Inactive Websites redirected, can't run Windows Update, can't install Malwarebytes

I ran the fix. One message popped up to say one folder couldn't be deleted as it's a Windows system folder.

Upon reboot, Google Chrome no longer works (I tried reinstalling Chrome, but the installer now won't run). However, Internet Explorer seems to be back somehow. All other problems are unchanged, so I'll run a quick scan in a minute.

Here's the first log:


All processes killed
========== OTL ==========
C:\WINNT\system32\CcmFramework.ini moved successfully.
C:\WINNT\system32\CcmFramework.h moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5954813 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5387018 bytes

User: hmc05
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 449205614 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5785646 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 379157 bytes

User: nighttime
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1014085 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
Session Manager Temp folder emptied: 439 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 446.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10192012_180239
Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\hmc05\local settings\Application Data\Microsoft\Windows\UsrClass.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\hmc05\local settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\local settings\Application Data\Microsoft\Windows\UsrClass.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\local settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_770.dat not found!
File move failed. C:\Documents and Settings\NetworkService\local settings\Application Data\Microsoft\Windows\UsrClass.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\NetworkService\local settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Log from Quick Scan:


OTL logfile created on: 19/10/2012 18:18:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\hmc05\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.95 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 73.83% Memory free
4.79 Gb Paging File | 4.05 Gb Available in Paging File | 84.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 187.03 Gb Free Space | 80.31% Space Free | Partition Type: NTFS
Drive D: | 616.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 8.00 Gb Total Space | 6.93 Gb Free Space | 86.68% Space Free | Partition Type: NTFS
Drive L: | 390.63 Mb Total Space | 195.66 Mb Free Space | 50.09% Space Free | Partition Type: NTFS
Drive V: | 90.45 Gb Total Space | 27.96 Gb Free Space | 30.91% Space Free | Partition Type: NTFS
Drive W: | 90.45 Gb Total Space | 27.96 Gb Free Space | 30.91% Space Free | Partition Type: NTFS
Drive Y: | 90.45 Gb Total Space | 27.96 Gb Free Space | 30.91% Space Free | Partition Type: NTFS
Drive Z: | 90.45 Gb Total Space | 27.96 Gb Free Space | 30.91% Space Free | Partition Type: NTFS

Computer Name: EE-HMC05 | User Name: hmc05 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/07 20:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hmc05\Desktop\OTL.exe
PRC - [2011/10/28 14:15:14 | 000,062,976 | ---- | M] (Imperial College London) -- C:\Program Files\Imperial College London\Auto-sleep\auto-sleep.exe
PRC - [2010/11/18 15:11:40 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/11/18 15:11:19 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/11/18 15:11:18 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/11/18 15:11:07 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/11/17 12:55:13 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\CCM\CcmExec.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2009/12/21 02:42:16 | 000,176,235 | ---- | M] () -- C:\WINNT\system32\Primomonnt.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINNT\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/24 12:18:19 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/11/18 15:11:40 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/11/18 15:11:40 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/11/18 15:11:18 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/11/18 15:11:10 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/11/18 15:11:07 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/11/17 12:55:13 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (rkhdrv40)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\hmc05\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/09/17 09:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120924.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/17 09:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120924.035\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/15 14:26:06 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/15 14:26:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/18 15:14:59 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/18 15:11:43 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/11/18 15:11:43 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/11/18 15:11:42 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/11/18 15:10:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2010/11/18 15:10:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2010/11/18 15:10:26 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/12/18 00:14:34 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/09/18 05:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/03 11:52:32 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/20 21:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/07/19 11:40:48 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HECI.sys -- (HECI)
DRV - [2008/06/05 12:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2008/03/28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2005/10/21 11:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/10/18 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\cvintdrv.sys -- (cvintdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5C6775AE-B17E-43EC-951F-1735ED9382DB}: "URL" = http://search.live.com/ie.aspx?q={searchTerms}
IE - HKLM\..\SearchScopes\{5CEB5537-BEEB-4BC2-A428-B524DC584A5A}: "URL" = http://search.imperial.ac.uk/icsear...h=20&cs=iso-8859-1&sc=imperial&sm=0&ha=0&mt=1
IE - HKLM\..\SearchScopes\{6D91FEDC-F816-4F15-B929-B6B57184D2F8}: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{2ED652B6-A935-4ECF-95F9-E62AC8AAFD4F}: "URL" = http://search.live.com/ie.aspx?q={searchTerms}
IE - HKCU\..\SearchScopes\{5A81F079-14F5-4766-A656-C6889E04A9E0}: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}
IE - HKCU\..\SearchScopes\{850361F7-476B-44B8-AB49-9C7F85564DBD}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{F66A58C6-CA60-4AB4-885F-0196F9274FF5}: "URL" = http://search.imperial.ac.uk/icsear...h=20&cs=iso-8859-1&sc=imperial&sm=0&ha=0&mt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2981: C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3039: C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1798: C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/16 18:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/02 11:35:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/16 15:15:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7.3\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7.3\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins

[2012/05/16 18:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/22 13:39:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/09/20 00:00:08 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13123.dll
[2005/10/12 16:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV80Win32.dll
[2012/04/21 03:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/21 03:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 03:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/21 03:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/21 03:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/21 03:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/10/09 21:11:31 | 000,000,855 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto-sleep.lnk = C:\WINNT\Installer\{F1F8CE7F-1D24-416F-BFA1-F7DD39D8A000}\mainicon.ico ()
O4 - Startup: C:\Documents and Settings\hmc05\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Documents and Settings\hmc05\Start Menu\Programs\Startup\ICTprintservice.lnk = \\ICADS11\netlogon\clusters\common\ICTprintservice.cmd ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRunOnStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: ic.ac.uk ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ic.ac.uk ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: icfs16.cc.ic.ac.uk ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: imperial.ac.uk ([]* in Local intranet)
O16 - DPF: {64A6114F-2976-4634-BE36-134BF84D369C} https://www3.imperial.ac.uk/eWebEditPro/ewebeditpro4.cab (eWebEditProLibCtl4.eWebEditPro)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AD} ftp://ftp.ni.com/pub/devzone/tut/cnx_lv8_runtime.exe (LabVIEWControl Class)
O16 - DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.23)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 155.198.142.7 155.198.142.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA44147E-D188-421D-83F4-E51BBDEDA4DC}: DhcpNameServer = 155.198.142.7 155.198.142.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/14 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/19 18:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google
[2012/10/19 18:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Identities
[2012/10/19 18:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Symantec
[2012/10/19 18:02:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/19 18:02:54 | 000,000,000 | -HSD | C] -- \RECYCLER
[2012/10/19 18:02:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/19 18:02:39 | 000,000,000 | ---D | C] -- \_OTL
[2012/10/19 02:05:21 | 000,000,000 | ---D | C] -- C:\WINNT\temp
[2012/10/18 14:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Start Menu\Programs\Google Chrome
[2012/10/18 14:27:37 | 000,000,000 | ---D | C] -- H:\Macromedia
[2012/10/15 18:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Start Menu\Programs\Rootkit Unhooker
[2012/10/15 18:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Desktop\a02nf
[2012/10/15 17:42:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2012/10/15 09:53:07 | 000,708,960 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\hmc05\Desktop\GetSystemInfo.exe
[2012/10/11 15:47:20 | 000,694,287 | ---- | C] (Farbar) -- C:\Documents and Settings\hmc05\Desktop\FSS.exe
[2012/10/11 10:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Desktop\RK_Quarantine
[2012/10/10 09:16:40 | 000,000,000 | ---D | C] -- C:\WINNT\ms
[2012/10/09 21:13:02 | 000,000,000 | ---D | C] -- C:\WINNT\SoftwareDistribution
[2012/10/09 21:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Start Menu
[2012/10/09 20:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2012/10/09 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/10/09 20:39:52 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/10/09 20:39:52 | 000,000,000 | ---D | C] -- \RegBackup
[2012/10/09 20:34:09 | 000,116,224 | ---- | C] (Xerox) -- C:\WINNT\System32\dllcache\xrxwiadr.dll
[2012/10/09 20:34:07 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINNT\System32\dllcache\xrxwbtmp.dll
[2012/10/09 20:33:46 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\xlog.exe
[2012/10/09 20:33:43 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINNT\System32\dllcache\xem336n5.sys
[2012/10/09 20:33:27 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINNT\System32\dllcache\wlluc48.sys
[2012/10/09 20:33:25 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINNT\System32\dllcache\wlandrv2.sys
[2012/10/09 20:33:19 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINNT\System32\dllcache\winacisa.sys
[2012/10/09 20:33:06 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINNT\System32\dllcache\wbfirdma.sys
[2012/10/09 20:32:54 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w940nd.sys
[2012/10/09 20:32:52 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w926nd.sys
[2012/10/09 20:32:49 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w840nd.sys
[2012/10/09 20:32:44 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\vvoice.sys
[2012/10/09 20:32:41 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\vpctcom.sys
[2012/10/09 20:32:38 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\vmodem.sys
[2012/10/09 20:32:36 | 000,249,402 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\vinwm.sys
[2012/10/09 20:32:25 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usrti.sys
[2012/10/09 20:32:15 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1806v.sys
[2012/10/09 20:32:12 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1806.sys
[2012/10/09 20:32:10 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1801.sys
[2012/10/09 20:32:06 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINNT\System32\dllcache\usb101et.sys
[2012/10/09 20:31:52 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINNT\System32\dllcache\umaxscan.dll
[2012/10/09 20:31:43 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINNT\System32\dllcache\um54scan.dll
[2012/10/09 20:31:40 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINNT\System32\dllcache\um34scan.dll
[2012/10/09 20:31:28 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridxpm.sys
[2012/10/09 20:31:25 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridxp.dll
[2012/10/09 20:31:23 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridkbm.sys
[2012/10/09 20:31:20 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridkb.dll
[2012/10/09 20:31:18 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\trid3dm.sys
[2012/10/09 20:31:16 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\trid3d.dll
[2012/10/09 20:30:54 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINNT\System32\dllcache\tjisdn.sys
[2012/10/09 20:30:51 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tgiulnt5.sys
[2012/10/09 20:30:49 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tgiul50.dll
[2012/10/09 20:30:48 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINNT\System32\dllcache\tffsport.sys
[2012/10/09 20:30:45 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINNT\System32\dllcache\tdkcd31.sys
[2012/10/09 20:30:42 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINNT\System32\dllcache\tdk100b.sys
[2012/10/09 20:30:32 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\t2r4mini.sys
[2012/10/09 20:30:30 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINNT\System32\dllcache\t2r4disp.dll
[2012/10/09 20:30:00 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnprop.dll
[2012/10/09 20:29:58 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlncoin.dll
[2012/10/09 20:29:56 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnata.sys
[2012/10/09 20:29:53 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINNT\System32\dllcache\stcusb.sys
[2012/10/09 20:29:49 | 000,048,736 | ---- | C] (3Com) -- C:\WINNT\System32\dllcache\srwlnd5.sys
[2012/10/09 20:29:34 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINNT\System32\dllcache\sparrow.sys
[2012/10/09 20:29:15 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINNT\System32\dllcache\smiminib.sys
[2012/10/09 20:29:12 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINNT\System32\dllcache\smidispb.dll
[2012/10/09 20:29:10 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINNT\System32\dllcache\smcpwr2n.sys
[2012/10/09 20:29:08 | 000,035,913 | ---- | C] (SMC) -- C:\WINNT\System32\dllcache\smcirda.sys
[2012/10/09 20:29:06 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINNT\System32\dllcache\smc8000n.sys
[2012/10/09 20:28:48 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINNT\System32\dllcache\sla30nd5.sys
[2012/10/09 20:28:46 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINNT\System32\dllcache\skfpwin.sys
[2012/10/09 20:28:43 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINNT\System32\dllcache\sk98xwin.sys
[2012/10/09 20:28:39 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINNT\System32\dllcache\sisnic.sys
[2012/10/09 20:28:19 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINNT\System32\dllcache\sgsmusb.sys
[2012/10/09 20:28:17 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINNT\System32\dllcache\sgsmld.sys
[2012/10/09 20:28:15 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\sgiulnt5.sys
[2012/10/09 20:28:12 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\sgiul50.dll
[2012/10/09 20:27:53 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINNT\System32\dllcache\scr111.sys
[2012/10/09 20:27:48 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\sccmusbm.sys
[2012/10/09 20:27:46 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\sccmn50m.sys
[2012/10/09 20:27:36 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav4m.sys
[2012/10/09 20:27:33 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav4.dll
[2012/10/09 20:27:31 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav3dm.sys
[2012/10/09 20:27:29 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav3d.dll
[2012/10/09 20:27:27 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mvirge.dll
[2012/10/09 20:27:25 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mtrio.dll
[2012/10/09 20:27:23 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mt3d.sys
[2012/10/09 20:27:21 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mt3d.dll
[2012/10/09 20:27:19 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3m.sys
[2012/10/09 20:27:14 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rwia450.dll
[2012/10/09 20:27:12 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rwia430.dll
[2012/10/09 20:27:11 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rw450ext.dll
[2012/10/09 20:27:10 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rw430ext.dll
[2012/10/09 20:27:01 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\rsmgrstr.dll
 
