TechSpot

Websites redirected, can't run Windows Update, can't install Malwarebytes

Inactive
By weety
Oct 3, 2012
  1. weety

    weety TS Rookie Topic Starter Posts: 60

    I ran the fix. One message popped up to say one folder couldn't be deleted as it's a Windows system folder.

    Upon reboot, Google Chrome no longer works (I tried reinstalling Chrome, but the installer now won't run). However, Internet Explorer seems to be back somehow. All other problems are unchanged, so I'll run a quick scan in a minute.

    Here's the first log:


    All processes killed
    ========== OTL ==========
    C:\WINNT\system32\CcmFramework.ini moved successfully.
    C:\WINNT\system32\CcmFramework.h moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5954813 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5387018 bytes

    User: hmc05
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 449205614 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5785646 bytes

    User: NetworkService
    ->Temp folder emptied: 16384 bytes
    ->Temporary Internet Files folder emptied: 379157 bytes

    User: nighttime
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1014085 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    Session Manager Temp folder emptied: 439 bytes
    Session Manager Tmp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 446.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10192012_180239
    Files\Folders moved on Reboot...
    File move failed. C:\Documents and Settings\hmc05\local settings\Application Data\Microsoft\Windows\UsrClass.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\hmc05\local settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\local settings\Application Data\Microsoft\Windows\UsrClass.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\local settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG scheduled to be moved on reboot.
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_770.dat not found!
    File move failed. C:\Documents and Settings\NetworkService\local settings\Application Data\Microsoft\Windows\UsrClass.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\NetworkService\local settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  2. weety

    weety TS Rookie Topic Starter Posts: 60

    Log from Quick Scan:


    OTL logfile created on: 19/10/2012 18:18:32 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\hmc05\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.95 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 73.83% Memory free
    4.79 Gb Paging File | 4.05 Gb Available in Paging File | 84.67% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 187.03 Gb Free Space | 80.31% Space Free | Partition Type: NTFS
    Drive D: | 616.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive H: | 8.00 Gb Total Space | 6.93 Gb Free Space | 86.68% Space Free | Partition Type: NTFS
    Drive L: | 390.63 Mb Total Space | 195.66 Mb Free Space | 50.09% Space Free | Partition Type: NTFS
    Drive V: | 90.45 Gb Total Space | 27.96 Gb Free Space | 30.91% Space Free | Partition Type: NTFS
    Drive W: | 90.45 Gb Total Space | 27.96 Gb Free Space | 30.91% Space Free | Partition Type: NTFS
    Drive Y: | 90.45 Gb Total Space | 27.96 Gb Free Space | 30.91% Space Free | Partition Type: NTFS
    Drive Z: | 90.45 Gb Total Space | 27.96 Gb Free Space | 30.91% Space Free | Partition Type: NTFS

    Computer Name: EE-HMC05 | User Name: hmc05 | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/07 20:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hmc05\Desktop\OTL.exe
    PRC - [2011/10/28 14:15:14 | 000,062,976 | ---- | M] (Imperial College London) -- C:\Program Files\Imperial College London\Auto-sleep\auto-sleep.exe
    PRC - [2010/11/18 15:11:40 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/11/18 15:11:19 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2010/11/18 15:11:18 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2010/11/18 15:11:07 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2009/11/17 12:55:13 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\CCM\CcmExec.exe
    PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/12/21 02:42:16 | 000,176,235 | ---- | M] () -- C:\WINNT\system32\Primomonnt.dll
    MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINNT\system32\pdfcmnnt.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2012/09/24 12:18:19 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2010/11/18 15:11:40 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/11/18 15:11:40 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/11/18 15:11:18 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/11/18 15:11:10 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2010/11/18 15:11:07 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/11/17 12:55:13 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec)
    SRV - [2009/09/18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\System32\CCM\TSManager.exe -- (smstsmgr)
    SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (rkhdrv40)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\hmc05\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2012/09/17 09:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120924.035\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/09/17 09:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120924.035\NAVENG.SYS -- (NAVENG)
    DRV - [2012/08/15 14:26:06 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/08/15 14:26:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/11/18 15:14:59 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/11/18 15:11:43 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2010/11/18 15:11:43 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2010/11/18 15:11:42 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2010/11/18 15:10:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\symtdi.sys -- (SYMTDI)
    DRV - [2010/11/18 15:10:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\symredrv.sys -- (SYMREDRV)
    DRV - [2010/11/18 15:10:26 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2009/12/18 00:14:34 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\sptd.sys -- (sptd)
    DRV - [2009/09/18 05:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr)
    DRV - [2009/07/03 11:52:32 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2008/10/20 21:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\smsmdm.sys -- (smsmdd)
    DRV - [2008/07/19 11:40:48 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HECI.sys -- (HECI)
    DRV - [2008/06/05 12:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\e1k5132.sys -- (e1kexpress)
    DRV - [2008/03/28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\sfaudio.sys -- (SFAUDIO)
    DRV - [2005/10/21 11:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ifxtpm.sys -- (IFXTPM)
    DRV - [2005/10/18 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\cvintdrv.sys -- (cvintdrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{5C6775AE-B17E-43EC-951F-1735ED9382DB}: "URL" = http://search.live.com/ie.aspx?q={searchTerms}
    IE - HKLM\..\SearchScopes\{5CEB5537-BEEB-4BC2-A428-B524DC584A5A}: "URL" = http://search.imperial.ac.uk/icsear...h=20&cs=iso-8859-1&sc=imperial&sm=0&ha=0&mt=1
    IE - HKLM\..\SearchScopes\{6D91FEDC-F816-4F15-B929-B6B57184D2F8}: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{2ED652B6-A935-4ECF-95F9-E62AC8AAFD4F}: "URL" = http://search.live.com/ie.aspx?q={searchTerms}
    IE - HKCU\..\SearchScopes\{5A81F079-14F5-4766-A656-C6889E04A9E0}: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}
    IE - HKCU\..\SearchScopes\{850361F7-476B-44B8-AB49-9C7F85564DBD}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
    IE - HKCU\..\SearchScopes\{F66A58C6-CA60-4AB4-885F-0196F9274FF5}: "URL" = http://search.imperial.ac.uk/icsear...h=20&cs=iso-8859-1&sc=imperial&sm=0&ha=0&mt=1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2981: C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3039: C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1798: C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/16 18:09:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/02 11:35:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/16 15:15:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7.3\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7.3\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins

    [2012/05/16 18:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/03/22 13:39:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2005/09/20 00:00:08 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13123.dll
    [2005/10/12 16:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV80Win32.dll
    [2012/04/21 03:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/04/21 03:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/21 03:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/04/21 03:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/04/21 03:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/04/21 03:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/10/09 21:11:31 | 000,000,855 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto-sleep.lnk = C:\WINNT\Installer\{F1F8CE7F-1D24-416F-BFA1-F7DD39D8A000}\mainicon.ico ()
    O4 - Startup: C:\Documents and Settings\hmc05\Start Menu\Programs\Startup\Dropbox.lnk = File not found
    O4 - Startup: C:\Documents and Settings\hmc05\Start Menu\Programs\Startup\ICTprintservice.lnk = \\ICADS11\netlogon\clusters\common\ICTprintservice.cmd ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRunOnStartMenu = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O15 - HKCU\..Trusted Domains: ic.ac.uk ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: ic.ac.uk ([]file in Trusted sites)
    O15 - HKCU\..Trusted Domains: icfs16.cc.ic.ac.uk ([]file in Trusted sites)
    O15 - HKCU\..Trusted Domains: imperial.ac.uk ([]* in Local intranet)
    O16 - DPF: {64A6114F-2976-4634-BE36-134BF84D369C} https://www3.imperial.ac.uk/eWebEditPro/ewebeditpro4.cab (eWebEditProLibCtl4.eWebEditPro)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AD} ftp://ftp.ni.com/pub/devzone/tut/cnx_lv8_runtime.exe (LabVIEWControl Class)
    O16 - DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.23)
    O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 155.198.142.7 155.198.142.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ic.ac.uk
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA44147E-D188-421D-83F4-E51BBDEDA4DC}: DhcpNameServer = 155.198.142.7 155.198.142.8
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
    O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
    O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
    O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
    O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/14 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/19 18:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google
    [2012/10/19 18:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Identities
    [2012/10/19 18:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Symantec
    [2012/10/19 18:02:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/10/19 18:02:54 | 000,000,000 | -HSD | C] -- \RECYCLER
    [2012/10/19 18:02:39 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/10/19 18:02:39 | 000,000,000 | ---D | C] -- \_OTL
    [2012/10/19 02:05:21 | 000,000,000 | ---D | C] -- C:\WINNT\temp
    [2012/10/18 14:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Start Menu\Programs\Google Chrome
    [2012/10/18 14:27:37 | 000,000,000 | ---D | C] -- H:\Macromedia
    [2012/10/15 18:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Start Menu\Programs\Rootkit Unhooker
    [2012/10/15 18:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Desktop\a02nf
    [2012/10/15 17:42:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
    [2012/10/15 09:53:07 | 000,708,960 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\hmc05\Desktop\GetSystemInfo.exe
    [2012/10/11 15:47:20 | 000,694,287 | ---- | C] (Farbar) -- C:\Documents and Settings\hmc05\Desktop\FSS.exe
    [2012/10/11 10:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Desktop\RK_Quarantine
    [2012/10/10 09:16:40 | 000,000,000 | ---D | C] -- C:\WINNT\ms
    [2012/10/09 21:13:02 | 000,000,000 | ---D | C] -- C:\WINNT\SoftwareDistribution
    [2012/10/09 21:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Start Menu
    [2012/10/09 20:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
    [2012/10/09 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
    [2012/10/09 20:39:52 | 000,000,000 | ---D | C] -- C:\RegBackup
    [2012/10/09 20:39:52 | 000,000,000 | ---D | C] -- \RegBackup
    [2012/10/09 20:34:09 | 000,116,224 | ---- | C] (Xerox) -- C:\WINNT\System32\dllcache\xrxwiadr.dll
    [2012/10/09 20:34:07 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINNT\System32\dllcache\xrxwbtmp.dll
    [2012/10/09 20:33:46 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\xlog.exe
    [2012/10/09 20:33:43 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINNT\System32\dllcache\xem336n5.sys
    [2012/10/09 20:33:27 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINNT\System32\dllcache\wlluc48.sys
    [2012/10/09 20:33:25 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINNT\System32\dllcache\wlandrv2.sys
    [2012/10/09 20:33:19 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINNT\System32\dllcache\winacisa.sys
    [2012/10/09 20:33:06 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINNT\System32\dllcache\wbfirdma.sys
    [2012/10/09 20:32:54 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w940nd.sys
    [2012/10/09 20:32:52 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w926nd.sys
    [2012/10/09 20:32:49 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w840nd.sys
    [2012/10/09 20:32:44 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\vvoice.sys
    [2012/10/09 20:32:41 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\vpctcom.sys
    [2012/10/09 20:32:38 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\vmodem.sys
    [2012/10/09 20:32:36 | 000,249,402 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\vinwm.sys
    [2012/10/09 20:32:25 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usrti.sys
    [2012/10/09 20:32:15 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1806v.sys
    [2012/10/09 20:32:12 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1806.sys
    [2012/10/09 20:32:10 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1801.sys
    [2012/10/09 20:32:06 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINNT\System32\dllcache\usb101et.sys
    [2012/10/09 20:31:52 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINNT\System32\dllcache\umaxscan.dll
    [2012/10/09 20:31:43 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINNT\System32\dllcache\um54scan.dll
    [2012/10/09 20:31:40 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINNT\System32\dllcache\um34scan.dll
    [2012/10/09 20:31:28 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridxpm.sys
    [2012/10/09 20:31:25 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridxp.dll
    [2012/10/09 20:31:23 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridkbm.sys
    [2012/10/09 20:31:20 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridkb.dll
    [2012/10/09 20:31:18 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\trid3dm.sys
    [2012/10/09 20:31:16 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\trid3d.dll
    [2012/10/09 20:30:54 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINNT\System32\dllcache\tjisdn.sys
    [2012/10/09 20:30:51 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tgiulnt5.sys
    [2012/10/09 20:30:49 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tgiul50.dll
    [2012/10/09 20:30:48 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINNT\System32\dllcache\tffsport.sys
    [2012/10/09 20:30:45 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINNT\System32\dllcache\tdkcd31.sys
    [2012/10/09 20:30:42 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINNT\System32\dllcache\tdk100b.sys
    [2012/10/09 20:30:32 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\t2r4mini.sys
    [2012/10/09 20:30:30 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINNT\System32\dllcache\t2r4disp.dll
    [2012/10/09 20:30:00 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnprop.dll
    [2012/10/09 20:29:58 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlncoin.dll
    [2012/10/09 20:29:56 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnata.sys
    [2012/10/09 20:29:53 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINNT\System32\dllcache\stcusb.sys
    [2012/10/09 20:29:49 | 000,048,736 | ---- | C] (3Com) -- C:\WINNT\System32\dllcache\srwlnd5.sys
    [2012/10/09 20:29:34 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINNT\System32\dllcache\sparrow.sys
    [2012/10/09 20:29:15 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINNT\System32\dllcache\smiminib.sys
    [2012/10/09 20:29:12 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINNT\System32\dllcache\smidispb.dll
    [2012/10/09 20:29:10 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINNT\System32\dllcache\smcpwr2n.sys
    [2012/10/09 20:29:08 | 000,035,913 | ---- | C] (SMC) -- C:\WINNT\System32\dllcache\smcirda.sys
    [2012/10/09 20:29:06 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINNT\System32\dllcache\smc8000n.sys
    [2012/10/09 20:28:48 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINNT\System32\dllcache\sla30nd5.sys
    [2012/10/09 20:28:46 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINNT\System32\dllcache\skfpwin.sys
    [2012/10/09 20:28:43 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINNT\System32\dllcache\sk98xwin.sys
    [2012/10/09 20:28:39 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINNT\System32\dllcache\sisnic.sys
    [2012/10/09 20:28:19 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINNT\System32\dllcache\sgsmusb.sys
    [2012/10/09 20:28:17 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINNT\System32\dllcache\sgsmld.sys
    [2012/10/09 20:28:15 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\sgiulnt5.sys
    [2012/10/09 20:28:12 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\sgiul50.dll
    [2012/10/09 20:27:53 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINNT\System32\dllcache\scr111.sys
    [2012/10/09 20:27:48 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\sccmusbm.sys
    [2012/10/09 20:27:46 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\sccmn50m.sys
    [2012/10/09 20:27:36 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav4m.sys
    [2012/10/09 20:27:33 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav4.dll
    [2012/10/09 20:27:31 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav3dm.sys
    [2012/10/09 20:27:29 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav3d.dll
    [2012/10/09 20:27:27 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mvirge.dll
    [2012/10/09 20:27:25 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mtrio.dll
    [2012/10/09 20:27:23 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mt3d.sys
    [2012/10/09 20:27:21 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mt3d.dll
    [2012/10/09 20:27:19 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3m.sys
    [2012/10/09 20:27:14 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rwia450.dll
    [2012/10/09 20:27:12 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rwia430.dll
    [2012/10/09 20:27:11 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rw450ext.dll
    [2012/10/09 20:27:10 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rw430ext.dll
    [2012/10/09 20:27:01 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\rsmgrstr.dll
     
