0000
Library C:\Windows\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x76460000
Library C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x748C0000
Library C:\Windows\system32\shell32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x767A0000
Library C:\Windows\system32\WinInet.dll (Internet Extensions for Win32/Microsoft Corporation) 0x762A0000
Library C:\Windows\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x77400000
Library c:\windows\system32\wkssvc.dll (Workstation Service DLL/Microsoft Corporation) 0x73460000
Library c:\windows\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x751F0000
Library c:\windows\system32\dhcpcsvc.DLL (DHCP Client Service/Microsoft Corporation) 0x751B0000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x75440000
Library c:\windows\system32\WINNSI.DLL (Network Store Information RPC interface/Microsoft Corporation) 0x751A0000
Library c:\windows\system32\dhcpcsvc6.DLL (DHCPv6 Client/Microsoft Corporation) 0x75170000
Library c:\windows\system32\NTDSAPI.dll (Active Directory Domain Services API/Microsoft Corporation) 0x753E0000
Library c:\windows\system32\WINBRAND.dll (Windows Branding Resources/Microsoft Corporation) 0x74D60000
Library c:\windows\system32\fdrespub.dll (Function Discovery Resource Publication Service/Microsoft Corporation) 0x74330000
Library c:\windows\system32\wsdapi.dll (Web Services for Devices API DLL/Microsoft Corporation) 0x71470000
Library c:\windows\system32\HTTPAPI.dll (HTTP Protocol Stack API/Microsoft Corporation) 0x71510000
Library c:\windows\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x74AB0000
Library C:\Windows\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x75C40000
Library c:\windows\system32\XmlLite.dll (Microsoft XmlLite Library/Microsoft Corporation) 0x747A0000
Library c:\windows\system32\FirewallAPI.dll (Windows Firewall API/Microsoft Corporation) 0x74B90000
Library c:\windows\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x75070000
Library C:\Windows\system32\FunDisc.dll (Function Discovery Dll/Microsoft Corporation) 0x71400000
Library C:\Windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x73D70000
Library C:\Windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x75A30000
Library C:\Windows\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x74F80000
Library C:\Windows\System32\wshtcpip.dll (Winsock2 Helper DLL (TL/IPv4)/Microsoft Corporation) 0x74C40000
Library C:\Windows\System32\wship6.dll (Winsock2 Helper DLL (TL/IPv6)/Microsoft Corporation) 0x75060000
Library c:\windows\system32\ssdpsrv.dll (SSDP Service DLL/Microsoft Corporation) 0x6F0E0000
Library c:\windows\system32\sstpsvc.dll (Provides the facility of using Secure Socket Tunneling Protocol (SSTP) to connect to remote computers (using VPN)./Microsoft Corporation) 0x6F050000
Library c:\windows\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x74380000
Library C:\Windows\System32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x70FE0000
Library C:\Windows\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x756D0000
Library c:\windows\system32\w32time.dll (Windows Time Service/Microsoft Corporation) 0x6E840000
Library c:\windows\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x75470000
Library C:\Windows\system32\GPAPI.dll (Group Policy Client API/Microsoft Corporation) 0x74EE0000
Library C:\Windows\system32\slc.dll (Software Licensing Client Dll/Microsoft Corporation) 0x75260000
Library C:\Windows\system32\NLAapi.dll (Network Location Awareness 2/Microsoft Corporation) 0x74030000
Library C:\Windows\system32\napinsp.dll (E-mail Naming Shim Provider/Microsoft Corporation) 0x713C0000
Library C:\Windows\system32\pnrpnsp.dll (PNRP Name Space Provider/Microsoft Corporation) 0x711D0000
Library C:\Windows\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) &

Computer Hope Forum

News:

Author Topic: Rootkit.Win32.TDSS.d on Vista (Read 79763 times)

SuperDave

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

SuperDave

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

SuperDave

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

SuperDave

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

SuperDave

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista

pancakejohn

Re: Rootkit.Win32.TDSS.d on Vista