[2012/10/09 20:26:57 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINNT\System32\dllcache\rocket.sys
[2012/10/09 20:26:54 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINNT\System32\dllcache\rlnet5.sys
[2012/10/09 20:26:51 | 000,086,097 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\reslog32.dll
[2012/10/09 20:26:39 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\r2mdmkxx.sys
[2012/10/09 20:26:37 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\r2mdkxga.sys
[2012/10/09 20:26:17 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserlv.sys
[2012/10/09 20:26:15 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserlp.sys
[2012/10/09 20:26:13 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserli.sys
[2012/10/09 20:26:06 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINNT\System32\dllcache\pscr.sys
[2012/10/09 20:25:33 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\pctspk.exe
[2012/10/09 20:25:25 | 000,026,153 | ---- | C] (Linksys) -- C:\WINNT\System32\dllcache\pcmlm56.sys
[2012/10/09 20:25:24 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINNT\System32\dllcache\pca200e.sys
[2012/10/09 20:25:22 | 000,030,495 | ---- | C] (Linksys) -- C:\WINNT\System32\dllcache\pc100nds.sys
[2012/10/09 20:24:56 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otcsercb.sys
[2012/10/09 20:24:54 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otceth5.sys
[2012/10/09 20:24:52 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otc06x5.sys
[2012/10/09 20:24:49 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINNT\System32\dllcache\opl3sax.sys
[2012/10/09 20:24:36 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINNT\System32\dllcache\ntgrip.sys
[2012/10/09 20:24:27 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\nm6wdm.sys
[2012/10/09 20:24:25 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\nm5a2wdm.sys
[2012/10/09 20:24:21 | 000,132,695 | ---- | C] (802.11b) -- C:\WINNT\System32\dllcache\netwlan5.sys
[2012/10/09 20:24:14 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\neo20xx.sys
[2012/10/09 20:24:12 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\neo20xx.dll
[2012/10/09 20:24:06 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i3disp.dll
[2012/10/09 20:24:04 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i3d.sys
[2012/10/09 20:24:02 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128v2.sys
[2012/10/09 20:24:00 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128v2.dll
[2012/10/09 20:23:59 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128.sys
[2012/10/09 20:23:57 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128.dll
[2012/10/09 20:23:51 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINNT\System32\dllcache\mxport.sys
[2012/10/09 20:23:49 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINNT\System32\dllcache\mxport.dll
[2012/10/09 20:23:47 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINNT\System32\dllcache\mxnic.sys
[2012/10/09 20:23:46 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINNT\System32\dllcache\mxicfg.dll
[2012/10/09 20:23:44 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINNT\System32\dllcache\mxcard.sys
[2012/10/09 20:23:09 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINNT\System32\dllcache\mraid35x.sys
[2012/10/09 20:22:43 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINNT\System32\dllcache\mdgndis5.sys
[2012/10/09 20:22:30 | 000,797,500 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltsmt.sys
[2012/10/09 20:22:28 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINNT\System32\dllcache\ltsm.sys
[2012/10/09 20:22:28 | 000,420,992 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmntt.sys
[2012/10/09 20:22:26 | 000,606,684 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmnt.sys
[2012/10/09 20:22:26 | 000,576,746 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmntl.sys
[2012/10/09 20:22:24 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ltck000c.sys
[2012/10/09 20:22:18 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINNT\System32\dllcache\lne100tx.sys
[2012/10/09 20:22:16 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINNT\System32\dllcache\lne100.sys
[2012/10/09 20:22:14 | 000,025,065 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\lmndis3.sys
[2012/10/09 20:22:12 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINNT\System32\dllcache\lit220p.sys
[2012/10/09 20:22:09 | 000,026,442 | ---- | C] (SMSC) -- C:\WINNT\System32\dllcache\lanepic5.sys
[2012/10/09 20:22:08 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINNT\System32\dllcache\ktc111.sys
[2012/10/09 20:21:49 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINNT\System32\dllcache\irmk7.sys
[2012/10/09 20:21:23 | 000,372,824 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\iconf32.dll
[2012/10/09 20:20:19 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINNT\System32\dllcache\hpgt53tk.dll
[2012/10/09 20:20:14 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINNT\System32\dllcache\hpgt34tk.dll
[2012/10/09 20:19:56 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\grserial.sys
[2012/10/09 20:19:55 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\grclass.sys
[2012/10/09 20:19:53 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\gpr400.sys
[2012/10/09 20:19:44 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fxusbase.sys
[2012/10/09 20:19:37 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fusbbase.sys
[2012/10/09 20:19:36 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fus2base.sys
[2012/10/09 20:19:33 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpnpbase.sys
[2012/10/09 20:19:32 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpcmbase.sys
[2012/10/09 20:19:31 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpcibase.sys
[2012/10/09 20:19:30 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINNT\System32\dllcache\forehe.sys
[2012/10/09 20:19:20 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINNT\System32\dllcache\fa410nd5.sys
[2012/10/09 20:19:18 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINNT\System32\dllcache\f3ab18xj.sys
[2012/10/09 20:19:17 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINNT\System32\dllcache\f3ab18xi.sys
[2012/10/09 20:18:16 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINNT\System32\dllcache\ds1wdm.sys
[2012/10/09 20:18:09 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINNT\System32\dllcache\dp83820.sys
[2012/10/09 20:17:53 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINNT\System32\dllcache\dm9pci5.sys
[2012/10/09 20:17:51 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINNT\System32\dllcache\dlh5xnd5.sys
[2012/10/09 20:17:50 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diwan.sys
[2012/10/09 20:17:48 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\ditrace.exe
[2012/10/09 20:17:47 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvsu.dll
[2012/10/09 20:17:46 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvpp.dll
[2012/10/09 20:17:46 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvci.dll
[2012/10/09 20:17:44 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\dimaint.sys
[2012/10/09 20:17:32 | 000,024,649 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\dfe650d.sys
[2012/10/09 20:17:31 | 000,024,648 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\dfe650.sys
[2012/10/09 20:17:29 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINNT\System32\dllcache\defpa.sys
[2012/10/09 20:17:15 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwrwdm.sys
[2012/10/09 20:17:14 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcspud.sys
[2012/10/09 20:17:14 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcwdm.sys
[2012/10/09 20:17:13 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcosnt5.sys
[2012/10/09 20:17:12 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbwdm.sys
[2012/10/09 20:17:12 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbmidi.sys
[2012/10/09 20:17:11 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbase.sys
[2012/10/09 20:17:10 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINNT\System32\dllcache\ctmasetp.dll
[2012/10/09 20:17:06 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINNT\System32\dllcache\cpscan.dll
[2012/10/09 20:16:56 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\cmbp0wdm.sys
[2012/10/09 20:16:48 | 000,980,034 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\cicap.sys
[2012/10/09 20:16:45 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem56n5.sys
[2012/10/09 20:16:44 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce3n5.sys
[2012/10/09 20:16:44 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem33n5.sys
[2012/10/09 20:16:44 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem28n5.sys
[2012/10/09 20:16:44 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce2n5.sys
[2012/10/09 20:16:42 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cbmdmkxx.sys
[2012/10/09 20:16:42 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cben5.sys
[2012/10/09 20:16:41 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINNT\System32\dllcache\cb325.sys
[2012/10/09 20:16:41 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINNT\System32\dllcache\cb102.sys
[2012/10/09 20:16:40 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\diapi2NT.dll
[2012/10/09 20:16:39 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diapi2.sys
[2012/10/09 20:16:26 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brserwdm.sys
[2012/10/09 20:16:26 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINNT\System32\dllcache\brzwlan.sys
[2012/10/09 20:16:26 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbmdm.sys
[2012/10/09 20:16:26 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbscn.sys
[2012/10/09 20:16:25 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparwdm.sys
[2012/10/09 20:16:25 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brserif.dll
[2012/10/09 20:16:25 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINNT\System32\dllcache\brscnrsm.dll
[2012/10/09 20:16:24 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparimg.sys
[2012/10/09 20:16:23 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfusb.dll
[2012/10/09 20:16:23 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfrsmg.exe
[2012/10/09 20:16:23 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmflpt.dll
[2012/10/09 20:16:22 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfbidi.dll
[2012/10/09 20:16:22 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltlo.sys
[2012/10/09 20:16:22 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltup.sys
[2012/10/09 20:16:21 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brbidiif.dll
[2012/10/09 20:16:21 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brevif.dll
[2012/10/09 20:16:21 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brcoinst.dll
[2012/10/09 20:16:21 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brfilt.sys
[2012/10/09 20:16:19 | 000,871,388 | ---- | C] (BCM) -- C:\WINNT\System32\dllcache\bcmdm.sys
[2012/10/09 20:16:17 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.dll
[2012/10/09 20:16:17 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\b1cbase.sys
[2012/10/09 20:16:17 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.sys
[2012/10/09 20:16:16 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmenum.dll
[2012/10/09 20:16:16 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmcoxp.dll
[2012/10/09 20:16:16 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmwan.sys
[2012/10/09 20:16:16 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINNT\System32\dllcache\aztw2320.sys
[2012/10/09 20:15:55 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINNT\System32\dllcache\aspndis3.sys
[2012/10/09 20:15:51 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINNT\System32\dllcache\amb8002.sys
[2012/10/09 20:15:44 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINNT\System32\dllcache\adptsf50.sys
[2012/10/09 20:15:43 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8830.sys
[2012/10/09 20:15:43 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\admjoy.sys
[2012/10/09 20:15:42 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8810.sys
[2012/10/09 20:15:42 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8820.sys
[2012/10/09 20:15:41 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINNT\System32\dllcache\acerscad.dll
[2012/10/09 20:15:39 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINNT\System32\dllcache\a3dapi.dll
[2012/10/09 20:15:39 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINNT\System32\dllcache\a3d.dll
[2012/10/09 20:15:38 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINNT\System32\dllcache\3cwmcru.sys
[2012/10/09 20:15:38 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvs.dll
[2012/10/09 20:15:38 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvsm.sys
[2012/10/09 20:00:05 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINNT\PSEXESVC.EXE
[2012/10/09 19:59:12 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/10/09 19:59:12 | 000,000,000 | ---D | C] -- \Tweaking.com_Windows_Repair_Logs
[2012/10/09 19:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Desktop\Tweak
[2012/10/08 21:54:23 | 000,000,000 | ---D | C] -- C:\WINNT\Application Data
[2012/10/08 19:45:41 | 002,322,184 | ---- | C] (ESET) -- H:\esetsmartinstaller_enu.exe
[2012/10/07 20:53:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hmc05\Desktop\OTL.exe
[2012/10/07 18:42:19 | 000,000,000 | ---D | C] -- C:\WINNT\PIF
[2012/10/07 17:53:48 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- H:\SpyHunter-Installer.exe
[2012/10/07 17:32:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\dds.com
[2012/10/07 17:23:55 | 000,000,000 | ---D | C] -- C:\WINNT\Profiles
[2012/10/07 17:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Desktop\Chameleon
[2012/10/05 18:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/02 16:42:54 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\hmc05\Desktop\rkill.exe
[2012/10/02 14:54:22 | 000,307,757 | ---- | C] (Farbar) -- C:\Documents and Settings\hmc05\Desktop\ListParts.exe
[2012/10/02 14:52:03 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\hmc05\Desktop\aswMBR.exe
[2012/10/02 12:15:32 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\hmc05\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/01 10:24:39 | 000,000,000 | ---D | C] -- C:\WINNT\Minidump
[2012/09/25 09:15:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies
[2012/09/25 09:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/09/25 09:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/25 09:04:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2012/09/24 10:03:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/24 10:03:38 | 000,000,000 | RHSD | C] -- \cmdcons
[2012/09/24 10:02:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2012/09/24 10:02:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2012/09/24 10:02:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2012/09/24 10:02:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2012/09/24 10:00:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/24 10:00:54 | 000,000,000 | ---D | C] -- \Qoobox
[2012/09/24 10:00:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hmc05\Start Menu\Programs\Administrative Tools
[2012/09/24 10:00:35 | 000,000,000 | ---D | C] -- C:\WINNT\erdnt
[2012/09/24 10:00:16 | 004,984,103 | R--- | C] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\ComboFix.exe
[2012/09/24 08:20:40 | 000,000,000 | ---D | C] -- H:\Windows Desktop Search