  3. weety

    weety TS Rookie Topic Starter Posts: 60

    [2012/10/09 20:26:57 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINNT\System32\dllcache\rocket.sys
    [2012/10/09 20:26:54 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINNT\System32\dllcache\rlnet5.sys
    [2012/10/09 20:26:51 | 000,086,097 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\reslog32.dll
    [2012/10/09 20:26:39 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\r2mdmkxx.sys
    [2012/10/09 20:26:37 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\r2mdkxga.sys
    [2012/10/09 20:26:17 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserlv.sys
    [2012/10/09 20:26:15 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserlp.sys
    [2012/10/09 20:26:13 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserli.sys
    [2012/10/09 20:26:06 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINNT\System32\dllcache\pscr.sys
    [2012/10/09 20:25:33 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\pctspk.exe
    [2012/10/09 20:25:25 | 000,026,153 | ---- | C] (Linksys) -- C:\WINNT\System32\dllcache\pcmlm56.sys
    [2012/10/09 20:25:24 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINNT\System32\dllcache\pca200e.sys
    [2012/10/09 20:25:22 | 000,030,495 | ---- | C] (Linksys) -- C:\WINNT\System32\dllcache\pc100nds.sys
    [2012/10/09 20:24:56 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otcsercb.sys
    [2012/10/09 20:24:54 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otceth5.sys
    [2012/10/09 20:24:52 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otc06x5.sys
    [2012/10/09 20:24:49 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINNT\System32\dllcache\opl3sax.sys
    [2012/10/09 20:24:36 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINNT\System32\dllcache\ntgrip.sys
    [2012/10/09 20:24:27 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\nm6wdm.sys
    [2012/10/09 20:24:25 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\nm5a2wdm.sys
    [2012/10/09 20:24:21 | 000,132,695 | ---- | C] (802.11b) -- C:\WINNT\System32\dllcache\netwlan5.sys
    [2012/10/09 20:24:14 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\neo20xx.sys
    [2012/10/09 20:24:12 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\neo20xx.dll
    [2012/10/09 20:24:06 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i3disp.dll
    [2012/10/09 20:24:04 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i3d.sys
    [2012/10/09 20:24:02 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128v2.sys
    [2012/10/09 20:24:00 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128v2.dll
    [2012/10/09 20:23:59 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128.sys
    [2012/10/09 20:23:57 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128.dll
    [2012/10/09 20:23:51 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINNT\System32\dllcache\mxport.sys
    [2012/10/09 20:23:49 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINNT\System32\dllcache\mxport.dll
    [2012/10/09 20:23:47 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINNT\System32\dllcache\mxnic.sys
    [2012/10/09 20:23:46 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINNT\System32\dllcache\mxicfg.dll
    [2012/10/09 20:23:44 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINNT\System32\dllcache\mxcard.sys
    [2012/10/09 20:23:09 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINNT\System32\dllcache\mraid35x.sys
    [2012/10/09 20:22:43 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINNT\System32\dllcache\mdgndis5.sys
    [2012/10/09 20:22:30 | 000,797,500 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltsmt.sys
    [2012/10/09 20:22:28 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINNT\System32\dllcache\ltsm.sys
    [2012/10/09 20:22:28 | 000,420,992 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmntt.sys
    [2012/10/09 20:22:26 | 000,606,684 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmnt.sys
    [2012/10/09 20:22:26 | 000,576,746 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmntl.sys
    [2012/10/09 20:22:24 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ltck000c.sys
    [2012/10/09 20:22:18 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINNT\System32\dllcache\lne100tx.sys
    [2012/10/09 20:22:16 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINNT\System32\dllcache\lne100.sys
    [2012/10/09 20:22:14 | 000,025,065 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\lmndis3.sys
    [2012/10/09 20:22:12 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINNT\System32\dllcache\lit220p.sys
    [2012/10/09 20:22:09 | 000,026,442 | ---- | C] (SMSC) -- C:\WINNT\System32\dllcache\lanepic5.sys
    [2012/10/09 20:22:08 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINNT\System32\dllcache\ktc111.sys
    [2012/10/09 20:21:49 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINNT\System32\dllcache\irmk7.sys
    [2012/10/09 20:21:23 | 000,372,824 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\iconf32.dll
    [2012/10/09 20:20:19 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINNT\System32\dllcache\hpgt53tk.dll
    [2012/10/09 20:20:14 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINNT\System32\dllcache\hpgt34tk.dll
    [2012/10/09 20:19:56 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\grserial.sys
    [2012/10/09 20:19:55 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\grclass.sys
    [2012/10/09 20:19:53 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\gpr400.sys
    [2012/10/09 20:19:44 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fxusbase.sys
    [2012/10/09 20:19:37 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fusbbase.sys
    [2012/10/09 20:19:36 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fus2base.sys
    [2012/10/09 20:19:33 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpnpbase.sys
    [2012/10/09 20:19:32 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpcmbase.sys
    [2012/10/09 20:19:31 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpcibase.sys
    [2012/10/09 20:19:30 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINNT\System32\dllcache\forehe.sys
    [2012/10/09 20:19:20 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINNT\System32\dllcache\fa410nd5.sys
    [2012/10/09 20:19:18 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINNT\System32\dllcache\f3ab18xj.sys
    [2012/10/09 20:19:17 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINNT\System32\dllcache\f3ab18xi.sys
    [2012/10/09 20:18:16 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINNT\System32\dllcache\ds1wdm.sys
    [2012/10/09 20:18:09 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINNT\System32\dllcache\dp83820.sys
    [2012/10/09 20:17:53 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINNT\System32\dllcache\dm9pci5.sys
    [2012/10/09 20:17:51 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINNT\System32\dllcache\dlh5xnd5.sys
    [2012/10/09 20:17:50 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diwan.sys
    [2012/10/09 20:17:48 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\ditrace.exe
    [2012/10/09 20:17:47 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvsu.dll
    [2012/10/09 20:17:46 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvpp.dll
    [2012/10/09 20:17:46 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvci.dll
    [2012/10/09 20:17:44 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\dimaint.sys
    [2012/10/09 20:17:32 | 000,024,649 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\dfe650d.sys
    [2012/10/09 20:17:31 | 000,024,648 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\dfe650.sys
    [2012/10/09 20:17:29 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINNT\System32\dllcache\defpa.sys
    [2012/10/09 20:17:15 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwrwdm.sys
    [2012/10/09 20:17:14 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcspud.sys
    [2012/10/09 20:17:14 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcwdm.sys
    [2012/10/09 20:17:13 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcosnt5.sys
    [2012/10/09 20:17:12 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbwdm.sys
    [2012/10/09 20:17:12 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbmidi.sys
    [2012/10/09 20:17:11 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbase.sys
    [2012/10/09 20:17:10 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINNT\System32\dllcache\ctmasetp.dll
    [2012/10/09 20:17:06 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINNT\System32\dllcache\cpscan.dll
    [2012/10/09 20:16:56 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\cmbp0wdm.sys
    [2012/10/09 20:16:48 | 000,980,034 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\cicap.sys
    [2012/10/09 20:16:45 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem56n5.sys
    [2012/10/09 20:16:44 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce3n5.sys
    [2012/10/09 20:16:44 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem33n5.sys
    [2012/10/09 20:16:44 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem28n5.sys
    [2012/10/09 20:16:44 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce2n5.sys
    [2012/10/09 20:16:42 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cbmdmkxx.sys
    [2012/10/09 20:16:42 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cben5.sys
    [2012/10/09 20:16:41 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINNT\System32\dllcache\cb325.sys
    [2012/10/09 20:16:41 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINNT\System32\dllcache\cb102.sys
    [2012/10/09 20:16:40 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\diapi2NT.dll
    [2012/10/09 20:16:39 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diapi2.sys
    [2012/10/09 20:16:26 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brserwdm.sys
    [2012/10/09 20:16:26 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINNT\System32\dllcache\brzwlan.sys
    [2012/10/09 20:16:26 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbmdm.sys
    [2012/10/09 20:16:26 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbscn.sys
    [2012/10/09 20:16:25 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparwdm.sys
    [2012/10/09 20:16:25 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brserif.dll
    [2012/10/09 20:16:25 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINNT\System32\dllcache\brscnrsm.dll
    [2012/10/09 20:16:24 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparimg.sys
    [2012/10/09 20:16:23 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfusb.dll
    [2012/10/09 20:16:23 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfrsmg.exe
    [2012/10/09 20:16:23 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmflpt.dll
    [2012/10/09 20:16:22 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfbidi.dll
    [2012/10/09 20:16:22 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltlo.sys
    [2012/10/09 20:16:22 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltup.sys
    [2012/10/09 20:16:21 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brbidiif.dll
    [2012/10/09 20:16:21 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brevif.dll
    [2012/10/09 20:16:21 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brcoinst.dll
    [2012/10/09 20:16:21 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brfilt.sys
    [2012/10/09 20:16:19 | 000,871,388 | ---- | C] (BCM) -- C:\WINNT\System32\dllcache\bcmdm.sys
    [2012/10/09 20:16:17 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.dll
    [2012/10/09 20:16:17 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\b1cbase.sys
    [2012/10/09 20:16:17 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.sys
    [2012/10/09 20:16:16 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmenum.dll
    [2012/10/09 20:16:16 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmcoxp.dll
    [2012/10/09 20:16:16 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmwan.sys
    [2012/10/09 20:16:16 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINNT\System32\dllcache\aztw2320.sys
    [2012/10/09 20:15:55 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINNT\System32\dllcache\aspndis3.sys
    [2012/10/09 20:15:51 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINNT\System32\dllcache\amb8002.sys
    [2012/10/09 20:15:44 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINNT\System32\dllcache\adptsf50.sys
    [2012/10/09 20:15:43 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8830.sys
    [2012/10/09 20:15:43 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\admjoy.sys
    [2012/10/09 20:15:42 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8810.sys
    [2012/10/09 20:15:42 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8820.sys
    [2012/10/09 20:15:41 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINNT\System32\dllcache\acerscad.dll
    [2012/10/09 20:15:39 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINNT\System32\dllcache\a3dapi.dll
    [2012/10/09 20:15:39 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINNT\System32\dllcache\a3d.dll
    [2012/10/09 20:15:38 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINNT\System32\dllcache\3cwmcru.sys
    [2012/10/09 20:15:38 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvs.dll
    [2012/10/09 20:15:38 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvsm.sys
    [2012/10/09 20:00:05 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINNT\PSEXESVC.EXE
    [2012/10/09 19:59:12 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
    [2012/10/09 19:59:12 | 000,000,000 | ---D | C] -- \Tweaking.com_Windows_Repair_Logs
    [2012/10/09 19:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Desktop\Tweak
    [2012/10/08 21:54:23 | 000,000,000 | ---D | C] -- C:\WINNT\Application Data
    [2012/10/08 19:45:41 | 002,322,184 | ---- | C] (ESET) -- H:\esetsmartinstaller_enu.exe
    [2012/10/07 20:53:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hmc05\Desktop\OTL.exe
    [2012/10/07 18:42:19 | 000,000,000 | ---D | C] -- C:\WINNT\PIF
    [2012/10/07 17:53:48 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- H:\SpyHunter-Installer.exe
    [2012/10/07 17:32:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\dds.com
    [2012/10/07 17:23:55 | 000,000,000 | ---D | C] -- C:\WINNT\Profiles
    [2012/10/07 17:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Desktop\Chameleon
    [2012/10/05 18:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/10/02 16:42:54 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\hmc05\Desktop\rkill.exe
    [2012/10/02 14:54:22 | 000,307,757 | ---- | C] (Farbar) -- C:\Documents and Settings\hmc05\Desktop\ListParts.exe
    [2012/10/02 14:52:03 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\hmc05\Desktop\aswMBR.exe
    [2012/10/02 12:15:32 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\hmc05\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/01 10:24:39 | 000,000,000 | ---D | C] -- C:\WINNT\Minidump
    [2012/09/25 09:15:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies
    [2012/09/25 09:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/09/25 09:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012/09/25 09:04:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
    [2012/09/24 10:03:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/09/24 10:03:38 | 000,000,000 | RHSD | C] -- \cmdcons
    [2012/09/24 10:02:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
    [2012/09/24 10:02:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
    [2012/09/24 10:02:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
    [2012/09/24 10:02:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
    [2012/09/24 10:00:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/24 10:00:54 | 000,000,000 | ---D | C] -- \Qoobox
    [2012/09/24 10:00:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hmc05\Start Menu\Programs\Administrative Tools
    [2012/09/24 10:00:35 | 000,000,000 | ---D | C] -- C:\WINNT\erdnt
    [2012/09/24 10:00:16 | 004,984,103 | R--- | C] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\ComboFix.exe
    [2012/09/24 08:20:40 | 000,000,000 | ---D | C] -- H:\Windows Desktop Search