========== Files - Modified Within 30 Days ==========

[2012/10/19 18:07:55 | 000,000,472 | ---- | M] () -- C:\WINNT\SMSCFG.ini
[2012/10/19 18:06:36 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto-sleep.lnk
[2012/10/19 18:06:26 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2012/10/19 18:05:00 | 000,000,546 | ---- | M] () -- C:\WINNT\tasks\MATLAB R2012a Startup Accelerator.job
[2012/10/19 18:04:06 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2012/10/19 18:04:04 | 3163,807,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/19 17:43:00 | 000,000,978 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766UA.job
[2012/10/19 17:23:00 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
[2012/10/19 14:43:00 | 000,000,926 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766Core.job
[2012/10/18 14:39:12 | 004,984,103 | R--- | M] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\ComboFix.exe
[2012/10/18 14:33:47 | 000,002,312 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\Google Chrome.lnk
[2012/10/18 14:25:38 | 000,514,732 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2012/10/18 14:25:38 | 000,098,214 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2012/10/15 18:44:29 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\hmc05\Start Menu\Programs\Startup\ICTprintservice.lnk
[2012/10/15 18:02:23 | 000,158,300 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\RkU37300505.zip
[2012/10/15 09:58:05 | 000,577,220 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\GetSystemInfo_EE-HMC05_hmc05_2012_10_15_09_53_21.zip
[2012/10/15 09:53:09 | 000,708,960 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\hmc05\Desktop\GetSystemInfo.exe
[2012/10/11 15:50:38 | 000,307,757 | ---- | M] (Farbar) -- C:\Documents and Settings\hmc05\Desktop\ListParts.exe
[2012/10/11 15:47:21 | 000,694,287 | ---- | M] (Farbar) -- C:\Documents and Settings\hmc05\Desktop\FSS.exe
[2012/10/11 11:08:55 | 000,001,393 | ---- | M] () -- C:\WINNT\imsins.BAK
[2012/10/11 10:18:53 | 001,422,336 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\RogueKiller.exe
[2012/10/10 09:10:16 | 000,587,792 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2012/10/09 21:14:01 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINNT\PSEXESVC.EXE
[2012/10/09 21:11:31 | 000,000,855 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2012/10/09 21:11:13 | 000,023,392 | ---- | M] () -- C:\WINNT\System32\nscompat.tlb
[2012/10/09 21:11:13 | 000,016,832 | ---- | M] () -- C:\WINNT\System32\amcompat.tlb
[2012/10/09 20:51:56 | 000,001,936 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/10/09 20:51:01 | 005,345,461 | ---- | M] () -- H:\tweaking.com_windows_repair_aio_setup.exe
[2012/10/09 19:58:05 | 003,139,566 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\tweaking.com_windows_repair_aio.zip
[2012/10/08 21:54:33 | 000,000,042 | ---- | M] () -- C:\WINNT\PenTab.ini
[2012/10/08 21:54:27 | 000,000,205 | ---- | M] () -- C:\PanosePreferences.xml
[2012/10/08 19:45:45 | 002,322,184 | ---- | M] (ESET) -- H:\esetsmartinstaller_enu.exe
[2012/10/07 20:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hmc05\Desktop\OTL.exe
[2012/10/07 20:43:07 | 000,538,327 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\adwcleaner.exe
[2012/10/07 17:53:51 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- H:\SpyHunter-Installer.exe
[2012/10/07 17:32:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\dds.com
[2012/10/07 17:30:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\ptgkw35r.exe
[2012/10/07 17:20:38 | 001,440,846 | ---- | M] () -- H:\mbam-chameleon-1.62.1.1000.zip
[2012/10/04 16:41:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\hmc05\Desktop\aswMBR.exe
[2012/10/04 16:36:02 | 000,037,814 | ---- | M] () -- H:\MSO2057.acl
[2012/10/04 16:29:18 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.exe
[2012/10/02 17:23:13 | 000,004,322 | R-S- | M] () -- C:\Documents and Settings\hmc05\ntuser.pol
[2012/10/02 16:42:55 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\hmc05\Desktop\rkill.exe
[2012/10/02 16:35:15 | 001,678,240 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\rkill.com
[2012/10/02 16:31:53 | 002,193,278 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller (1).zip
[2012/10/02 16:30:59 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.zip
[2012/10/02 12:15:32 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\hmc05\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/02 11:59:55 | 000,000,019 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts_bak_571
[2012/09/24 12:15:32 | 000,001,796 | ---- | M] () -- C:\WINNT\SMSAdvancedClient.sccm2007ac-sp2-kb977384-x86-enu.mif
[2012/09/24 10:03:49 | 000,000,323 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2012/10/18 14:33:47 | 000,002,312 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\Google Chrome.lnk
[2012/10/18 14:33:29 | 000,000,978 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766UA.job
[2012/10/18 14:33:29 | 000,000,926 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766Core.job
[2012/10/15 18:02:22 | 000,158,300 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\RkU37300505.zip
[2012/10/15 09:54:42 | 000,577,220 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\GetSystemInfo_EE-HMC05_hmc05_2012_10_15_09_53_21.zip
[2012/10/09 20:51:56 | 000,001,936 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/10/09 20:50:52 | 005,345,461 | ---- | C] () -- H:\tweaking.com_windows_repair_aio_setup.exe
[2012/10/09 20:41:27 | 000,290,304 | ---- | C] () -- \subinacl.exe
[2012/10/09 20:34:06 | 000,018,944 | ---- | C] () -- C:\WINNT\System32\dllcache\xrxscnui.dll
[2012/10/09 20:34:04 | 000,027,648 | ---- | C] () -- C:\WINNT\System32\dllcache\xrxftplt.exe
[2012/10/09 20:26:10 | 000,033,280 | ---- | C] () -- C:\WINNT\System32\dllcache\psisrndr.ax
[2012/10/09 20:26:08 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\dllcache\psisdecd.dll
[2012/10/09 20:23:15 | 000,056,832 | ---- | C] () -- C:\WINNT\System32\dllcache\msdvbnp.ax
[2012/10/09 20:20:18 | 000,165,888 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt53.dll
[2012/10/09 20:20:15 | 000,093,696 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt42.dll
[2012/10/09 20:20:12 | 000,101,376 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt34.dll
[2012/10/09 20:20:09 | 000,089,088 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt33.dll
[2012/10/09 20:20:07 | 000,083,968 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt21.dll
[2012/10/09 20:17:50 | 000,029,768 | ---- | C] () -- C:\WINNT\System32\dllcache\divasu.dll
[2012/10/09 20:17:49 | 000,037,962 | ---- | C] () -- C:\WINNT\System32\dllcache\divaprop.dll
[2012/10/09 20:17:48 | 000,006,216 | ---- | C] () -- C:\WINNT\System32\dllcache\divaci.dll
[2012/10/09 20:16:10 | 000,026,624 | ---- | C] () -- C:\WINNT\System32\dllcache\ativxbar.sys
[2012/10/09 20:16:10 | 000,023,552 | ---- | C] () -- C:\WINNT\System32\dllcache\atixbar.sys
[2012/10/09 20:16:09 | 000,019,456 | ---- | C] () -- C:\WINNT\System32\dllcache\ativttxx.sys
[2012/10/09 20:16:08 | 000,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitvsnd.sys
[2012/10/09 20:16:08 | 000,009,472 | ---- | C] () -- C:\WINNT\System32\dllcache\ativmdcd.sys
[2012/10/09 20:16:07 | 000,049,920 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtcap.sys
[2012/10/09 20:16:07 | 000,026,880 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtsnd.sys
[2012/10/09 20:16:07 | 000,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitunep.sys
[2012/10/09 20:16:06 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\dllcache\atipcxxx.sys
[2012/10/09 20:16:01 | 000,046,464 | ---- | C] () -- C:\WINNT\System32\dllcache\atibt829.sys
[2012/10/09 19:57:57 | 003,139,566 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\tweaking.com_windows_repair_aio.zip
[2012/10/08 21:54:33 | 000,000,042 | ---- | C] () -- C:\WINNT\PenTab.ini
[2012/10/08 21:54:27 | 000,000,205 | ---- | C] () -- C:\PanosePreferences.xml
[2012/10/08 21:54:27 | 000,000,205 | ---- | C] () -- \PanosePreferences.xml
[2012/10/07 20:43:04 | 000,538,327 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\adwcleaner.exe
[2012/10/07 17:30:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\ptgkw35r.exe
[2012/10/07 17:19:18 | 001,440,846 | ---- | C] () -- H:\mbam-chameleon-1.62.1.1000.zip
[2012/10/04 16:36:02 | 000,037,814 | ---- | C] () -- H:\MSO2057.acl
[2012/10/02 16:35:13 | 001,678,240 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\rkill.com
[2012/10/02 16:31:53 | 002,193,278 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller (1).zip
[2012/10/02 16:30:58 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.zip
[2012/10/02 11:46:39 | 001,422,336 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\RogueKiller.exe
[2012/09/25 09:15:23 | 3163,807,744 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/25 09:15:23 | 3163,807,744 | -HS- | C] () -- \hiberfil.sys
[2012/09/24 10:03:49 | 000,000,207 | ---- | C] () -- C:\Boot.bak
[2012/09/24 10:03:49 | 000,000,207 | ---- | C] () -- \Boot.bak
[2012/09/24 10:03:43 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2012/09/24 10:03:43 | 000,260,272 | R-S- | C] () -- \cmldr
[2012/09/24 10:02:17 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2012/09/24 10:02:17 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2012/09/24 10:02:17 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2012/09/24 10:02:17 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2012/09/24 10:02:17 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2012/02/17 05:22:17 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\iacenc.dll
[2011/11/27 23:36:48 | 000,018,982 | ---- | C] () -- C:\Documents and Settings\hmc05\untitled0_MAS.bak
[2010/10/04 14:28:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\myinfo7
[2010/09/27 17:16:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\standby2
[2010/09/17 05:44:11 | 000,012,768 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/02/12 00:28:22 | 000,020,235 | ---- | C] () -- \history.temp
[2010/02/01 14:25:51 | 000,040,817 | ---- | C] () -- \DetRes_L_fix_2D_reverse.swf
[2009/11/17 15:59:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\myinfo4
[2009/11/17 15:59:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\ictsd1
[2009/11/17 15:59:09 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\hmc05\webct_upload_applet.properties
[2009/11/17 15:59:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\standby1
[2009/11/17 15:59:07 | 000,004,322 | R-S- | C] () -- C:\Documents and Settings\hmc05\ntuser.pol
[2009/11/17 13:19:28 | 000,052,119 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/11/17 13:17:36 | 000,000,000 | R-S- | C] () -- \MSDOS.SYS
[2009/11/17 13:17:36 | 000,000,000 | R-S- | C] () -- \IO.SYS
[2009/11/17 12:54:44 | 000,000,512 | --S- | C] () -- \BOOTSECT.DOS
[1980/01/01 01:00:00 | 000,250,048 | RHS- | C] () -- \ntldr
[1980/01/01 01:00:00 | 000,047,564 | RHS- | C] () -- \NTDETECT.COM
[1980/01/01 01:00:00 | 000,000,323 | RHS- | C] () -- \boot.ini

========== ZeroAccess Check ==========

[2009/11/17 12:29:00 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >
 
Also, I just noticed that Firefox had been installed all along. It seems to be able to access hotmail.com with no problems at all. Weird.
 
Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

  • Double-click the Setup file to install it on your computer.
  • Once it has installed, review and accept the agreement and press the Start button.
  • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
    image1nz.png
  • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
    image2pmb.png
  • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
    image3vd.png
  • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
  • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
    image5mf.png
  • Then, choose Save. Also, in the Automatic Report tab, select Save:
    image4vy.png
  • Please post the reports in your next reply.
  • Once you exit, the tool should uninstall automatically.
 
The "Disinfect All" button is greyed out, but the first log is pasted below (The Automatic Report seems to be absolutely gigantic... not sure if it's going to save successfully).

Status: Vulnerability (events: 8)
22/10/2012 10:31:07 Vulnerability vulnerability http://www.securelist.com/en/advisories/50949 C:\Program Files\Java\jre6\bin\java.exe Low
22/10/2012 11:42:09 Vulnerability vulnerability http://www.securelist.com/en/advisories/0 C:\WINNT\system32\msxml4.dll Low
22/10/2012 11:43:08 Vulnerability vulnerability http://www.securelist.com/en/advisories/50283 C:\WINNT\system32\Adobe\Shockwave 11\SwInit.exe Low
22/10/2012 11:48:14 Vulnerability vulnerability http://www.securelist.com/en/advisories/50876 C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll Low
22/10/2012 11:52:26 Vulnerability vulnerability http://www.securelist.com/en/advisories/47447 c:\Program Files\QuickTime\QuickTimePlayer.exe Low
22/10/2012 11:55:51 Vulnerability vulnerability http://www.securelist.com/en/advisories/50949 c:\Program Files\Java\jre6\bin\java.exe Low
22/10/2012 11:58:06 Vulnerability vulnerability http://www.securelist.com/en/advisories/38852 c:\Program Files\Reference Manager 11\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache.exe Low
22/10/2012 12:00:08 Vulnerability vulnerability http://www.securelist.com/en/advisories/50283 c:\WINNT\system32\Adobe\Shockwave 11\SwInit.exe Low
 
The Automatic Report is about 193Mb... I'll wait for your confirmation as to whether I should upload it.

I do remember that my java updates stopped working ages ago and I was never able to fix it. Not sure if that might be relevant.
 
Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
 
When I run the program, I don't see what your instructions suggest. There's no "Express Scan of your PC" notice. I can't find any kind of Options tab. There's basically just a big "Start" button.

When I click Start, nothing seems to happen for a minute or two, then an advert pops up, offering me the full version. I close the advert and nothing seems to happen after that...
 
The result seems to be the same - nothing seems to be happening. (I left the last scan running for 12 hours overnight to see if it would do anything, but it was still frozen when I came back).
 
Please download Norman Malware Cleaner and save to your desktop.
alternate download link
  • Double-click on Norman_Malware_Cleaner.exe to start the program.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot and run the tool again to ensure that all infections are removed.
  • After the scan has finished, a log file with the date (I.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
Note: For usb flash drives and/or other removable drives to scan, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
 
The scan seemed to run and then the program crashed at the end. Luckily the log was saved:




Norman Malware Cleaner v2.06.01
Copyright © 1990 - 2012, Norman ASA.

Norman Scanner Engine Version: 7.00.12
nvcbin.def: Version: 7.00.1591, Date: 2012/10/25 06:12:39, Variants: 15654090
nvcmacro.def: Version: 0.00.00, Date: 1970/01/01 00:00:00, Variants: 0

Operating System: Windows XP Service Pack 3

Switches: /iagree /nosb

Scan started: 2012/10/25 16:57:10

Running pre-scan cleanup routine...
Potentially unwanted registry value: 'HKLM\SOFTWARE\Microsoft\Security Center --> FirewallDisableNotify = 0x00000001'
Modify registry value: HKLM\SOFTWARE\Microsoft\Security Center --> FirewallDisableNotify from '0x00000001' to '0'
Cleaning successful
Potentially unwanted registry value: 'HKLM\SOFTWARE\Microsoft\Security Center --> UpdatesDisableNotify = 0x00000001'
Modify registry value: HKLM\SOFTWARE\Microsoft\Security Center --> UpdatesDisableNotify from '0x00000001' to '0'
Cleaning successful

Number of malicious objects found: 2
Number of malicious objects cleaned: 2
Scanning time: 0s

Scanning system for active rootkit activity...
Rootkit infection detected (W32/rootkit!LockedService)
Enable rootkit cleaning from the options menu to attempt to clean the system

Number of malicious objects found: 1
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 1939
Number of objects scanned: 1939
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 31s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running quick scan...
C:\WINNT\System32\drivers\sptd.sys: Error opening file for read: 0x00000020

Number of files found: 3015
Number of archives unpacked: 7
Number of objects found: 3263
Number of objects scanned: 3262
Number of objects not scanned: 1
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 1m 31s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Results:
Total number of files found: 3015
Total number of archives unpacked: 7
Total number of objects found: 5202
Total number of objects scanned: 5201
Total number of objects not scanned: 1
Total number of malicious objects found: 3
Total number of malicious objects cleaned: 2
Total number of malicious files found: 0
Total number of malicious files cleaned: 0
Total number of objects quarantined: 2
Total scanning time: 2m 2s
 
Scanning system for active rootkit activity...
Rootkit infection detected (W32/rootkit!LockedService)
Enable rootkit cleaning from the options menu to attempt to clean the system
Click to expand...
Please run the Cleaning utility again, select Rootkit Cleaning from the options menu, and re-scan. Post log once done, as before.
 
Norman Malware Cleaner v2.06.01
Copyright © 1990 - 2012, Norman ASA.

Norman Scanner Engine Version: 7.00.12
nvcbin.def: Version: 7.00.1591, Date: 2012/10/25 06:12:39, Variants: 15654090
nvcmacro.def: Version: 0.00.00, Date: 1970/01/01 00:00:00, Variants: 0

Operating System: Windows XP Service Pack 3

Switches: /iagree /cleanrootkit /nosb

Scan started: 2012/10/25 17:37:16

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Scanning system for active rootkit activity...
Rootkit infection detected (W32/rootkit!LockedService)
Cleaning successful
Successfully cleaned rootkit (W32/rootkit!LockedService)
Reboot required to complete cleaning process (W32/rootkit!LockedService)

Number of malicious objects found: 1
Number of malicious objects cleaned: 1
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 1961
Number of objects scanned: 1961
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 23s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running quick scan...
C:\WINNT\System32\drivers\sptd.sys: Error opening file for read: 0x00000020

Number of files found: 3017
Number of archives unpacked: 7
Number of objects found: 3265
Number of objects scanned: 3264
Number of objects not scanned: 1
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 53s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Results:
Total number of files found: 3017
Total number of archives unpacked: 7
Total number of objects found: 5226
Total number of objects scanned: 5225
Total number of objects not scanned: 1
Total number of malicious objects found: 1
Total number of malicious objects cleaned: 1
Total number of malicious files found: 0
Total number of malicious files cleaned: 0
Total number of objects quarantined: 0
Total scanning time: 1m 16s
 
The program crashed again at the end of the scan (after producing the log). So I tried running it again and the same rootkit infection is still detected.
 
SpiderKill Rootkit Scanner

Please download SpiderKill by DragonMaster Jay and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.
 
SpiderKill by DragonMaster Jay


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************




***********************Hidden Drivers********************


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 408 Normal C:\WINNT\System32\smss.exe
csrss.exe 460 Normal C:\WINNT\system32\csrss.exe
winlogon.exe 484 High C:\WINNT\system32\winlogon.exe
services.exe 528 Normal C:\WINNT\system32\services.exe
lsass.exe 540 Normal C:\WINNT\system32\lsass.exe
svchost.exe 716 Normal C:\WINNT\system32\svchost.exe
svchost.exe 768 Normal C:\WINNT\system32\svchost.exe
svchost.exe 836 Normal C:\WINNT\System32\svchost.exe
Smc.exe 924 Normal C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe 976 Normal C:\WINNT\system32\svchost.exe
svchost.exe 1020 Normal C:\WINNT\system32\svchost.exe
ccSvcHst.exe 1088 Normal C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
spoolsv.exe 1276 Normal C:\WINNT\system32\spoolsv.exe
svchost.exe 1768 Normal C:\WINNT\System32\svchost.exe
jqs.exe 1792 Idle C:\Program Files\Java\jre6\bin\jqs.exe
mdm.exe 1836 Normal C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
sqlservr.exe 1908 Normal c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
svchost.exe 2012 Normal C:\WINNT\System32\svchost.exe
svchost.exe 2028 Normal C:\WINNT\System32\svchost.exe
PRISMXL.SYS 144 Normal C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
sqlwriter.exe 220 Normal c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe 312 Normal C:\WINNT\system32\svchost.exe
Rtvscan.exe 376 Normal C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
SearchIndexer.exe 804 Normal C:\WINNT\system32\SearchIndexer.exe
CcmExec.exe 1104 Normal C:\WINNT\system32\CCM\CcmExec.exe
wuauclt.exe 1444 Normal C:\WINNT\system32\wuauclt.exe
WMPNetwk.exe 1560 Normal C:\Program Files\Windows Media Player\WMPNetwk.exe
msiexec.exe 2260 Normal C:\WINNT\system32\msiexec.exe
wmiprvse.exe 2372 Normal C:\WINNT\system32\wbem\wmiprvse.exe
wmiprvse.exe 2552 Normal C:\WINNT\system32\wbem\wmiprvse.exe
alg.exe 2816 Normal C:\WINNT\System32\alg.exe
Explorer.EXE 3656 Normal C:\WINNT\Explorer.EXE
SmcGui.exe 3728 Normal C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
igfxtray.exe 3188 Normal C:\WINNT\system32\igfxtray.exe
igfxsrvc.exe 3244 Normal C:\WINNT\system32\igfxsrvc.exe
hkcmd.exe 2360 Normal C:\WINNT\system32\hkcmd.exe
igfxpers.exe 3352 Normal C:\WINNT\system32\igfxpers.exe
smax4pnp.exe 3508 Normal C:\Program Files\Analog Devices\Core\smax4pnp.exe
ctfmon.exe 3776 Normal C:\WINNT\system32\ctfmon.exe
auto-sleep.exe 3948 Normal C:\Program Files\Imperial College London\Auto-sleep\auto-sleep.exe
WindowsSearch.exe 4016 Normal C:\Program Files\Windows Desktop Search\WindowsSearch.exe
ONENOTEM.EXE 1048 Normal C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
firefox.exe 2820 Normal C:\Program Files\Mozilla Firefox\firefox.exe
plugin-container.exe 3472 Normal C:\Program Files\Mozilla Firefox\plugin-container.exe
SearchProtocolHost.exe 2344 Below Normal C:\WINNT\system32\SearchProtocolHost.exe
SearchFilterHost.exe 3024 Below Normal C:\WINNT\system32\SearchFilterHost.exe
wmiprvse.exe 3600 Normal C:\WINNT\system32\wbem\wmiprvse.exe
SearchProtocolHost.exe 2980 Below Normal C:\WINNT\system32\SearchProtocolHost.exe
cmd.exe 2532 Normal C:\WINNT\system32\cmd.exe
processes.exe 3716 Normal C:\Documents and Settings\hmc05\Desktop\SpiderKill\processes.exe