    ========== Files - Modified Within 30 Days ==========

    [2012/10/19 18:07:55 | 000,000,472 | ---- | M] () -- C:\WINNT\SMSCFG.ini
    [2012/10/19 18:06:36 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto-sleep.lnk
    [2012/10/19 18:06:26 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
    [2012/10/19 18:05:00 | 000,000,546 | ---- | M] () -- C:\WINNT\tasks\MATLAB R2012a Startup Accelerator.job
    [2012/10/19 18:04:06 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
    [2012/10/19 18:04:04 | 3163,807,744 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/19 17:43:00 | 000,000,978 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766UA.job
    [2012/10/19 17:23:00 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
    [2012/10/19 14:43:00 | 000,000,926 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766Core.job
    [2012/10/18 14:39:12 | 004,984,103 | R--- | M] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\ComboFix.exe
    [2012/10/18 14:33:47 | 000,002,312 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\Google Chrome.lnk
    [2012/10/18 14:25:38 | 000,514,732 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
    [2012/10/18 14:25:38 | 000,098,214 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
    [2012/10/15 18:44:29 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\hmc05\Start Menu\Programs\Startup\ICTprintservice.lnk
    [2012/10/15 18:02:23 | 000,158,300 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\RkU37300505.zip
    [2012/10/15 09:58:05 | 000,577,220 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\GetSystemInfo_EE-HMC05_hmc05_2012_10_15_09_53_21.zip
    [2012/10/15 09:53:09 | 000,708,960 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\hmc05\Desktop\GetSystemInfo.exe
    [2012/10/11 15:50:38 | 000,307,757 | ---- | M] (Farbar) -- C:\Documents and Settings\hmc05\Desktop\ListParts.exe
    [2012/10/11 15:47:21 | 000,694,287 | ---- | M] (Farbar) -- C:\Documents and Settings\hmc05\Desktop\FSS.exe
    [2012/10/11 11:08:55 | 000,001,393 | ---- | M] () -- C:\WINNT\imsins.BAK
    [2012/10/11 10:18:53 | 001,422,336 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\RogueKiller.exe
    [2012/10/10 09:10:16 | 000,587,792 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
    [2012/10/09 21:14:01 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINNT\PSEXESVC.EXE
    [2012/10/09 21:11:31 | 000,000,855 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
    [2012/10/09 21:11:13 | 000,023,392 | ---- | M] () -- C:\WINNT\System32\nscompat.tlb
    [2012/10/09 21:11:13 | 000,016,832 | ---- | M] () -- C:\WINNT\System32\amcompat.tlb
    [2012/10/09 20:51:56 | 000,001,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    [2012/10/09 20:51:01 | 005,345,461 | ---- | M] () -- H:\tweaking.com_windows_repair_aio_setup.exe
    [2012/10/09 19:58:05 | 003,139,566 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\tweaking.com_windows_repair_aio.zip
    [2012/10/08 21:54:33 | 000,000,042 | ---- | M] () -- C:\WINNT\PenTab.ini
    [2012/10/08 21:54:27 | 000,000,205 | ---- | M] () -- C:\PanosePreferences.xml
    [2012/10/08 19:45:45 | 002,322,184 | ---- | M] (ESET) -- H:\esetsmartinstaller_enu.exe
    [2012/10/07 20:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hmc05\Desktop\OTL.exe
    [2012/10/07 20:43:07 | 000,538,327 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\adwcleaner.exe
    [2012/10/07 17:53:51 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- H:\SpyHunter-Installer.exe
    [2012/10/07 17:32:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\dds.com
    [2012/10/07 17:30:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\ptgkw35r.exe
    [2012/10/07 17:20:38 | 001,440,846 | ---- | M] () -- H:\mbam-chameleon-1.62.1.1000.zip
    [2012/10/04 16:41:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\hmc05\Desktop\aswMBR.exe
    [2012/10/04 16:36:02 | 000,037,814 | ---- | M] () -- H:\MSO2057.acl
    [2012/10/04 16:29:18 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.exe
    [2012/10/02 17:23:13 | 000,004,322 | R-S- | M] () -- C:\Documents and Settings\hmc05\ntuser.pol
    [2012/10/02 16:42:55 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\hmc05\Desktop\rkill.exe
    [2012/10/02 16:35:15 | 001,678,240 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\rkill.com
    [2012/10/02 16:31:53 | 002,193,278 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller (1).zip
    [2012/10/02 16:30:59 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.zip
    [2012/10/02 12:15:32 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\hmc05\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/02 11:59:55 | 000,000,019 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts_bak_571
    [2012/09/24 12:15:32 | 000,001,796 | ---- | M] () -- C:\WINNT\SMSAdvancedClient.sccm2007ac-sp2-kb977384-x86-enu.mif
    [2012/09/24 10:03:49 | 000,000,323 | RHS- | M] () -- C:\boot.ini

    ========== Files Created - No Company Name ==========

    [2012/10/18 14:33:47 | 000,002,312 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\Google Chrome.lnk
    [2012/10/18 14:33:29 | 000,000,978 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766UA.job
    [2012/10/18 14:33:29 | 000,000,926 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766Core.job
    [2012/10/15 18:02:22 | 000,158,300 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\RkU37300505.zip
    [2012/10/15 09:54:42 | 000,577,220 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\GetSystemInfo_EE-HMC05_hmc05_2012_10_15_09_53_21.zip
    [2012/10/09 20:51:56 | 000,001,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    [2012/10/09 20:50:52 | 005,345,461 | ---- | C] () -- H:\tweaking.com_windows_repair_aio_setup.exe
    [2012/10/09 20:41:27 | 000,290,304 | ---- | C] () -- \subinacl.exe
    [2012/10/09 20:34:06 | 000,018,944 | ---- | C] () -- C:\WINNT\System32\dllcache\xrxscnui.dll
    [2012/10/09 20:34:04 | 000,027,648 | ---- | C] () -- C:\WINNT\System32\dllcache\xrxftplt.exe
    [2012/10/09 20:26:10 | 000,033,280 | ---- | C] () -- C:\WINNT\System32\dllcache\psisrndr.ax
    [2012/10/09 20:26:08 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\dllcache\psisdecd.dll
    [2012/10/09 20:23:15 | 000,056,832 | ---- | C] () -- C:\WINNT\System32\dllcache\msdvbnp.ax
    [2012/10/09 20:20:18 | 000,165,888 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt53.dll
    [2012/10/09 20:20:15 | 000,093,696 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt42.dll
    [2012/10/09 20:20:12 | 000,101,376 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt34.dll
    [2012/10/09 20:20:09 | 000,089,088 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt33.dll
    [2012/10/09 20:20:07 | 000,083,968 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt21.dll
    [2012/10/09 20:17:50 | 000,029,768 | ---- | C] () -- C:\WINNT\System32\dllcache\divasu.dll
    [2012/10/09 20:17:49 | 000,037,962 | ---- | C] () -- C:\WINNT\System32\dllcache\divaprop.dll
    [2012/10/09 20:17:48 | 000,006,216 | ---- | C] () -- C:\WINNT\System32\dllcache\divaci.dll
    [2012/10/09 20:16:10 | 000,026,624 | ---- | C] () -- C:\WINNT\System32\dllcache\ativxbar.sys
    [2012/10/09 20:16:10 | 000,023,552 | ---- | C] () -- C:\WINNT\System32\dllcache\atixbar.sys
    [2012/10/09 20:16:09 | 000,019,456 | ---- | C] () -- C:\WINNT\System32\dllcache\ativttxx.sys
    [2012/10/09 20:16:08 | 000,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitvsnd.sys
    [2012/10/09 20:16:08 | 000,009,472 | ---- | C] () -- C:\WINNT\System32\dllcache\ativmdcd.sys
    [2012/10/09 20:16:07 | 000,049,920 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtcap.sys
    [2012/10/09 20:16:07 | 000,026,880 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtsnd.sys
    [2012/10/09 20:16:07 | 000,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitunep.sys
    [2012/10/09 20:16:06 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\dllcache\atipcxxx.sys
    [2012/10/09 20:16:01 | 000,046,464 | ---- | C] () -- C:\WINNT\System32\dllcache\atibt829.sys
    [2012/10/09 19:57:57 | 003,139,566 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\tweaking.com_windows_repair_aio.zip
    [2012/10/08 21:54:33 | 000,000,042 | ---- | C] () -- C:\WINNT\PenTab.ini
    [2012/10/08 21:54:27 | 000,000,205 | ---- | C] () -- C:\PanosePreferences.xml
    [2012/10/08 21:54:27 | 000,000,205 | ---- | C] () -- \PanosePreferences.xml
    [2012/10/07 20:43:04 | 000,538,327 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\adwcleaner.exe
    [2012/10/07 17:30:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\ptgkw35r.exe
    [2012/10/07 17:19:18 | 001,440,846 | ---- | C] () -- H:\mbam-chameleon-1.62.1.1000.zip
    [2012/10/04 16:36:02 | 000,037,814 | ---- | C] () -- H:\MSO2057.acl
    [2012/10/02 16:35:13 | 001,678,240 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\rkill.com
    [2012/10/02 16:31:53 | 002,193,278 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller (1).zip
    [2012/10/02 16:30:58 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.zip
    [2012/10/02 11:46:39 | 001,422,336 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\RogueKiller.exe
    [2012/09/25 09:15:23 | 3163,807,744 | -HS- | C] () -- C:\hiberfil.sys
    [2012/09/25 09:15:23 | 3163,807,744 | -HS- | C] () -- \hiberfil.sys
    [2012/09/24 10:03:49 | 000,000,207 | ---- | C] () -- C:\Boot.bak
    [2012/09/24 10:03:49 | 000,000,207 | ---- | C] () -- \Boot.bak
    [2012/09/24 10:03:43 | 000,260,272 | R-S- | C] () -- C:\cmldr
    [2012/09/24 10:03:43 | 000,260,272 | R-S- | C] () -- \cmldr
    [2012/09/24 10:02:17 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
    [2012/09/24 10:02:17 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
    [2012/09/24 10:02:17 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
    [2012/09/24 10:02:17 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
    [2012/09/24 10:02:17 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
    [2012/02/17 05:22:17 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\iacenc.dll
    [2011/11/27 23:36:48 | 000,018,982 | ---- | C] () -- C:\Documents and Settings\hmc05\untitled0_MAS.bak
    [2010/10/04 14:28:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\myinfo7
    [2010/09/27 17:16:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\standby2
    [2010/09/17 05:44:11 | 000,012,768 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
    [2010/02/12 00:28:22 | 000,020,235 | ---- | C] () -- \history.temp
    [2010/02/01 14:25:51 | 000,040,817 | ---- | C] () -- \DetRes_L_fix_2D_reverse.swf
    [2009/11/17 15:59:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\myinfo4
    [2009/11/17 15:59:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\ictsd1
    [2009/11/17 15:59:09 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\hmc05\webct_upload_applet.properties
    [2009/11/17 15:59:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\standby1
    [2009/11/17 15:59:07 | 000,004,322 | R-S- | C] () -- C:\Documents and Settings\hmc05\ntuser.pol
    [2009/11/17 13:19:28 | 000,052,119 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2009/11/17 13:17:36 | 000,000,000 | R-S- | C] () -- \MSDOS.SYS
    [2009/11/17 13:17:36 | 000,000,000 | R-S- | C] () -- \IO.SYS
    [2009/11/17 12:54:44 | 000,000,512 | --S- | C] () -- \BOOTSECT.DOS
    [1980/01/01 01:00:00 | 000,250,048 | RHS- | C] () -- \ntldr
    [1980/01/01 01:00:00 | 000,047,564 | RHS- | C] () -- \NTDETECT.COM
    [1980/01/01 01:00:00 | 000,000,323 | RHS- | C] () -- \boot.ini

    ========== ZeroAccess Check ==========

    [2009/11/17 12:29:00 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========


    ========== Purity Check ==========



    < End of report >
     
  4. weety

    weety TS Rookie Topic Starter Posts: 60

    Also, I just noticed that Firefox had been installed all along. It seems to be able to access hotmail.com with no problems at all. Weird.
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Kaspersky Virus Removal Tool

    The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

    Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

    • Double-click the Setup file to install it on your computer.
    • Once it has installed, review and accept the agreement and press the Start button.
    • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
      [​IMG]
    • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
      [​IMG]
    • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
      [​IMG]
    • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
    • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
      [​IMG]
    • Then, choose Save. Also, in the Automatic Report tab, select Save:
      [​IMG]
    • Please post the reports in your next reply.
    • Once you exit, the tool should uninstall automatically.
     
  6. weety

    weety TS Rookie Topic Starter Posts: 60

    The "Disinfect All" button is greyed out, but the first log is pasted below (The Automatic Report seems to be absolutely gigantic... not sure if it's going to save successfully).

    Status: Vulnerability (events: 8)
    22/10/2012 10:31:07 Vulnerability vulnerability http://www.securelist.com/en/advisories/50949 C:\Program Files\Java\jre6\bin\java.exe Low
    22/10/2012 11:42:09 Vulnerability vulnerability http://www.securelist.com/en/advisories/0 C:\WINNT\system32\msxml4.dll Low
    22/10/2012 11:43:08 Vulnerability vulnerability http://www.securelist.com/en/advisories/50283 C:\WINNT\system32\Adobe\Shockwave 11\SwInit.exe Low
    22/10/2012 11:48:14 Vulnerability vulnerability http://www.securelist.com/en/advisories/50876 C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll Low
    22/10/2012 11:52:26 Vulnerability vulnerability http://www.securelist.com/en/advisories/47447 c:\Program Files\QuickTime\QuickTimePlayer.exe Low
    22/10/2012 11:55:51 Vulnerability vulnerability http://www.securelist.com/en/advisories/50949 c:\Program Files\Java\jre6\bin\java.exe Low
    22/10/2012 11:58:06 Vulnerability vulnerability http://www.securelist.com/en/advisories/38852 c:\Program Files\Reference Manager 11\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache.exe Low
    22/10/2012 12:00:08 Vulnerability vulnerability http://www.securelist.com/en/advisories/50283 c:\WINNT\system32\Adobe\Shockwave 11\SwInit.exe Low
     
  7. weety

    weety TS Rookie Topic Starter Posts: 60

    The Automatic Report is about 193Mb... I'll wait for your confirmation as to whether I should upload it.

    I do remember that my java updates stopped working ages ago and I was never able to fix it. Not sure if that might be relevant.
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

    • Double-click on drweb-cureit.exe to start the program.
      An Express Scan of your PC notice will appear.
    • Under Start the Express Scan Now, Click OK to start the scan.
      This is a short scan that will scan the files currently running in memory.
      If something is found, click the Yes button when it asks you if you want to cure it.
    • Once the short scan has finished, Click Options > Change settings
    • Choose the Scan tab and UNcheck Heuristic analysis
    • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
    • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
    • When finished, a message will be displayed at the bottom advising if any viruses were found.
    • Click Yes to all if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can see the icon next to the files found.
      If so, click it, then click the next icon right below and select Move incurable.
      (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
    • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
    • Save the DrWeb.csv report to your Desktop.
    • Exit Dr.Web Cureit when you have finished.
    • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
     
  9. weety

    weety TS Rookie Topic Starter Posts: 60

    When I run the program, I don't see what your instructions suggest. There's no "Express Scan of your PC" notice. I can't find any kind of Options tab. There's basically just a big "Start" button.

    When I click Start, nothing seems to happen for a minute or two, then an advert pops up, offering me the full version. I close the advert and nothing seems to happen after that...
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  11. weety

    weety TS Rookie Topic Starter Posts: 60

    The result seems to be the same - nothing seems to be happening. (I left the last scan running for 12 hours overnight to see if it would do anything, but it was still frozen when I came back).
     
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download Norman Malware Cleaner and save to your desktop.
    alternate download link
    • Double-click on Norman_Malware_Cleaner.exe to start the program.
    • Read the End User License Agreement and click the Accept button to open the scanning window.
    • Click Start Scan to begin.
    • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
    • After the scan has finished, a log file with the date (I.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
    Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
     
  13. weety

    weety TS Rookie Topic Starter Posts: 60

    The scan seemed to run and then the program crashed at the end. Luckily the log was saved:




    Norman Malware Cleaner v2.06.01
    Copyright © 1990 - 2012, Norman ASA.

    Norman Scanner Engine Version: 7.00.12
    nvcbin.def: Version: 7.00.1591, Date: 2012/10/25 06:12:39, Variants: 15654090
    nvcmacro.def: Version: 0.00.00, Date: 1970/01/01 00:00:00, Variants: 0

    Operating System: Windows XP Service Pack 3

    Switches: /iagree /nosb

    Scan started: 2012/10/25 16:57:10

    Running pre-scan cleanup routine...
    Potentially unwanted registry value: 'HKLM\SOFTWARE\Microsoft\Security Center --> FirewallDisableNotify = 0x00000001'
    Modify registry value: HKLM\SOFTWARE\Microsoft\Security Center --> FirewallDisableNotify from '0x00000001' to '0'
    Cleaning successful
    Potentially unwanted registry value: 'HKLM\SOFTWARE\Microsoft\Security Center --> UpdatesDisableNotify = 0x00000001'
    Modify registry value: HKLM\SOFTWARE\Microsoft\Security Center --> UpdatesDisableNotify from '0x00000001' to '0'
    Cleaning successful

    Number of malicious objects found: 2
    Number of malicious objects cleaned: 2
    Scanning time: 0s

    Scanning system for active rootkit activity...
    Rootkit infection detected (W32/rootkit!LockedService)
    Enable rootkit cleaning from the options menu to attempt to clean the system

    Number of malicious objects found: 1
    Number of malicious objects cleaned: 0
    Number of malicious files found: 0
    Number of malicious files cleaned: 0
    Scanning time: 0s

    Scanning running processes and process memory...

    Number of objects found: 1939
    Number of objects scanned: 1939
    Number of objects not scanned: 0
    Number of malicious memory objects found: 0
    Number of malicious objects cleaned: 0
    Number of malicious files found: 0
    Number of malicious files cleaned: 0
    Scanning time: 31s

    Scanning system for FakeAV...

    Number of malicious objects found: 0
    Number of malicious objects cleaned: 0
    Number of malicious files found: 0
    Number of malicious files cleaned: 0
    Scanning time: 0s

    Running quick scan...
    C:\WINNT\System32\drivers\sptd.sys: Error opening file for read: 0x00000020

    Number of files found: 3015
    Number of archives unpacked: 7
    Number of objects found: 3263
    Number of objects scanned: 3262
    Number of objects not scanned: 1
    Number of malicious objects found: 0
    Number of malicious objects cleaned: 0
    Number of malicious files found: 0
    Number of malicious files cleaned: 0
    Scanning time: 1m 31s

    Running post-scan cleanup routine...

    Number of malicious objects found: 0
    Number of malicious objects cleaned: 0
    Scanning time: 0s

    Results:
    Total number of files found: 3015
    Total number of archives unpacked: 7
    Total number of objects found: 5202
    Total number of objects scanned: 5201
    Total number of objects not scanned: 1
    Total number of malicious objects found: 3
    Total number of malicious objects cleaned: 2
    Total number of malicious files found: 0
    Total number of malicious files cleaned: 0
    Total number of objects quarantined: 2
    Total scanning time: 2m 2s
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run the Cleaning utility again, select Rootkit Cleaning from the options menu, and re-scan. Post log once done, as before.
     
  15. weety

    weety TS Rookie Topic Starter Posts: 60

    Norman Malware Cleaner v2.06.01
    Copyright © 1990 - 2012, Norman ASA.

    Norman Scanner Engine Version: 7.00.12
    nvcbin.def: Version: 7.00.1591, Date: 2012/10/25 06:12:39, Variants: 15654090
    nvcmacro.def: Version: 0.00.00, Date: 1970/01/01 00:00:00, Variants: 0

    Operating System: Windows XP Service Pack 3

    Switches: /iagree /cleanrootkit /nosb

    Scan started: 2012/10/25 17:37:16

    Running pre-scan cleanup routine...

    Number of malicious objects found: 0
    Number of malicious objects cleaned: 0
    Scanning time: 0s

    Scanning system for active rootkit activity...
    Rootkit infection detected (W32/rootkit!LockedService)
    Cleaning successful
    Successfully cleaned rootkit (W32/rootkit!LockedService)
    Reboot required to complete cleaning process (W32/rootkit!LockedService)

    Number of malicious objects found: 1
    Number of malicious objects cleaned: 1
    Number of malicious files found: 0
    Number of malicious files cleaned: 0
    Scanning time: 0s

    Scanning running processes and process memory...

    Number of objects found: 1961
    Number of objects scanned: 1961
    Number of objects not scanned: 0
    Number of malicious memory objects found: 0
    Number of malicious objects cleaned: 0
    Number of malicious files found: 0
    Number of malicious files cleaned: 0
    Scanning time: 23s

    Scanning system for FakeAV...

    Number of malicious objects found: 0
    Number of malicious objects cleaned: 0
    Number of malicious files found: 0
    Number of malicious files cleaned: 0
    Scanning time: 0s

    Running quick scan...
    C:\WINNT\System32\drivers\sptd.sys: Error opening file for read: 0x00000020

    Number of files found: 3017
    Number of archives unpacked: 7
    Number of objects found: 3265
    Number of objects scanned: 3264
    Number of objects not scanned: 1
    Number of malicious objects found: 0
    Number of malicious objects cleaned: 0
    Number of malicious files found: 0
    Number of malicious files cleaned: 0
    Scanning time: 53s

    Running post-scan cleanup routine...

    Number of malicious objects found: 0
    Number of malicious objects cleaned: 0
    Scanning time: 0s

    Results:
    Total number of files found: 3017
    Total number of archives unpacked: 7
    Total number of objects found: 5226
    Total number of objects scanned: 5225
    Total number of objects not scanned: 1
    Total number of malicious objects found: 1
    Total number of malicious objects cleaned: 1
    Total number of malicious files found: 0
    Total number of malicious files cleaned: 0
    Total number of objects quarantined: 0
    Total scanning time: 1m 16s
     
  16. weety

    weety TS Rookie Topic Starter Posts: 60

    The program crashed again at the end of the scan (after producing the log). So I tried running it again and the same rootkit infection is still detected.
     
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    SpiderKill Rootkit Scanner

    Please download SpiderKill by DragonMaster Jay and save it to your Desktop.
    • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
    • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
    • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.
     
  18. weety

    weety TS Rookie Topic Starter Posts: 60

    SpiderKill by DragonMaster Jay


    Microsoft Windows XP [Version 5.1.2600]

    ********************Drivers list********************




    ***********************Hidden Drivers********************


    *********************Processes*******************


    PROCESS PID PRIO PATH
    smss.exe 408 Normal C:\WINNT\System32\smss.exe
    csrss.exe 460 Normal C:\WINNT\system32\csrss.exe
    winlogon.exe 484 High C:\WINNT\system32\winlogon.exe
    services.exe 528 Normal C:\WINNT\system32\services.exe
    lsass.exe 540 Normal C:\WINNT\system32\lsass.exe
    svchost.exe 716 Normal C:\WINNT\system32\svchost.exe
    svchost.exe 768 Normal C:\WINNT\system32\svchost.exe
    svchost.exe 836 Normal C:\WINNT\System32\svchost.exe
    Smc.exe 924 Normal C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    svchost.exe 976 Normal C:\WINNT\system32\svchost.exe
    svchost.exe 1020 Normal C:\WINNT\system32\svchost.exe
    ccSvcHst.exe 1088 Normal C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    spoolsv.exe 1276 Normal C:\WINNT\system32\spoolsv.exe
    svchost.exe 1768 Normal C:\WINNT\System32\svchost.exe
    jqs.exe 1792 Idle C:\Program Files\Java\jre6\bin\jqs.exe
    mdm.exe 1836 Normal C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    sqlservr.exe 1908 Normal c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    svchost.exe 2012 Normal C:\WINNT\System32\svchost.exe
    svchost.exe 2028 Normal C:\WINNT\System32\svchost.exe
    PRISMXL.SYS 144 Normal C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    sqlwriter.exe 220 Normal c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    svchost.exe 312 Normal C:\WINNT\system32\svchost.exe
    Rtvscan.exe 376 Normal C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    SearchIndexer.exe 804 Normal C:\WINNT\system32\SearchIndexer.exe
    CcmExec.exe 1104 Normal C:\WINNT\system32\CCM\CcmExec.exe
    wuauclt.exe 1444 Normal C:\WINNT\system32\wuauclt.exe
    WMPNetwk.exe 1560 Normal C:\Program Files\Windows Media Player\WMPNetwk.exe
    msiexec.exe 2260 Normal C:\WINNT\system32\msiexec.exe
    wmiprvse.exe 2372 Normal C:\WINNT\system32\wbem\wmiprvse.exe
    wmiprvse.exe 2552 Normal C:\WINNT\system32\wbem\wmiprvse.exe
    alg.exe 2816 Normal C:\WINNT\System32\alg.exe
    Explorer.EXE 3656 Normal C:\WINNT\Explorer.EXE
    SmcGui.exe 3728 Normal C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    igfxtray.exe 3188 Normal C:\WINNT\system32\igfxtray.exe
    igfxsrvc.exe 3244 Normal C:\WINNT\system32\igfxsrvc.exe
    hkcmd.exe 2360 Normal C:\WINNT\system32\hkcmd.exe
    igfxpers.exe 3352 Normal C:\WINNT\system32\igfxpers.exe
    smax4pnp.exe 3508 Normal C:\Program Files\Analog Devices\Core\smax4pnp.exe
    ctfmon.exe 3776 Normal C:\WINNT\system32\ctfmon.exe
    auto-sleep.exe 3948 Normal C:\Program Files\Imperial College London\Auto-sleep\auto-sleep.exe
    WindowsSearch.exe 4016 Normal C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    ONENOTEM.EXE 1048 Normal C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    firefox.exe 2820 Normal C:\Program Files\Mozilla Firefox\firefox.exe
    plugin-container.exe 3472 Normal C:\Program Files\Mozilla Firefox\plugin-container.exe
    SearchProtocolHost.exe 2344 Below Normal C:\WINNT\system32\SearchProtocolHost.exe
    SearchFilterHost.exe 3024 Below Normal C:\WINNT\system32\SearchFilterHost.exe
    wmiprvse.exe 3600 Normal C:\WINNT\system32\wbem\wmiprvse.exe
    SearchProtocolHost.exe 2980 Below Normal C:\WINNT\system32\SearchProtocolHost.exe
    cmd.exe 2532 Normal C:\WINNT\system32\cmd.exe
    processes.exe 3716 Normal C:\Documents and Settings\hmc05\Desktop\SpiderKill\processes.exe