*********************Modules of explorer.exe and svchost.exe*******************
Module information for 'Explorer.EXE'(3656)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINNT\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINNT\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
SHDOCVW.dll 7e290000 1511424 C:\WINNT\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINNT\system32\CRYPT32.dll 5.131.2600.6237 (xpsp_sp3_gdr.120530-1718) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINNT\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINNT\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINNT\system32\NETAPI32.dll 5.1.2600.6260 (xpsp_sp3_gdr.120706-1619) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINNT\system32\WININET.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINNT\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1257472 C:\WINNT\system32\urlmon.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 2011136 C:\WINNT\system32\iertutil.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINNT\system32\WINTRUST.dll 5.131.2600.6285 (xpsp_sp3_gdr.120824-1617) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINNT\system32\IMAGEHLP.dll 5.1.2600.6198 (xpsp_sp3_gdr.120229-1643) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINNT\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINNT\system32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
msctfime.ime 755c0000 188416 C:\WINNT\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINNT\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINNT\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINNT\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
AcSignIcon.dll 55df0000 53248 C:\WINNT\system32\AcSignIcon.dll 17.1.51.0 AutoCAD component
MFC80U.DLL 782e0000 1110016 C:\WINNT\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80U.DLL 8.00.50727.6195 MFCDLL Shared Library - Retail Version
MSVCR80.dll d60000 634880 C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll 8.00.50727.6195 Microsoft® C Runtime Library
MFC80ENU.DLL 5d360000 57344 C:\WINNT\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL 8.00.50727.6195 MFC Language Specific Resources
cscui.dll 77a20000 344064 C:\WINNT\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINNT\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINNT\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINNT\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1100000 2904064 C:\WINNT\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
actxprxy.dll 71d40000 110592 C:\WINNT\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
deskbar.dll 15d0000 606208 C:\Program Files\Windows Desktop Search\deskbar.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search Deskbar extension
mlang.dll 75cf0000 593920 C:\WINNT\system32\mlang.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
dbres.dll.mui 10000000 16384 C:\Program Files\Windows Desktop Search\en-us\dbres.dll.mui 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search component
dbres.dll 1670000 90112 C:\Program Files\Windows Desktop Search\dbres.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search component
wordwheel.dll 16e0000 606208 C:\Program Files\Windows Desktop Search\wordwheel.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search component
WTSAPI32.dll 76f50000 32768 C:\WINNT\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINNT\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
msnlExtRes.dll.mui 1790000 32768 C:\Program Files\Windows Desktop Search\en-us\msnlExtRes.dll.mui 7.0.6001.16503 (longhorn(wmbla).080526-2159) Search Results View Resources
msnlExtRes.dll 17a0000 618496 C:\Program Files\Windows Desktop Search\msnlExtRes.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Search Results View Resources
msxml3.dll 74980000 1191936 C:\WINNT\system32\msxml3.dll 8.100.1053.0 MSXML 3.0 SP10
ws2_32.dll 71ab0000 94208 C:\WINNT\system32\ws2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINNT\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
msutb.dll 5fc10000 208896 C:\WINNT\system32\msutb.dll 5.1.2600.5512 (xpsp.080413-2105) MSUTB Server DLL
MSCTF.dll 74720000 311296 C:\WINNT\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
LINKINFO.dll 76980000 32768 C:\WINNT\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
ntshrui.dll 76990000 151552 C:\WINNT\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINNT\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
ieframe.dll 3e1c0000 11124736 C:\WINNT\system32\ieframe.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) Internet Explorer
SETUPAPI.dll 77920000 995328 C:\WINNT\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
MPR.dll 71b20000 73728 C:\WINNT\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
netshell.dll 76400000 1724416 C:\WINNT\System32\netshell.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINNT\System32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINNT\System32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINNT\System32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINNT\System32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINNT\System32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
eappcfg.dll 745b0000 139264 C:\WINNT\System32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINNT\System32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINNT\System32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINNT\System32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
webcheck.dll 2960000 249856 C:\WINNT\system32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
stobject.dll 76280000 135168 C:\WINNT\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINNT\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINNT\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
WPDShServiceObj.dll 164a0000 143360 C:\WINNT\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINNT\system32\WINHTTP.dll 5.1.2600.6175 (xpsp_sp3_gdr.111116-1647) Windows HTTP Services
wdmaud.drv 72d20000 36864 C:\WINNT\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
mydocs.dll 72410000 106496 C:\WINNT\system32\mydocs.dll 6.00.2900.5512 (xpsp.080413-2105) My Documents Folder UI
PortableDeviceTypes.dll 109c0000 180224 C:\WINNT\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
msacm32.drv 72d10000 32768 C:\WINNT\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINNT\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
PortableDeviceApi.dll 10930000 299008 C:\WINNT\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
msi.dll 7d1e0000 2867200 C:\WINNT\system32\msi.dll 3.1.4001.5512 Windows Installer
rsaenh.dll 68000000 221184 C:\WINNT\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
SnacNp.dll 60f80000 24576 C:\Program Files\Symantec\Symantec Endpoint Protection\SnacNp.dll 11.0.6000.426 Symantec Network Provider
PSAPI.DLL 76bf0000 45056 C:\WINNT\system32\PSAPI.DLL 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
drprov.dll 75f60000 28672 C:\WINNT\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINNT\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINNT\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINNT\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINNT\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
SAMLIB.dll 71bf0000 77824 C:\WINNT\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
davclnt.dll 75f70000 40960 C:\WINNT\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
mslbui.dll 605d0000 36864 C:\WINNT\system32\mslbui.dll 5.1.2600.5512 (xpsp.080413-2105) LangageBar Add In
MSNLNamespaceMgr.dll 2280000 315392 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 7.00.6001.18260 (vistasp1_gdr_oobsvc.090524-1500) Windows Search Namespace Manager
wzshlstb.dll bc0000 24576 C:\Program Files\WinZip\wzshlstb.dll 4.1 (32-bit) WinZip Shell Extension DLL
DWFShellExtension.dll 67900000 1908736 C:\Program Files\Common Files\Autodesk Shared\DWF Common\DWFShellExtension.dll 1.3.0.15 Autodesk DWF ShellExtension Module
dwfcore_wt.1.6.0.dll 67b20000 741376 C:\Program Files\Common Files\Autodesk Shared\DWF Common\dwfcore_wt.1.6.0.dll 1.6.0.52 DWF Core Library
MSVCR90.dll 78520000 667648 C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll 9.00.30729.6161 Microsoft® C Runtime Library
MSVCP90.dll 78480000 581632 C:\WINNT\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll 9.00.30729.6161 Microsoft® C++ Runtime Library
dwftk_wt.7.6.0.dll 67720000 1839104 C:\Program Files\Common Files\Autodesk Shared\DWF Common\dwftk_wt.7.6.0.dll 7.6.0.52 DWF Toolkit
w3dtk_wt.1.6.1555.dll 675f0000 860160 C:\Program Files\Common Files\Autodesk Shared\DWF Common\w3dtk_wt.1.6.1555.dll 1.5.1555.52 W3D Toolkit for DWF
whiptk_wt.7.12.601.dll 674f0000 765952 C:\Program Files\Common Files\Autodesk Shared\DWF Common\whiptk_wt.7.12.601.dll 7.11.601.52 whiptk
WINSPOOL.DRV 73000000 155648 C:\WINNT\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
COMDLG32.dll 763b0000 299008 C:\WINNT\system32\COMDLG32.dll 6.00.2900.5512 (xpsp.080413-2105) Common Dialogs DLL
DWFShellExtensionRes.dll 673c0000 45056 C:\Program Files\Common Files\Autodesk Shared\DWF Common\en-US\DWFShellExtensionRes.dll 1.3.0.15 Autodesk DWF ShellExtensionRes Module
vpshell2.dll 68340000 77824 C:\Program Files\Symantec\Symantec Endpoint Protection\vpshell2.dll 11.0.6070.422 Symantec AntiVirus
MSVCP80.dll 7c420000 552960 C:\WINNT\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll 8.00.50727.6195 Microsoft® C++ Runtime Library
ccL608.dll 6aa70000 630784 C:\Program Files\Common Files\Symantec Shared\ccL608.dll 106.5.1.6 Symantec Library
VpShellRes.dll 68330000 12288 C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\VpShellRes.dll 11.0.6070.422 Symantec AntiVirus
browselc.dll 71600000 73728 C:\WINNT\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
msohevi.dll 6bd10000 65536 C:\Program Files\Microsoft Office\Office12\msohevi.dll 12.0.6413.1000 2007 Microsoft Office component
AcShellExtension.dll 55ee0000 110592 C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll 17.1.51.0 AutoCAD Dwg common shell extension handler
ATL80.DLL 7c630000 110592 C:\WINNT\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL 8.00.50727.6195 ATL Module for Windows (Unicode)
ShellXP.dll 66270000 249856 c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll 14.0.0.701 Windows XP Shell Extension
FileInfoProvider.dll 65750000 606208 c:\Program Files\Common Files\Corel\Shared\Shell Extension\FileInfoProvider.dll 14.0.0.701 Windows XP Shell Extension
gdiplus.dll 4ec50000 1748992 C:\WINNT\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll 5.2.6002.22791 (vistasp2_ldr.120203-0237) Microsoft GDI+
PDFShell.dll 3670000 405504 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 10.1.4.38 PDF Shell Extension
MSISIP.DLL 605f0000 28672 C:\WINNT\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINNT\system32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows Script Host
MCPS.DLL 36d30000 102400 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.5510 Media Catalog Proxy/Stub
xapauthenticodesip.dll 2270000 65536 C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll 5.1.10411.0 5.1.10411.0