    *********************Modules of explorer.exe and svchost.exe*******************
    Module information for 'Explorer.EXE'(3656)
    MODULE BASE SIZE PATH
    Explorer.EXE 1000000 1044480 C:\WINNT\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
    ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
    kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
    ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
    RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
    Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
    BROWSEUI.dll 75f80000 1036288 C:\WINNT\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
    GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
    USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
    msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
    ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
    SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
    OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
    SHDOCVW.dll 7e290000 1511424 C:\WINNT\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
    CRYPT32.dll 77a80000 610304 C:\WINNT\system32\CRYPT32.dll 5.131.2600.6237 (xpsp_sp3_gdr.120530-1718) Crypto API32
    MSASN1.dll 77b20000 73728 C:\WINNT\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
    CRYPTUI.dll 754d0000 524288 C:\WINNT\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
    NETAPI32.dll 5b860000 348160 C:\WINNT\system32\NETAPI32.dll 5.1.2600.6260 (xpsp_sp3_gdr.120706-1619) Net Win32 API DLL
    VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
    WININET.dll 3d930000 942080 C:\WINNT\system32\WININET.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) Internet Extensions for Win32
    Normaliz.dll 400000 36864 C:\WINNT\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
    urlmon.dll 78130000 1257472 C:\WINNT\system32\urlmon.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) OLE32 Extensions for Win32
    iertutil.dll 3dfd0000 2011136 C:\WINNT\system32\iertutil.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) Run time utility for Internet Explorer
    WINTRUST.dll 76c30000 188416 C:\WINNT\system32\WINTRUST.dll 5.131.2600.6285 (xpsp_sp3_gdr.120824-1617) Microsoft Trust Verification APIs
    IMAGEHLP.dll 76c90000 163840 C:\WINNT\system32\IMAGEHLP.dll 5.1.2600.6198 (xpsp_sp3_gdr.120229-1643) Windows NT Image Helper
    WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
    SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
    UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
    ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
    AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
    WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
    MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
    USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
    IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
    LPK.DLL 629c0000 36864 C:\WINNT\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
    USP10.dll 74d90000 438272 C:\WINNT\system32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
    comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
    comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
    msctfime.ime 755c0000 188416 C:\WINNT\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
    appHelp.dll 77b40000 139264 C:\WINNT\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
    CLBCATQ.DLL 76fd0000 520192 C:\WINNT\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
    COMRes.dll 77050000 806912 C:\WINNT\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
    AcSignIcon.dll 55df0000 53248 C:\WINNT\system32\AcSignIcon.dll 17.1.51.0 AutoCAD component
    MFC80U.DLL 782e0000 1110016 C:\WINNT\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80U.DLL 8.00.50727.6195 MFCDLL Shared Library - Retail Version
    MSVCR80.dll d60000 634880 C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll 8.00.50727.6195 Microsoft® C Runtime Library
    MFC80ENU.DLL 5d360000 57344 C:\WINNT\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL 8.00.50727.6195 MFC Language Specific Resources
    cscui.dll 77a20000 344064 C:\WINNT\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
    CSCDLL.dll 76600000 118784 C:\WINNT\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
    themeui.dll 5ba60000 462848 C:\WINNT\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
    MSIMG32.dll 76380000 20480 C:\WINNT\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
    xpsp2res.dll 1100000 2904064 C:\WINNT\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
    actxprxy.dll 71d40000 110592 C:\WINNT\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
    deskbar.dll 15d0000 606208 C:\Program Files\Windows Desktop Search\deskbar.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search Deskbar extension
    mlang.dll 75cf0000 593920 C:\WINNT\system32\mlang.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
    dbres.dll.mui 10000000 16384 C:\Program Files\Windows Desktop Search\en-us\dbres.dll.mui 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search component
    dbres.dll 1670000 90112 C:\Program Files\Windows Desktop Search\dbres.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search component
    wordwheel.dll 16e0000 606208 C:\Program Files\Windows Desktop Search\wordwheel.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search component
    WTSAPI32.dll 76f50000 32768 C:\WINNT\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
    WINSTA.dll 76360000 65536 C:\WINNT\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
    msnlExtRes.dll.mui 1790000 32768 C:\Program Files\Windows Desktop Search\en-us\msnlExtRes.dll.mui 7.0.6001.16503 (longhorn(wmbla).080526-2159) Search Results View Resources
    msnlExtRes.dll 17a0000 618496 C:\Program Files\Windows Desktop Search\msnlExtRes.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Search Results View Resources
    msxml3.dll 74980000 1191936 C:\WINNT\system32\msxml3.dll 8.100.1053.0 MSXML 3.0 SP10
    ws2_32.dll 71ab0000 94208 C:\WINNT\system32\ws2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 71aa0000 32768 C:\WINNT\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
    msutb.dll 5fc10000 208896 C:\WINNT\system32\msutb.dll 5.1.2600.5512 (xpsp.080413-2105) MSUTB Server DLL
    MSCTF.dll 74720000 311296 C:\WINNT\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
    LINKINFO.dll 76980000 32768 C:\WINNT\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
    ntshrui.dll 76990000 151552 C:\WINNT\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
    ATL.DLL 76b20000 69632 C:\WINNT\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
    ieframe.dll 3e1c0000 11124736 C:\WINNT\system32\ieframe.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) Internet Explorer
    SETUPAPI.dll 77920000 995328 C:\WINNT\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
    MPR.dll 71b20000 73728 C:\WINNT\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
    netshell.dll 76400000 1724416 C:\WINNT\System32\netshell.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
    credui.dll 76c00000 188416 C:\WINNT\System32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
    dot3api.dll 478c0000 40960 C:\WINNT\System32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
    rtutils.dll 76e80000 57344 C:\WINNT\System32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
    dot3dlg.dll 736d0000 24576 C:\WINNT\System32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
    OneX.DLL 5dca0000 163840 C:\WINNT\System32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
    eappcfg.dll 745b0000 139264 C:\WINNT\System32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
    MSVCP60.dll 76080000 413696 C:\WINNT\System32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
    eappprxy.dll 5dcd0000 57344 C:\WINNT\System32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
    iphlpapi.dll 76d60000 102400 C:\WINNT\System32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
    webcheck.dll 2960000 249856 C:\WINNT\system32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
    stobject.dll 76280000 135168 C:\WINNT\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
    BatMeter.dll 74af0000 40960 C:\WINNT\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
    POWRPROF.dll 74ad0000 32768 C:\WINNT\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
    WPDShServiceObj.dll 164a0000 143360 C:\WINNT\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
    WINHTTP.dll 4d4f0000 364544 C:\WINNT\system32\WINHTTP.dll 5.1.2600.6175 (xpsp_sp3_gdr.111116-1647) Windows HTTP Services
    wdmaud.drv 72d20000 36864 C:\WINNT\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
    mydocs.dll 72410000 106496 C:\WINNT\system32\mydocs.dll 6.00.2900.5512 (xpsp.080413-2105) My Documents Folder UI
    PortableDeviceTypes.dll 109c0000 180224 C:\WINNT\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
    msacm32.drv 72d10000 32768 C:\WINNT\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
    midimap.dll 77bd0000 28672 C:\WINNT\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
    PortableDeviceApi.dll 10930000 299008 C:\WINNT\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
    msi.dll 7d1e0000 2867200 C:\WINNT\system32\msi.dll 3.1.4001.5512 Windows Installer
    rsaenh.dll 68000000 221184 C:\WINNT\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
    SnacNp.dll 60f80000 24576 C:\Program Files\Symantec\Symantec Endpoint Protection\SnacNp.dll 11.0.6000.426 Symantec Network Provider
    PSAPI.DLL 76bf0000 45056 C:\WINNT\system32\PSAPI.DLL 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
    drprov.dll 75f60000 28672 C:\WINNT\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
    ntlanman.dll 71c10000 57344 C:\WINNT\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
    NETUI0.dll 71cd0000 94208 C:\WINNT\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
    NETUI1.dll 71c90000 262144 C:\WINNT\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
    NETRAP.dll 71c80000 28672 C:\WINNT\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
    SAMLIB.dll 71bf0000 77824 C:\WINNT\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
    davclnt.dll 75f70000 40960 C:\WINNT\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
    mslbui.dll 605d0000 36864 C:\WINNT\system32\mslbui.dll 5.1.2600.5512 (xpsp.080413-2105) LangageBar Add In
    MSNLNamespaceMgr.dll 2280000 315392 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 7.00.6001.18260 (vistasp1_gdr_oobsvc.090524-1500) Windows Search Namespace Manager
    wzshlstb.dll bc0000 24576 C:\Program Files\WinZip\wzshlstb.dll 4.1 (32-bit) WinZip Shell Extension DLL
    DWFShellExtension.dll 67900000 1908736 C:\Program Files\Common Files\Autodesk Shared\DWF Common\DWFShellExtension.dll 1.3.0.15 Autodesk DWF ShellExtension Module
    dwfcore_wt.1.6.0.dll 67b20000 741376 C:\Program Files\Common Files\Autodesk Shared\DWF Common\dwfcore_wt.1.6.0.dll 1.6.0.52 DWF Core Library
    MSVCR90.dll 78520000 667648 C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll 9.00.30729.6161 Microsoft® C Runtime Library
    MSVCP90.dll 78480000 581632 C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll 9.00.30729.6161 Microsoft® C++ Runtime Library
    dwftk_wt.7.6.0.dll 67720000 1839104 C:\Program Files\Common Files\Autodesk Shared\DWF Common\dwftk_wt.7.6.0.dll 7.6.0.52 DWF Toolkit
    w3dtk_wt.1.6.1555.dll 675f0000 860160 C:\Program Files\Common Files\Autodesk Shared\DWF Common\w3dtk_wt.1.6.1555.dll 1.5.1555.52 W3D Toolkit for DWF
    whiptk_wt.7.12.601.dll 674f0000 765952 C:\Program Files\Common Files\Autodesk Shared\DWF Common\whiptk_wt.7.12.601.dll 7.11.601.52 whiptk
    WINSPOOL.DRV 73000000 155648 C:\WINNT\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
    COMDLG32.dll 763b0000 299008 C:\WINNT\system32\COMDLG32.dll 6.00.2900.5512 (xpsp.080413-2105) Common Dialogs DLL
    DWFShellExtensionRes.dll 673c0000 45056 C:\Program Files\Common Files\Autodesk Shared\DWF Common\en-US\DWFShellExtensionRes.dll 1.3.0.15 Autodesk DWF ShellExtensionRes Module
    vpshell2.dll 68340000 77824 C:\Program Files\Symantec\Symantec Endpoint Protection\vpshell2.dll 11.0.6070.422 Symantec AntiVirus
    MSVCP80.dll 7c420000 552960 C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll 8.00.50727.6195 Microsoft® C++ Runtime Library
    ccL608.dll 6aa70000 630784 C:\Program Files\Common Files\Symantec Shared\ccL608.dll 106.5.1.6 Symantec Library
    VpShellRes.dll 68330000 12288 C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\VpShellRes.dll 11.0.6070.422 Symantec AntiVirus
    browselc.dll 71600000 73728 C:\WINNT\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
    msohevi.dll 6bd10000 65536 C:\Program Files\Microsoft Office\Office12\msohevi.dll 12.0.6413.1000 2007 Microsoft Office component
    AcShellExtension.dll 55ee0000 110592 C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll 17.1.51.0 AutoCAD Dwg common shell extension handler
    ATL80.DLL 7c630000 110592 C:\WINNT\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL 8.00.50727.6195 ATL Module for Windows (Unicode)
    ShellXP.dll 66270000 249856 c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll 14.0.0.701 Windows XP Shell Extension
    FileInfoProvider.dll 65750000 606208 c:\Program Files\Common Files\Corel\Shared\Shell Extension\FileInfoProvider.dll 14.0.0.701 Windows XP Shell Extension
    gdiplus.dll 4ec50000 1748992 C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll 5.2.6002.22791 (vistasp2_ldr.120203-0237) Microsoft GDI+
    PDFShell.dll 3670000 405504 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 10.1.4.38 PDF Shell Extension
    MSISIP.DLL 605f0000 28672 C:\WINNT\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
    wshext.dll 7dfa0000 90112 C:\WINNT\system32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows Script Host
    MCPS.DLL 36d30000 102400 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.5510 Media Catalog Proxy/Stub
    xapauthenticodesip.dll 2270000 65536 C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll 5.1.10411.0 5.1.10411.0

    Module information for 'svchost.exe'(716)
    MODULE BASE SIZE PATH
    svchost.exe 1000000 24576 C:\WINNT\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
    ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
    kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
    ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
    RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
    Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
    ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
    AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
    USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
    GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
    WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
    ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
    msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
    OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
    MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
    VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
    SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
    SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
    USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
    UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
    IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
    LPK.DLL 629c0000 36864 C:\WINNT\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
    USP10.dll 74d90000 438272 C:\WINNT\system32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
    comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
    comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
    NTMARTA.DLL 77690000 135168 C:\WINNT\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
    SAMLIB.dll 71bf0000 77824 C:\WINNT\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
    WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
    rpcss.dll 76a80000 409600 c:\winnt\system32\rpcss.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Distributed COM Services
    WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
    xpsp2res.dll 6e0000 2904064 C:\WINNT\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
    CLBCATQ.DLL 76fd0000 520192 C:\WINNT\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
    COMRes.dll 77050000 806912 C:\WINNT\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
    termsrv.dll 760f0000 339968 c:\winnt\system32\termsrv.dll 5.1.2600.5512 (xpsp.080413-2111) Terminal Server Service
    ICAAPI.dll 74f70000 24576 c:\winnt\system32\ICAAPI.dll 5.1.2600.5512 (xpsp.080413-2111) DLL Interface to TermDD Device Driver
    SETUPAPI.dll 77920000 995328 c:\winnt\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
    WINTRUST.dll 76c30000 188416 c:\winnt\system32\WINTRUST.dll 5.131.2600.6285 (xpsp_sp3_gdr.120824-1617) Microsoft Trust Verification APIs
    CRYPT32.dll 77a80000 610304 c:\winnt\system32\CRYPT32.dll 5.131.2600.6237 (xpsp_sp3_gdr.120530-1718) Crypto API32
    MSASN1.dll 77b20000 73728 c:\winnt\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
    IMAGEHLP.dll 76c90000 163840 C:\WINNT\system32\IMAGEHLP.dll 5.1.2600.6198 (xpsp_sp3_gdr.120229-1643) Windows NT Image Helper
    AUTHZ.dll 776c0000 73728 c:\winnt\system32\AUTHZ.dll 5.1.2600.5512 (xpsp.080413-2113) Authorization Framework
    mstlsapi.dll 75110000 126976 c:\winnt\system32\mstlsapi.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft® Terminal Server Licensing
    ACTIVEDS.dll 77cc0000 204800 c:\winnt\system32\ACTIVEDS.dll 5.1.2600.5512 (xpsp.080413-2113) ADs Router Layer DLL
    adsldpc.dll 76e10000 151552 c:\winnt\system32\adsldpc.dll 5.1.2600.5512 (xpsp.080413-2113) ADs LDAP Provider C DLL
    NETAPI32.dll 5b860000 348160 c:\winnt\system32\NETAPI32.dll 5.1.2600.6260 (xpsp_sp3_gdr.120706-1619) Net Win32 API DLL
    ATL.DLL 76b20000 69632 c:\winnt\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
    REGAPI.dll 76bc0000 61440 C:\WINNT\system32\REGAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Registry Configuration APIs
    rsaenh.dll 68000000 221184 C:\WINNT\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
    rdpwsx.dll 72460000 98304 C:\WINNT\system32\rdpwsx.dll 5.1.2600.5512 (xpsp.080413-2111) RDP Extension DLL
    WINSPOOL.DRV 73000000 155648 C:\WINNT\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
    Apphelp.dll 77b40000 139264 C:\WINNT\system32\Apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
    Module information for 'svchost.exe'(768)
    MODULE BASE SIZE PATH
    svchost.exe 1000000 24576 C:\WINNT\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
    ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
    kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
    ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
    RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
    Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
    ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
    AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
    USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
    GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
    WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
    ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
    msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
    OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
    MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
    VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
    SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
    SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
    USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
    UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
    IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
    LPK.DLL 629c0000 36864 C:\WINNT\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
    USP10.dll 74d90000 438272 C:\WINNT\system32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
    comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
    comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
    rpcss.dll 76a80000 409600 c:\winnt\system32\rpcss.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Distributed COM Services
    WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
    xpsp2res.dll 6e0000 2904064 C:\WINNT\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
    rsaenh.dll 68000000 221184 C:\WINNT\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
    mswsock.dll 71a50000 258048 C:\WINNT\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
    hnetcfg.dll 662b0000 360448 C:\WINNT\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
    wshtcpip.dll 71a90000 32768 C:\WINNT\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
    DNSAPI.dll 76f20000 159744 C:\WINNT\system32\DNSAPI.dll 5.1.2600.6089 (xpsp_sp3_gdr.110302-1625) DNS Client API DLL
    iphlpapi.dll 76d60000 102400 C:\WINNT\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
    winrnr.dll 76fb0000 32768 C:\WINNT\System32\winrnr.dll 5.1.2600.5512 (xpsp.080413-2113) LDAP RnR Provider DLL
    WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
    rasadhlp.dll 76fc0000 24576 C:\WINNT\system32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
    CLBCATQ.DLL 76fd0000 520192 C:\WINNT\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
    COMRes.dll 77050000 806912 C:\WINNT\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
    msi.dll 7d1e0000 2867200 C:\WINNT\system32\msi.dll 3.1.4001.5512 Windows Installer
    Module information for 'svchost.exe'(836)
    MODULE BASE SIZE PATH
     