Module information for 'svchost.exe'(716)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINNT\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINNT\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINNT\system32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINNT\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINNT\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
rpcss.dll 76a80000 409600 c:\winnt\system32\rpcss.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Distributed COM Services
WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
xpsp2res.dll 6e0000 2904064 C:\WINNT\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
CLBCATQ.DLL 76fd0000 520192 C:\WINNT\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINNT\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
termsrv.dll 760f0000 339968 c:\winnt\system32\termsrv.dll 5.1.2600.5512 (xpsp.080413-2111) Terminal Server Service
ICAAPI.dll 74f70000 24576 c:\winnt\system32\ICAAPI.dll 5.1.2600.5512 (xpsp.080413-2111) DLL Interface to TermDD Device Driver
SETUPAPI.dll 77920000 995328 c:\winnt\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
WINTRUST.dll 76c30000 188416 c:\winnt\system32\WINTRUST.dll 5.131.2600.6285 (xpsp_sp3_gdr.120824-1617) Microsoft Trust Verification APIs
CRYPT32.dll 77a80000 610304 c:\winnt\system32\CRYPT32.dll 5.131.2600.6237 (xpsp_sp3_gdr.120530-1718) Crypto API32
MSASN1.dll 77b20000 73728 c:\winnt\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
IMAGEHLP.dll 76c90000 163840 C:\WINNT\system32\IMAGEHLP.dll 5.1.2600.6198 (xpsp_sp3_gdr.120229-1643) Windows NT Image Helper
AUTHZ.dll 776c0000 73728 c:\winnt\system32\AUTHZ.dll 5.1.2600.5512 (xpsp.080413-2113) Authorization Framework
mstlsapi.dll 75110000 126976 c:\winnt\system32\mstlsapi.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft® Terminal Server Licensing
ACTIVEDS.dll 77cc0000 204800 c:\winnt\system32\ACTIVEDS.dll 5.1.2600.5512 (xpsp.080413-2113) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 c:\winnt\system32\adsldpc.dll 5.1.2600.5512 (xpsp.080413-2113) ADs LDAP Provider C DLL
NETAPI32.dll 5b860000 348160 c:\winnt\system32\NETAPI32.dll 5.1.2600.6260 (xpsp_sp3_gdr.120706-1619) Net Win32 API DLL
ATL.DLL 76b20000 69632 c:\winnt\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
REGAPI.dll 76bc0000 61440 C:\WINNT\system32\REGAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Registry Configuration APIs
rsaenh.dll 68000000 221184 C:\WINNT\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
rdpwsx.dll 72460000 98304 C:\WINNT\system32\rdpwsx.dll 5.1.2600.5512 (xpsp.080413-2111) RDP Extension DLL
WINSPOOL.DRV 73000000 155648 C:\WINNT\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
Apphelp.dll 77b40000 139264 C:\WINNT\system32\Apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
Module information for 'svchost.exe'(768)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINNT\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINNT\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINNT\system32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
rpcss.dll 76a80000 409600 c:\winnt\system32\rpcss.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Distributed COM Services
WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
xpsp2res.dll 6e0000 2904064 C:\WINNT\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
rsaenh.dll 68000000 221184 C:\WINNT\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
mswsock.dll 71a50000 258048 C:\WINNT\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINNT\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINNT\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
DNSAPI.dll 76f20000 159744 C:\WINNT\system32\DNSAPI.dll 5.1.2600.6089 (xpsp_sp3_gdr.110302-1625) DNS Client API DLL
iphlpapi.dll 76d60000 102400 C:\WINNT\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
winrnr.dll 76fb0000 32768 C:\WINNT\System32\winrnr.dll 5.1.2600.5512 (xpsp.080413-2113) LDAP RnR Provider DLL
WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
rasadhlp.dll 76fc0000 24576 C:\WINNT\system32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
CLBCATQ.DLL 76fd0000 520192 C:\WINNT\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINNT\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
msi.dll 7d1e0000 2867200 C:\WINNT\system32\msi.dll 3.1.4001.5512 Windows Installer
Module information for 'svchost.exe'(836)
MODULE BASE SIZE PATH
 