  19. weety

    weety TS Rookie Topic Starter Posts: 60

    Svchost.exe 1000000 24576 C:\WINNT\System32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
    ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
    kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
    ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
    RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
    Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
    ShimEng.dll 5cb70000 155648 C:\WINNT\System32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
    AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
    USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
    GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
    WINMM.dll 76b40000 184320 C:\WINNT\System32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
    ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
    msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
    OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
    MSACM32.dll 77be0000 86016 C:\WINNT\System32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
    VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
    SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
    SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
    USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
    UxTheme.dll 5ad70000 229376 C:\WINNT\System32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
    IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
    LPK.DLL 629c0000 36864 C:\WINNT\System32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
    USP10.dll 74d90000 438272 C:\WINNT\System32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
    comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
    comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
    NTMARTA.DLL 77690000 135168 C:\WINNT\System32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
    SAMLIB.dll 71bf0000 77824 C:\WINNT\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
    WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
    xpsp2res.dll 6e0000 2904064 C:\WINNT\System32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
    shsvcs.dll 776e0000 143360 c:\winnt\system32\shsvcs.dll 6.00.2900.5853 (xpsp_sp3_gdr.090727-1736) Windows Shell Services Dll
    WINSTA.dll 76360000 65536 C:\WINNT\System32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
    NETAPI32.dll 5b860000 348160 C:\WINNT\System32\NETAPI32.dll 5.1.2600.6260 (xpsp_sp3_gdr.120706-1619) Net Win32 API DLL
    es.dll 77710000 278528 c:\winnt\system32\es.dll 2001.12.4414.706 2001.12.4414.706
    WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
    COMRes.dll 77050000 806912 c:\winnt\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
    wtsapi32.dll 76f50000 32768 C:\WINNT\System32\wtsapi32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
    rsaenh.dll 68000000 221184 C:\WINNT\System32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
    CLBCATQ.DLL 76fd0000 520192 C:\WINNT\System32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
    sens.dll 722d0000 53248 c:\winnt\system32\sens.dll 5.1.2600.5512 (xpsp.080413-2108) System Event Notification Service (SENS)
    dhcpcsvc.dll 7d4b0000 139264 c:\winnt\system32\dhcpcsvc.dll 5.1.2600.5512 (xpsp.080413-0852) DHCP Client Service
    DNSAPI.dll 76f20000 159744 c:\winnt\system32\DNSAPI.dll 5.1.2600.6089 (xpsp_sp3_gdr.110302-1625) DNS Client API DLL
    iphlpapi.dll 76d60000 102400 c:\winnt\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
    mswsock.dll 71a50000 258048 C:\WINNT\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
    hnetcfg.dll 662b0000 360448 C:\WINNT\System32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
    wshtcpip.dll 71a90000 32768 C:\WINNT\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
    wzcsvc.dll 7db10000 573440 c:\winnt\system32\wzcsvc.dll 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration Service
    rtutils.dll 76e80000 57344 c:\winnt\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
    WMI.dll 76d30000 16384 c:\winnt\system32\WMI.dll 5.1.2600.5512 (xpsp.080413-2113) WMI DC and DP functionality
    CRYPT32.dll 77a80000 610304 c:\winnt\system32\CRYPT32.dll 5.131.2600.6237 (xpsp_sp3_gdr.120530-1718) Crypto API32
    MSASN1.dll 77b20000 73728 c:\winnt\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
    EapolQec.dll 72810000 45056 c:\winnt\system32\EapolQec.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPOL NAP Enforcement Client
    ATL.DLL 76b20000 69632 c:\winnt\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
    QUtil.dll 726c0000 90112 c:\winnt\system32\QUtil.dll 5.1.2600.5512 (xpsp.080413-0852) Quarantine Utilities
    MSVCP60.dll 76080000 413696 c:\winnt\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
    dot3api.dll 478c0000 40960 c:\winnt\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
    ESENT.dll 606b0000 1101824 c:\winnt\system32\ESENT.dll 5.1.2600.5512 (xpsp.080413-2113) Server Database Storage Engine
    SymRasMan.dll 60f10000 139264 C:\Program Files\Symantec\Symantec Endpoint Protection\SymRasMan.dll 11.0.6000.426 Symantec Network Access Control
    rastls.dll 76b70000 159744 c:\winnt\system32\rastls.dll 5.1.2600.5886 (xpsp_sp3_gdr.091012-1253) Remote Access PPP EAP-TLS
    CRYPTUI.dll 754d0000 524288 C:\WINNT\System32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
    WININET.dll 3d930000 942080 C:\WINNT\system32\WININET.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) Internet Extensions for Win32
    Normaliz.dll d20000 36864 C:\WINNT\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
    urlmon.dll 78130000 1257472 C:\WINNT\system32\urlmon.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) OLE32 Extensions for Win32
    iertutil.dll 3dfd0000 2011136 C:\WINNT\system32\iertutil.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) Run time utility for Internet Explorer
    WINTRUST.dll 76c30000 188416 C:\WINNT\System32\WINTRUST.dll 5.131.2600.6285 (xpsp_sp3_gdr.120824-1617) Microsoft Trust Verification APIs
    IMAGEHLP.dll 76c90000 163840 C:\WINNT\system32\IMAGEHLP.dll 5.1.2600.6198 (xpsp_sp3_gdr.120229-1643) Windows NT Image Helper
    MPRAPI.dll 76d40000 98304 C:\WINNT\System32\MPRAPI.dll 5.1.2600.5512 (xpsp.080413-0852) Windows NT MP Router Administration DLL
    ACTIVEDS.dll 77cc0000 204800 C:\WINNT\System32\ACTIVEDS.dll 5.1.2600.5512 (xpsp.080413-2113) ADs Router Layer DLL
    adsldpc.dll 76e10000 151552 C:\WINNT\System32\adsldpc.dll 5.1.2600.5512 (xpsp.080413-2113) ADs LDAP Provider C DLL
    SETUPAPI.dll 77920000 995328 C:\WINNT\System32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
    RASAPI32.dll 76ee0000 245760 C:\WINNT\System32\RASAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access API
    rasman.dll 76e90000 73728 C:\WINNT\System32\rasman.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Connection Manager
    TAPI32.dll 76eb0000 192512 C:\WINNT\System32\TAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft® Windows(TM) Telephony API Client DLL
    SCHANNEL.dll 767f0000 167936 C:\WINNT\System32\SCHANNEL.dll 5.1.2600.6239 (xpsp_sp3_gdr.120601-1620) TLS / SSL Security Provider
    WinSCard.dll 723d0000 114688 C:\WINNT\System32\WinSCard.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft Smart Card API
    PSAPI.DLL 76bf0000 45056 C:\WINNT\System32\PSAPI.DLL 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
    RasSymEap.dll 60fe0000 81920 C:\Program Files\Symantec\Symantec Endpoint Protection\RasSymEap.dll 11.0.6000.426 Symantec 802.1x Transparent Mode
    Cryptdll.dll 76790000 49152 C:\WINNT\System32\Cryptdll.dll 5.1.2600.5512 (xpsp.080413-2113) Cryptography Manager
    raschap.dll 76bd0000 90112 C:\WINNT\System32\raschap.dll 5.1.2600.5886 (xpsp_sp3_gdr.091012-1253) Remote Access PPP CHAP
    msv1_0.dll 77c70000 151552 C:\WINNT\system32\msv1_0.dll 5.1.2600.5876 (xpsp_sp3_gdr.090909-1234) Microsoft Authentication Package v1.0
    schedsvc.dll 77300000 208896 c:\winnt\system32\schedsvc.dll 5.1.2600.5512 (xpsp.080413-2108) Task Scheduler Engine
    NTDSAPI.dll 767a0000 77824 c:\winnt\system32\NTDSAPI.dll 5.1.2600.5512 (xpsp.080413-2113) NT5DS
    MSIDLE.DLL 74f50000 20480 C:\WINNT\System32\MSIDLE.DLL 6.00.2900.5512 (xpsp.080413-2105) User Idle Monitor
    audiosrv.dll 708b0000 53248 c:\winnt\system32\audiosrv.dll 5.1.2600.5512 (xpsp.080413-0845) Windows Audio Service
    wkssvc.dll 76e40000 143360 c:\winnt\system32\wkssvc.dll 5.1.2600.5826 (xpsp_sp3_gdr.090609-1434) Workstation Service DLL
    cryptsvc.dll 76ce0000 73728 c:\winnt\system32\cryptsvc.dll 5.1.2600.5512 (xpsp.080413-2113) Cryptographic Services
    certcli.dll 77b90000 204800 c:\winnt\system32\certcli.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft® Certificate Services Client
    dmserver.dll 74f90000 36864 c:\winnt\system32\dmserver.dll 2600.5512.503.0 Logical Disk Manager service dll
    pchsvc.dll 74f40000 49152 c:\winnt\pchealth\helpctr\binaries\pchsvc.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft PCHealth Service Holder
    ersvc.dll 74f80000 36864 c:\winnt\system32\ersvc.dll 5.1.2600.5512 (xpsp.080413-2108) Windows Error Reporting Service
    srvsvc.dll 75090000 110592 c:\winnt\system32\srvsvc.dll 5.1.2600.6031 (xpsp_sp3_gdr.100826-1646) Server Service DLL
    netman.dll 77d00000 208896 c:\winnt\system32\netman.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Manager
    netshell.dll 76400000 1724416 c:\winnt\system32\netshell.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
    credui.dll 76c00000 188416 c:\winnt\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
    dot3dlg.dll 736d0000 24576 c:\winnt\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
    OneX.DLL 5dca0000 163840 c:\winnt\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
    eappcfg.dll 745b0000 139264 c:\winnt\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
    eappprxy.dll 5dcd0000 57344 c:\winnt\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
    WZCSAPI.DLL 73030000 65536 c:\winnt\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration service API
    seclogon.dll 73d20000 32768 c:\winnt\system32\seclogon.dll 5.1.2600.5512 (xpsp.080413-2113) Secondary Logon Service DLL
    srsvc.dll 751a0000 188416 c:\winnt\system32\srsvc.dll 5.1.2600.5512 (xpsp.080413-2108) System Restore Service
    POWRPROF.dll 74ad0000 32768 c:\winnt\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
    trkwks.dll 75070000 102400 c:\winnt\system32\trkwks.dll 5.1.2600.5512 (xpsp.080413-2108) Distributed Link Tracking Client
    wmisvc.dll 59490000 163840 c:\winnt\system32\wbem\wmisvc.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
    VSSAPI.DLL 753e0000 446464 C:\WINNT\system32\VSSAPI.DLL 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
    browser.dll 76da0000 90112 c:\winnt\system32\browser.dll 5.1.2600.6260 (xpsp_sp3_gdr.120706-1619) Computer Browser Service DLL
    wuauserv.dll 50000000 20480 c:\winnt\system32\wuauserv.dll 5.4.3790.5512 (xpsp.080413-0852) Windows Update AutoUpdate Service
    wuaueng.dll 50040000 1941504 C:\WINNT\system32\wuaueng.dll 7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459) Windows Update Agent
    WINSPOOL.DRV 73000000 155648 C:\WINNT\System32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
    WINHTTP.dll 4d4f0000 364544 C:\WINNT\System32\WINHTTP.dll 5.1.2600.6175 (xpsp_sp3_gdr.111116-1647) Windows HTTP Services
    Cabinet.dll 75150000 77824 C:\WINNT\System32\Cabinet.dll 5.1.2600.5512 (xpsp.080413-2105) Microsoft® Cabinet File API
    mspatcha.dll 600a0000 45056 C:\WINNT\System32\mspatcha.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft(R) Patch Engine
    wbemcore.dll 762c0000 544768 C:\WINNT\system32\wbem\wbemcore.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
    esscli.dll 75310000 258048 C:\WINNT\system32\wbem\esscli.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
    wbemcomn.dll 75290000 225280 C:\WINNT\system32\wbem\wbemcomn.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
    FastProx.dll 75690000 483328 C:\WINNT\system32\wbem\FastProx.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) WMI
    wbemsvc.dll 74ed0000 57344 C:\WINNT\system32\wbem\wbemsvc.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
    SXS.DLL 7e720000 720896 C:\WINNT\System32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
    comsvcs.dll 76620000 1294336 C:\WINNT\system32\comsvcs.dll 2001.12.4414.702 2001.12.4414.702
    colbact.DLL 75130000 81920 C:\WINNT\system32\colbact.DLL 2001.12.4414.700 2001.12.4414.700
    MTXCLU.DLL 750f0000 77824 C:\WINNT\system32\MTXCLU.DLL 2001.12.4414.706 MS DTC amd MTS clustering support DLL
    WSOCK32.dll 71ad0000 36864 C:\WINNT\system32\WSOCK32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
    CLUSAPI.DLL 76d10000 73728 C:\WINNT\System32\CLUSAPI.DLL 5.1.2600.5512 (xpsp.080413-2111) Cluster API Library
    RESUTILS.DLL 750b0000 73728 C:\WINNT\System32\RESUTILS.DLL 5.1.2600.5512 (xpsp.080413-2111) Microsoft Cluster Resource Utility DLL
    sfc.dll 76bb0000 20480 C:\WINNT\System32\sfc.dll 5.1.2600.5512 (xpsp.080413-2111) Windows File Protection
    sfc_os.dll 76c60000 172032 C:\WINNT\System32\sfc_os.dll 5.1.2600.5512 (xpsp.080413-2111) Windows File Protection
    mtxoci.dll 750d0000 102400 C:\WINNT\System32\mtxoci.dll 2001.12.4414.706 Microsoft database support DLL for Oracle
    wmiutils.dll 75020000 110592 C:\WINNT\system32\wbem\wmiutils.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
    repdrvfs.dll 75200000 192512 C:\WINNT\system32\wbem\repdrvfs.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
    wmiprvsd.dll 3f1e0000 466944 C:\WINNT\system32\wbem\wmiprvsd.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) WMI
    NCObjAPI.DLL 5f770000 49152 C:\WINNT\system32\NCObjAPI.DLL 5.1.2600.5512 (xpsp.080413-2108)
    wbemess.dll 75390000 286720 C:\WINNT\system32\wbem\wbemess.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
    Apphelp.dll 77b40000 139264 C:\WINNT\system32\Apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
    ipnathlp.dll 66460000 348160 c:\winnt\system32\ipnathlp.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft NAT Helper Components
    AUTHZ.dll 776c0000 73728 c:\winnt\system32\AUTHZ.dll 5.1.2600.5512 (xpsp.080413-2113) Authorization Framework
    wups2.dll 50f00000 53248 C:\WINNT\system32\wups2.dll 7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459) Windows Update client proxy stub 2
    rasadhlp.dll 76fc0000 24576 C:\WINNT\System32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
    ncprov.dll 5f740000 57344 C:\WINNT\system32\wbem\ncprov.dll 5.1.2600.5512 (xpsp.080413-2108) Non-COM WMI Event Provision APIs
    upnp.dll 76de0000 147456 C:\WINNT\system32\upnp.dll 5.1.2600.5512 (xpsp.080413-0852) Universal Plug and Play API
    SSDPAPI.dll 74f00000 49152 C:\WINNT\system32\SSDPAPI.dll 5.1.2600.5512 (xpsp.080413-0852) SSDP Client API DLL
    msi.dll 7d1e0000 2867200 C:\WINNT\System32\msi.dll 3.1.4001.5512 Windows Installer
    netcfgx.dll 755f0000 630784 C:\WINNT\System32\netcfgx.dll 5.1.2600.5512 (xpsp.080413-0852) Network Configuration Objects
    tapisrv.dll 733e0000 262144 c:\winnt\system32\tapisrv.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft® Windows(TM) Telephony Server
    rasmans.dll 7df30000 204800 c:\winnt\system32\rasmans.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Connection Manager
    WINIPSEC.DLL 74370000 45056 c:\winnt\system32\WINIPSEC.DLL 5.1.2600.5512 (xpsp.080413-0852) Windows IPSec SPD Client DLL
    rastapi.dll 75880000 69632 C:\WINNT\System32\rastapi.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access TAPI Compliance Layer
    unimdm.tsp 57cc0000 221184 C:\WINNT\System32\unimdm.tsp 5.1.2600.5512 (xpsp.080413-0852) Unimodem 5 Service Provider
    uniplat.dll 72000000 28672 C:\WINNT\System32\uniplat.dll 5.1.2600.5512 (xpsp.080413-0852) Unimodem AT Mini Driver Platform Driver for Windows NT
    kmddsp.tsp 57d40000 45056 C:\WINNT\System32\kmddsp.tsp 5.1.2600.5512 (xpsp.080413-0852) TAPI Kernel-Mode Service Provider
    ndptsp.tsp 57d20000 65536 C:\WINNT\System32\ndptsp.tsp 5.1.2600.5512 (xpsp.080413-0852) NDIS Proxy TAPI Service Provider
    ipconf.tsp 57d50000 32768 C:\WINNT\System32\ipconf.tsp 5.1.2600.5512 (xpsp.080413-0852) Microsoft Multicast Conference TAPI Service Provider
    h323.tsp 57d70000 286720 C:\WINNT\System32\h323.tsp 5.1.2600.5512 (xpsp.080413-0852) Microsoft H.323 Telephony Service Provider
    hidphone.tsp 57d60000 40960 C:\WINNT\System32\hidphone.tsp 5.1.2600.5512 (xpsp.080413-0852) Microsoft HID Phone TSP
    HID.DLL 688f0000 36864 C:\WINNT\System32\HID.DLL 5.1.2600.5512 (xpsp.080413-2108) Hid User Library
    rasppp.dll 72240000 225280 C:\WINNT\System32\rasppp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access PPP
    ntlsapi.dll 724b0000 24576 C:\WINNT\System32\ntlsapi.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft® License Server Interface DLL
    kerberos.dll 71cf0000 311296 C:\WINNT\system32\kerberos.dll 5.1.2600.6059 (xpsp_sp3_gdr.101221-1626) Kerberos Security Package
    RASQEC.DLL 72ae0000 77824 C:\WINNT\System32\RASQEC.DLL 5.1.2600.5512 (xpsp.080413-0852) RAS Quarantine Enforcement Client
    RASDLG.dll 768d0000 671744 C:\WINNT\System32\RASDLG.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Common Dialog API
    wbemcons.dll 73d30000 94208 C:\WINNT\system32\wbem\wbemcons.dll 5.1.2600.5512 (xpsp.080413-2108) WMI Standard Event Consumers
    Module information for 'svchost.exe'(976)
    MODULE BASE SIZE PATH
    svchost.exe 1000000 24576 C:\WINNT\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
    ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
    kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
    ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
    RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
    Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
    ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
    AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
    USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
    GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
    WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
    ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
    msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
    OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
    MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
    VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
    SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
    SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
    USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
    UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
    IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
    LPK.DLL 629c0000 36864 C:\WINNT\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
    USP10.dll 74d90000 438272 C:\WINNT\system32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
    comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
    comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
    dnsrslvr.dll 76770000 53248 c:\winnt\system32\dnsrslvr.dll 5.1.2600.5797 (xpsp_sp3_gdr.090420-1302) DNS Caching Resolver Service
    DNSAPI.dll 76f20000 159744 c:\winnt\system32\DNSAPI.dll 5.1.2600.6089 (xpsp_sp3_gdr.110302-1625) DNS Client API DLL
    WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
    iphlpapi.dll 76d60000 102400 c:\winnt\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
    rsaenh.dll 68000000 221184 C:\WINNT\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
    mswsock.dll 71a50000 258048 C:\WINNT\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
    hnetcfg.dll 662b0000 360448 C:\WINNT\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
    wshtcpip.dll 71a90000 32768 C:\WINNT\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
    Module information for 'svchost.exe'(1020)
    MODULE BASE SIZE PATH
    svchost.exe 1000000 24576 C:\WINNT\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
    ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
    kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
    ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
    RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
    Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
    ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
    AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
    USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
    GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
    WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
    ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
    msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
    OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
    MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
    VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
    SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
    SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
    USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
    UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
    IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
    LPK.DLL 629c0000 36864 C:\WINNT\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
    USP10.dll 74d90000 438272 C:\WINNT\system32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
    comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
    comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
    NTMARTA.DLL 77690000 135168 C:\WINNT\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
    SAMLIB.dll 71bf0000 77824 C:\WINNT\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
    WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
    xpsp2res.dll 6e0000 2904064 C:\WINNT\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
    lmhsvc.dll 74c40000 24576 c:\winnt\system32\lmhsvc.dll 5.1.2600.5512 (xpsp.080413-0852) TCPIP NetBios Transport Services DLL
    iphlpapi.dll 76d60000 102400 c:\winnt\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
    WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
    mswsock.dll 71a50000 258048 C:\WINNT\System32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
    DNSAPI.dll 76f20000 159744 C:\WINNT\system32\DNSAPI.dll 5.1.2600.6089 (xpsp_sp3_gdr.110302-1625) DNS Client API DLL
    rasadhlp.dll 76fc0000 24576 C:\WINNT\system32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
    regsvc.dll 76af0000 73728 c:\winnt\system32\regsvc.dll 5.1.2600.5512 (xpsp.080413-2111) Remote Registry Service
    ssdpsrv.dll 765e0000 81920 c:\winnt\system32\ssdpsrv.dll 5.1.2600.5512 (xpsp.080413-0852) SSDP Service DLL
    hnetcfg.dll 662b0000 360448 C:\WINNT\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
    CLBCATQ.DLL 76fd0000 520192 C:\WINNT\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
    COMRes.dll 77050000 806912 C:\WINNT\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
    wshtcpip.dll 71a90000 32768 C:\WINNT\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
    upnphost.dll 62bf0000 204800 c:\winnt\system32\upnphost.dll 5.1.2600.5512 (xpsp.080413-0852) UPnP Device Host
    WINHTTP.dll 4d4f0000 364544 c:\winnt\system32\WINHTTP.dll 5.1.2600.6175 (xpsp_sp3_gdr.111116-1647) Windows HTTP Services
    SSDPAPI.dll 74f00000 49152 c:\winnt\system32\SSDPAPI.dll 5.1.2600.5512 (xpsp.080413-0852) SSDP Client API DLL
    netapi32.dll 5b860000 348160 C:\WINNT\system32\netapi32.dll 5.1.2600.6260 (xpsp_sp3_gdr.120706-1619) Net Win32 API DLL
    Module information for 'svchost.exe'(1768)
    MODULE BASE SIZE PATH
    svchost.exe 1000000 24576 C:\WINNT\System32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
    ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
    kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
    ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
    RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
    Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
    ShimEng.dll 5cb70000 155648 C:\WINNT\System32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
    AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
    USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
    GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
    WINMM.dll 76b40000 184320 C:\WINNT\System32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
    ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
    msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
    OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
    MSACM32.dll 77be0000 86016 C:\WINNT\System32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
    VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
    SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
    SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
    USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
    UxTheme.dll 5ad70000 229376 C:\WINNT\System32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
    IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
    LPK.DLL 629c0000 36864 C:\WINNT\System32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
    USP10.dll 74d90000 438272 C:\WINNT\System32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
    comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
    comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
    NTMARTA.DLL 77690000 135168 C:\WINNT\System32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
    SAMLIB.dll 71bf0000 77824 C:\WINNT\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
    WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
    xpsp2res.dll 6e0000 2904064 C:\WINNT\System32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
    w3ssl.dll 5aa90000 28672 c:\winnt\system32\w3ssl.dll 6.0.2600.5512 (xpsp.080413-0852) SSL service for HTTP
    strmfilt.dll 6f290000 90112 C:\WINNT\System32\strmfilt.dll 6.0.2600.5891 (xpsp_sp3_gdr.091020-1758) Stream Filter Library
    CRYPT32.dll 77a80000 610304 C:\WINNT\System32\CRYPT32.dll 5.131.2600.6237 (xpsp_sp3_gdr.120530-1718) Crypto API32
    MSASN1.dll 77b20000 73728 C:\WINNT\System32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
    HTTPAPI.dll 67570000 40960 C:\WINNT\System32\HTTPAPI.dll 5.1.2600.5891 (xpsp_sp3_gdr.091020-1758) HTTP Protocol Stack API
    WS2_32.dll 71ab0000 94208 C:\WINNT\System32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 71aa0000 32768 C:\WINNT\System32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
    Module information for 'svchost.exe'(2012)
    MODULE BASE SIZE PATH
    svchost.exe 1000000 24576 C:\WINNT\System32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
    ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
    kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
    ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
    RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
    Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
    ShimEng.dll 5cb70000 155648 C:\WINNT\System32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
    AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
    USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
    GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
    WINMM.dll 76b40000 184320 C:\WINNT\System32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
    ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
    msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
    OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
    MSACM32.dll 77be0000 86016 C:\WINNT\System32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
    VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
    SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
    SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
    USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
    UxTheme.dll 5ad70000 229376 C:\WINNT\System32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
    IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
    LPK.DLL 629c0000 36864 C:\WINNT\System32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
    USP10.dll 74d90000 438272 C:\WINNT\System32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
    comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
    comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
    hpzinw12.dll 10000000 57344 c:\winnt\system32\hpzinw12.dll 13,1,1,51 Dot4Net Module
    WSOCK32.dll 71ad0000 36864 c:\winnt\system32\WSOCK32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
    WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
    NTMARTA.DLL 77690000 135168 C:\WINNT\System32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
    SAMLIB.dll 71bf0000 77824 C:\WINNT\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
    WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
     
  20. weety

    weety TS Rookie Topic Starter Posts: 60

    Module information for 'svchost.exe'(2028)
    MODULE BASE SIZE PATH
    svchost.exe 1000000 24576 C:\WINNT\System32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
    ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
    kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
    ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
    RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
    Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
    ShimEng.dll 5cb70000 155648 C:\WINNT\System32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
    AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
    USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
    GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
    WINMM.dll 76b40000 184320 C:\WINNT\System32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
    ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
    msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
    OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
    MSACM32.dll 77be0000 86016 C:\WINNT\System32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
    VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
    SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
    SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
    USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
    UxTheme.dll 5ad70000 229376 C:\WINNT\System32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
    IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
    LPK.DLL 629c0000 36864 C:\WINNT\System32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
    USP10.dll 74d90000 438272 C:\WINNT\System32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
    comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
    comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
    hpzipm12.dll 10000000 65536 c:\winnt\system32\hpzipm12.dll 13,1,1,51 PmlDrv Module
    WSOCK32.dll 71ad0000 36864 c:\winnt\system32\WSOCK32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
    WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
    WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
    NTMARTA.DLL 77690000 135168 C:\WINNT\System32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
    SAMLIB.dll 71bf0000 77824 C:\WINNT\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
    WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
    Module information for 'svchost.exe'(312)
    MODULE BASE SIZE PATH
    svchost.exe 1000000 24576 C:\WINNT\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
    ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
    kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
    ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
    RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
    Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
    ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
    AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
    USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
    GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
    WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
    ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
    msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
    OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
    MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
    VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
    SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
    SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
    USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
    UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
    IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
    LPK.DLL 629c0000 36864 C:\WINNT\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
    USP10.dll 74d90000 438272 C:\WINNT\system32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
    comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
    comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
    wiaservc.dll 75aa0000 348160 c:\winnt\system32\wiaservc.dll 5.1.2600.5512 (xpsp.080413-0852) Still Image Devices Service
    CFGMGR32.dll 74ae0000 28672 c:\winnt\system32\CFGMGR32.dll 5.1.2600.5512 (xpsp.080413-2111) Configuration Manager Forwarder DLL
    setupapi.DLL 77920000 995328 c:\winnt\system32\setupapi.DLL 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
    mscms.dll 73b30000 86016 c:\winnt\system32\mscms.dll 5.1.2600.5627 (xpsp_sp3_gdr.080624-1245) Microsoft Color Matching System DLL
    WINSPOOL.DRV 73000000 155648 c:\winnt\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
    WINSTA.dll 76360000 65536 c:\winnt\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
    NETAPI32.dll 5b860000 348160 c:\winnt\system32\NETAPI32.dll 5.1.2600.6260 (xpsp_sp3_gdr.120706-1619) Net Win32 API DLL
    xpsp2res.dll 6e0000 2904064 C:\WINNT\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
    CLBCATQ.DLL 76fd0000 520192 C:\WINNT\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
    COMRes.dll 77050000 806912 C:\WINNT\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
    WINTRUST.dll 76c30000 188416 C:\WINNT\system32\WINTRUST.dll 5.131.2600.6285 (xpsp_sp3_gdr.120824-1617) Microsoft Trust Verification APIs
    CRYPT32.dll 77a80000 610304 C:\WINNT\system32\CRYPT32.dll 5.131.2600.6237 (xpsp_sp3_gdr.120530-1718) Crypto API32
    MSASN1.dll 77b20000 73728 C:\WINNT\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
    IMAGEHLP.dll 76c90000 163840 C:\WINNT\system32\IMAGEHLP.dll 5.1.2600.6198 (xpsp_sp3_gdr.120229-1643) Windows NT Image Helper
    actxprxy.dll 71d40000 110592 C:\WINNT\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library



    ******************************************
    EOF
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    And we go again...

    Hitman Pro

    Please download Hitman Pro

    • After the download completes please double click the program to run it.
    • Accept the terms of the license agreement and click Next
    • Let the scan run. It will not take long
    • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
    • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
    • Upload log.xml here for review please

    GMER

    Note about this tool:
    • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
    • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
    • No matter what is in the log, please post all the information/contents of the log.
    • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"

    Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

    Double-click gmer.exe. The program will begin to run.

    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click NO
    • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
    • Now click the Scan button.
      Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
    • Save it where you can easily find it, such as your desktop.
    Post the contents of GMER.txt in your next reply.
     
  22. weety

    weety TS Rookie Topic Starter Posts: 60

    Code:
    HitmanPro 3.6.2.173
    www.hitmanpro.com
    
       Computer name . . . . : EE-HMC05
       Windows . . . . . . . : 5.1.3.2600.X86/2
       User name . . . . . . : IC\hmc05
       License . . . . . . . : Free
    
       Scan date . . . . . . : 2012-10-26 19:36:18
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 2m 34s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 2
    
       Objects scanned . . . : 1,183,499
       Files scanned . . . . : 15,552
       Remnants scanned  . . : 534,000 files / 633,947 keys
    
    Cookies _____________________________________________________________________
    
       H:\IExplorer\Cookies\hmc05@bs.serving-sys[7].txt
       H:\IExplorer\Cookies\hmc05@serving-sys[6].txt
    
    
    
     
  23. weety

    weety TS Rookie Topic Starter Posts: 60

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-27 13:42:38
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 WDC_WD2500AAJS-60M0A0 rev.02.03E02
    Running: gmer.exe; Driver: C:\DOCUME~1\hmc05\LOCALS~1\Temp\aflcapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwAllocateVirtualMemory [0xB9CEB2D2]
    SSDT 8A16A008 ZwConnectPort
    SSDT spvu.sys ZwCreateKey [0xB9EB50E0]
    SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwCreateThread [0xB9CEC904]
    SSDT spvu.sys ZwEnumerateKey [0xB9ECDDA4]
    SSDT spvu.sys ZwEnumerateValueKey [0xB9ECE132]
    SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwFreeVirtualMemory [0xB9CEB55E]
    SSDT spvu.sys ZwOpenKey [0xB9EB50C0]
    SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwOpenSection [0xB9CEB0F0]
    SSDT spvu.sys ZwQueryKey [0xB9ECE20A]
    SSDT spvu.sys ZwQueryValueKey [0xB9ECE08A]
    SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwQueueApcThread [0xB9CECA0C]
    SSDT 8A184DF0 ZwResumeThread
    SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSetContextThread [0xB9CECA58]
    SSDT spvu.sys ZwSetValueKey [0xB9ECE29C]
    SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSystemDebugControl [0xB9CEB006]
    SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwWriteVirtualMemory [0xB9CEB66E]

    INT 0x62 ? 8A47FBF8
    INT 0x73 ? 8A47FBF8
    INT 0x73 ? 8A47FBF8
    INT 0x73 ? 8A47FBF8
    INT 0x73 ? 8A47FBF8
    INT 0x73 ? 8A47FBF8
    INT 0x82 ? 8A47FBF8
    INT 0x83 ? 8A083BF8
    INT 0x83 ? 8A083BF8
    INT 0x83 ? 8A083BF8
    INT 0x83 ? 8A083BF8
    INT 0x84 ? 8A083BF8
    INT 0x84 ? 8A083BF8
    INT 0x84 ? 8A083BF8
    INT 0x84 ? 8A083BF8
    INT 0x94 ? 8A083BF8
    INT 0x94 ? 8A083BF8
    INT 0x94 ? 8A083BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spvu.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload B92308AC 5 Bytes JMP 8A0831D8

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINNT\system32\SearchIndexer.exe[808] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINNT\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spvu.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spvu.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spvu.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spvu.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spvu.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spvu.sys

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
    IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\System32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8A4ED1F8

    AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)

    Device \Driver\usbuhci \Device\USBPDO-0 8A08A1F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4EF1F8
    Device \Driver\dmio \Device\DmControl\DmConfig 8A4EF1F8
    Device \Driver\dmio \Device\DmControl\DmPnP 8A4EF1F8
    Device \Driver\dmio \Device\DmControl\DmInfo 8A4EF1F8
    Device \Driver\usbuhci \Device\USBPDO-1 8A08A1F8
    Device \Driver\usbuhci \Device\USBPDO-2 8A08A1F8
    Device \Driver\usbehci \Device\USBPDO-3 8A0F71F8
    Device \Driver\usbuhci \Device\USBPDO-4 8A08A1F8

    AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
    AttachedDevice \Driver\Tcpip \Device\Tcp fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\usbuhci \Device\USBPDO-5 8A08A1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{BA44147E-D188-421D-83F4-E51BBDEDA4DC} 89A941F8
    Device \Driver\usbuhci \Device\USBPDO-6 8A08A1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4801F8
    Device \Driver\usbehci \Device\USBPDO-7 8A0F71F8
    Device \Driver\Cdrom \Device\CdRom0 8A0CE1F8
    Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort2 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort4 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort5 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-16 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\NetBT \Device\NetBt_Wins_Export 89A941F8
    Device \Driver\NetBT \Device\NetbiosSmb 89A941F8

    AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
    AttachedDevice \Driver\Tcpip \Device\Udp fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
    AttachedDevice \Driver\Tcpip \Device\RawIp fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\usbuhci \Device\USBFDO-0 8A08A1F8
    Device \Driver\usbuhci \Device\USBFDO-1 8A08A1F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A8E1F8
    Device \Driver\usbuhci \Device\USBFDO-2 8A08A1F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A8E1F8
    Device \Driver\usbehci \Device\USBFDO-3 8A0F71F8
    Device \Driver\usbuhci \Device\USBFDO-4 8A08A1F8
    Device \Driver\Ftdisk \Device\FtControl 8A4801F8
    Device \Driver\usbuhci \Device\USBFDO-5 8A08A1F8
    Device \Driver\usbuhci \Device\USBFDO-6 8A08A1F8
    Device \Driver\usbehci \Device\USBFDO-7 8A0F71F8
    Device \FileSystem\Cdfs \Cdfs 89A7F1F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x02 0x47 0x65 0x45 ...

    ---- EOF - GMER 1.0.15 ----
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    To enableCD Emulation programs using DeFogger please perform these steps:
    • Please download DeFogger to your desktop.
    • Once downloaded, double-click on the DeFogger icon to start the tool.
    • The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
    • When it prompts you whether or not you want to continue, please click on the Yes button to continue
    • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    • If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

    Then, re-run GMER and post a log.


    SystemLook x86 scan

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  25. weety

    weety TS Rookie Topic Starter Posts: 60

    Do I really have to run GMER again, or just do the other steps?
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.