Svchost.exe 1000000 24576 C:\WINNT\System32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINNT\System32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINNT\System32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
MSACM32.dll 77be0000 86016 C:\WINNT\System32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINNT\System32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINNT\System32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINNT\System32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINNT\System32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINNT\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
xpsp2res.dll 6e0000 2904064 C:\WINNT\System32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
shsvcs.dll 776e0000 143360 c:\winnt\system32\shsvcs.dll 6.00.2900.5853 (xpsp_sp3_gdr.090727-1736) Windows Shell Services Dll
WINSTA.dll 76360000 65536 C:\WINNT\System32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
NETAPI32.dll 5b860000 348160 C:\WINNT\System32\NETAPI32.dll 5.1.2600.6260 (xpsp_sp3_gdr.120706-1619) Net Win32 API DLL
es.dll 77710000 278528 c:\winnt\system32\es.dll 2001.12.4414.706 2001.12.4414.706
WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
COMRes.dll 77050000 806912 c:\winnt\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
wtsapi32.dll 76f50000 32768 C:\WINNT\System32\wtsapi32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
rsaenh.dll 68000000 221184 C:\WINNT\System32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
CLBCATQ.DLL 76fd0000 520192 C:\WINNT\System32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
sens.dll 722d0000 53248 c:\winnt\system32\sens.dll 5.1.2600.5512 (xpsp.080413-2108) System Event Notification Service (SENS)
dhcpcsvc.dll 7d4b0000 139264 c:\winnt\system32\dhcpcsvc.dll 5.1.2600.5512 (xpsp.080413-0852) DHCP Client Service
DNSAPI.dll 76f20000 159744 c:\winnt\system32\DNSAPI.dll 5.1.2600.6089 (xpsp_sp3_gdr.110302-1625) DNS Client API DLL
iphlpapi.dll 76d60000 102400 c:\winnt\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
mswsock.dll 71a50000 258048 C:\WINNT\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINNT\System32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINNT\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
wzcsvc.dll 7db10000 573440 c:\winnt\system32\wzcsvc.dll 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration Service
rtutils.dll 76e80000 57344 c:\winnt\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
WMI.dll 76d30000 16384 c:\winnt\system32\WMI.dll 5.1.2600.5512 (xpsp.080413-2113) WMI DC and DP functionality
CRYPT32.dll 77a80000 610304 c:\winnt\system32\CRYPT32.dll 5.131.2600.6237 (xpsp_sp3_gdr.120530-1718) Crypto API32
MSASN1.dll 77b20000 73728 c:\winnt\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
EapolQec.dll 72810000 45056 c:\winnt\system32\EapolQec.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPOL NAP Enforcement Client
ATL.DLL 76b20000 69632 c:\winnt\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
QUtil.dll 726c0000 90112 c:\winnt\system32\QUtil.dll 5.1.2600.5512 (xpsp.080413-0852) Quarantine Utilities
MSVCP60.dll 76080000 413696 c:\winnt\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
dot3api.dll 478c0000 40960 c:\winnt\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
ESENT.dll 606b0000 1101824 c:\winnt\system32\ESENT.dll 5.1.2600.5512 (xpsp.080413-2113) Server Database Storage Engine
SymRasMan.dll 60f10000 139264 C:\Program Files\Symantec\Symantec Endpoint Protection\SymRasMan.dll 11.0.6000.426 Symantec Network Access Control
rastls.dll 76b70000 159744 c:\winnt\system32\rastls.dll 5.1.2600.5886 (xpsp_sp3_gdr.091012-1253) Remote Access PPP EAP-TLS
CRYPTUI.dll 754d0000 524288 C:\WINNT\System32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
WININET.dll 3d930000 942080 C:\WINNT\system32\WININET.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) Internet Extensions for Win32
Normaliz.dll d20000 36864 C:\WINNT\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1257472 C:\WINNT\system32\urlmon.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 2011136 C:\WINNT\system32\iertutil.dll 8.00.6001.19328 (longhorn_ie8_gdr.120824-1715) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINNT\System32\WINTRUST.dll 5.131.2600.6285 (xpsp_sp3_gdr.120824-1617) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINNT\system32\IMAGEHLP.dll 5.1.2600.6198 (xpsp_sp3_gdr.120229-1643) Windows NT Image Helper
MPRAPI.dll 76d40000 98304 C:\WINNT\System32\MPRAPI.dll 5.1.2600.5512 (xpsp.080413-0852) Windows NT MP Router Administration DLL
ACTIVEDS.dll 77cc0000 204800 C:\WINNT\System32\ACTIVEDS.dll 5.1.2600.5512 (xpsp.080413-2113) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINNT\System32\adsldpc.dll 5.1.2600.5512 (xpsp.080413-2113) ADs LDAP Provider C DLL
SETUPAPI.dll 77920000 995328 C:\WINNT\System32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
RASAPI32.dll 76ee0000 245760 C:\WINNT\System32\RASAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access API
rasman.dll 76e90000 73728 C:\WINNT\System32\rasman.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINNT\System32\TAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft® Windows(TM) Telephony API Client DLL
SCHANNEL.dll 767f0000 167936 C:\WINNT\System32\SCHANNEL.dll 5.1.2600.6239 (xpsp_sp3_gdr.120601-1620) TLS / SSL Security Provider
WinSCard.dll 723d0000 114688 C:\WINNT\System32\WinSCard.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft Smart Card API
PSAPI.DLL 76bf0000 45056 C:\WINNT\System32\PSAPI.DLL 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
RasSymEap.dll 60fe0000 81920 C:\Program Files\Symantec\Symantec Endpoint Protection\RasSymEap.dll 11.0.6000.426 Symantec 802.1x Transparent Mode
Cryptdll.dll 76790000 49152 C:\WINNT\System32\Cryptdll.dll 5.1.2600.5512 (xpsp.080413-2113) Cryptography Manager
raschap.dll 76bd0000 90112 C:\WINNT\System32\raschap.dll 5.1.2600.5886 (xpsp_sp3_gdr.091012-1253) Remote Access PPP CHAP
msv1_0.dll 77c70000 151552 C:\WINNT\system32\msv1_0.dll 5.1.2600.5876 (xpsp_sp3_gdr.090909-1234) Microsoft Authentication Package v1.0
schedsvc.dll 77300000 208896 c:\winnt\system32\schedsvc.dll 5.1.2600.5512 (xpsp.080413-2108) Task Scheduler Engine
NTDSAPI.dll 767a0000 77824 c:\winnt\system32\NTDSAPI.dll 5.1.2600.5512 (xpsp.080413-2113) NT5DS
MSIDLE.DLL 74f50000 20480 C:\WINNT\System32\MSIDLE.DLL 6.00.2900.5512 (xpsp.080413-2105) User Idle Monitor
audiosrv.dll 708b0000 53248 c:\winnt\system32\audiosrv.dll 5.1.2600.5512 (xpsp.080413-0845) Windows Audio Service
wkssvc.dll 76e40000 143360 c:\winnt\system32\wkssvc.dll 5.1.2600.5826 (xpsp_sp3_gdr.090609-1434) Workstation Service DLL
cryptsvc.dll 76ce0000 73728 c:\winnt\system32\cryptsvc.dll 5.1.2600.5512 (xpsp.080413-2113) Cryptographic Services
certcli.dll 77b90000 204800 c:\winnt\system32\certcli.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft® Certificate Services Client
dmserver.dll 74f90000 36864 c:\winnt\system32\dmserver.dll 2600.5512.503.0 Logical Disk Manager service dll
pchsvc.dll 74f40000 49152 c:\winnt\pchealth\helpctr\binaries\pchsvc.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft PCHealth Service Holder
ersvc.dll 74f80000 36864 c:\winnt\system32\ersvc.dll 5.1.2600.5512 (xpsp.080413-2108) Windows Error Reporting Service
srvsvc.dll 75090000 110592 c:\winnt\system32\srvsvc.dll 5.1.2600.6031 (xpsp_sp3_gdr.100826-1646) Server Service DLL
netman.dll 77d00000 208896 c:\winnt\system32\netman.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Manager
netshell.dll 76400000 1724416 c:\winnt\system32\netshell.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 c:\winnt\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3dlg.dll 736d0000 24576 c:\winnt\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 c:\winnt\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
eappcfg.dll 745b0000 139264 c:\winnt\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
eappprxy.dll 5dcd0000 57344 c:\winnt\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
WZCSAPI.DLL 73030000 65536 c:\winnt\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration service API
seclogon.dll 73d20000 32768 c:\winnt\system32\seclogon.dll 5.1.2600.5512 (xpsp.080413-2113) Secondary Logon Service DLL
srsvc.dll 751a0000 188416 c:\winnt\system32\srsvc.dll 5.1.2600.5512 (xpsp.080413-2108) System Restore Service
POWRPROF.dll 74ad0000 32768 c:\winnt\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
trkwks.dll 75070000 102400 c:\winnt\system32\trkwks.dll 5.1.2600.5512 (xpsp.080413-2108) Distributed Link Tracking Client
wmisvc.dll 59490000 163840 c:\winnt\system32\wbem\wmisvc.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
VSSAPI.DLL 753e0000 446464 C:\WINNT\system32\VSSAPI.DLL 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
browser.dll 76da0000 90112 c:\winnt\system32\browser.dll 5.1.2600.6260 (xpsp_sp3_gdr.120706-1619) Computer Browser Service DLL
wuauserv.dll 50000000 20480 c:\winnt\system32\wuauserv.dll 5.4.3790.5512 (xpsp.080413-0852) Windows Update AutoUpdate Service
wuaueng.dll 50040000 1941504 C:\WINNT\system32\wuaueng.dll 7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459) Windows Update Agent
WINSPOOL.DRV 73000000 155648 C:\WINNT\System32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
WINHTTP.dll 4d4f0000 364544 C:\WINNT\System32\WINHTTP.dll 5.1.2600.6175 (xpsp_sp3_gdr.111116-1647) Windows HTTP Services
Cabinet.dll 75150000 77824 C:\WINNT\System32\Cabinet.dll 5.1.2600.5512 (xpsp.080413-2105) Microsoft® Cabinet File API
mspatcha.dll 600a0000 45056 C:\WINNT\System32\mspatcha.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft(R) Patch Engine
wbemcore.dll 762c0000 544768 C:\WINNT\system32\wbem\wbemcore.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
esscli.dll 75310000 258048 C:\WINNT\system32\wbem\esscli.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
wbemcomn.dll 75290000 225280 C:\WINNT\system32\wbem\wbemcomn.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
FastProx.dll 75690000 483328 C:\WINNT\system32\wbem\FastProx.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) WMI
wbemsvc.dll 74ed0000 57344 C:\WINNT\system32\wbem\wbemsvc.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
SXS.DLL 7e720000 720896 C:\WINNT\System32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
comsvcs.dll 76620000 1294336 C:\WINNT\system32\comsvcs.dll 2001.12.4414.702 2001.12.4414.702
colbact.DLL 75130000 81920 C:\WINNT\system32\colbact.DLL 2001.12.4414.700 2001.12.4414.700
MTXCLU.DLL 750f0000 77824 C:\WINNT\system32\MTXCLU.DLL 2001.12.4414.706 MS DTC amd MTS clustering support DLL
WSOCK32.dll 71ad0000 36864 C:\WINNT\system32\WSOCK32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
CLUSAPI.DLL 76d10000 73728 C:\WINNT\System32\CLUSAPI.DLL 5.1.2600.5512 (xpsp.080413-2111) Cluster API Library
RESUTILS.DLL 750b0000 73728 C:\WINNT\System32\RESUTILS.DLL 5.1.2600.5512 (xpsp.080413-2111) Microsoft Cluster Resource Utility DLL
sfc.dll 76bb0000 20480 C:\WINNT\System32\sfc.dll 5.1.2600.5512 (xpsp.080413-2111) Windows File Protection
sfc_os.dll 76c60000 172032 C:\WINNT\System32\sfc_os.dll 5.1.2600.5512 (xpsp.080413-2111) Windows File Protection
mtxoci.dll 750d0000 102400 C:\WINNT\System32\mtxoci.dll 2001.12.4414.706 Microsoft database support DLL for Oracle
wmiutils.dll 75020000 110592 C:\WINNT\system32\wbem\wmiutils.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
repdrvfs.dll 75200000 192512 C:\WINNT\system32\wbem\repdrvfs.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
wmiprvsd.dll 3f1e0000 466944 C:\WINNT\system32\wbem\wmiprvsd.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) WMI
NCObjAPI.DLL 5f770000 49152 C:\WINNT\system32\NCObjAPI.DLL 5.1.2600.5512 (xpsp.080413-2108)
wbemess.dll 75390000 286720 C:\WINNT\system32\wbem\wbemess.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
Apphelp.dll 77b40000 139264 C:\WINNT\system32\Apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
ipnathlp.dll 66460000 348160 c:\winnt\system32\ipnathlp.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft NAT Helper Components
AUTHZ.dll 776c0000 73728 c:\winnt\system32\AUTHZ.dll 5.1.2600.5512 (xpsp.080413-2113) Authorization Framework
wups2.dll 50f00000 53248 C:\WINNT\system32\wups2.dll 7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459) Windows Update client proxy stub 2
rasadhlp.dll 76fc0000 24576 C:\WINNT\System32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
ncprov.dll 5f740000 57344 C:\WINNT\system32\wbem\ncprov.dll 5.1.2600.5512 (xpsp.080413-2108) Non-COM WMI Event Provision APIs
upnp.dll 76de0000 147456 C:\WINNT\system32\upnp.dll 5.1.2600.5512 (xpsp.080413-0852) Universal Plug and Play API
SSDPAPI.dll 74f00000 49152 C:\WINNT\system32\SSDPAPI.dll 5.1.2600.5512 (xpsp.080413-0852) SSDP Client API DLL
msi.dll 7d1e0000 2867200 C:\WINNT\System32\msi.dll 3.1.4001.5512 Windows Installer
netcfgx.dll 755f0000 630784 C:\WINNT\System32\netcfgx.dll 5.1.2600.5512 (xpsp.080413-0852) Network Configuration Objects
tapisrv.dll 733e0000 262144 c:\winnt\system32\tapisrv.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft® Windows(TM) Telephony Server
rasmans.dll 7df30000 204800 c:\winnt\system32\rasmans.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Connection Manager
WINIPSEC.DLL 74370000 45056 c:\winnt\system32\WINIPSEC.DLL 5.1.2600.5512 (xpsp.080413-0852) Windows IPSec SPD Client DLL
rastapi.dll 75880000 69632 C:\WINNT\System32\rastapi.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access TAPI Compliance Layer
unimdm.tsp 57cc0000 221184 C:\WINNT\System32\unimdm.tsp 5.1.2600.5512 (xpsp.080413-0852) Unimodem 5 Service Provider
uniplat.dll 72000000 28672 C:\WINNT\System32\uniplat.dll 5.1.2600.5512 (xpsp.080413-0852) Unimodem AT Mini Driver Platform Driver for Windows NT
kmddsp.tsp 57d40000 45056 C:\WINNT\System32\kmddsp.tsp 5.1.2600.5512 (xpsp.080413-0852) TAPI Kernel-Mode Service Provider
ndptsp.tsp 57d20000 65536 C:\WINNT\System32\ndptsp.tsp 5.1.2600.5512 (xpsp.080413-0852) NDIS Proxy TAPI Service Provider
ipconf.tsp 57d50000 32768 C:\WINNT\System32\ipconf.tsp 5.1.2600.5512 (xpsp.080413-0852) Microsoft Multicast Conference TAPI Service Provider
h323.tsp 57d70000 286720 C:\WINNT\System32\h323.tsp 5.1.2600.5512 (xpsp.080413-0852) Microsoft H.323 Telephony Service Provider
hidphone.tsp 57d60000 40960 C:\WINNT\System32\hidphone.tsp 5.1.2600.5512 (xpsp.080413-0852) Microsoft HID Phone TSP
HID.DLL 688f0000 36864 C:\WINNT\System32\HID.DLL 5.1.2600.5512 (xpsp.080413-2108) Hid User Library
rasppp.dll 72240000 225280 C:\WINNT\System32\rasppp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access PPP
ntlsapi.dll 724b0000 24576 C:\WINNT\System32\ntlsapi.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft® License Server Interface DLL
kerberos.dll 71cf0000 311296 C:\WINNT\system32\kerberos.dll 5.1.2600.6059 (xpsp_sp3_gdr.101221-1626) Kerberos Security Package
RASQEC.DLL 72ae0000 77824 C:\WINNT\System32\RASQEC.DLL 5.1.2600.5512 (xpsp.080413-0852) RAS Quarantine Enforcement Client
RASDLG.dll 768d0000 671744 C:\WINNT\System32\RASDLG.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Common Dialog API
wbemcons.dll 73d30000 94208 C:\WINNT\system32\wbem\wbemcons.dll 5.1.2600.5512 (xpsp.080413-2108) WMI Standard Event Consumers
Module information for 'svchost.exe'(976)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINNT\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINNT\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINNT\system32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
dnsrslvr.dll 76770000 53248 c:\winnt\system32\dnsrslvr.dll 5.1.2600.5797 (xpsp_sp3_gdr.090420-1302) DNS Caching Resolver Service
DNSAPI.dll 76f20000 159744 c:\winnt\system32\DNSAPI.dll 5.1.2600.6089 (xpsp_sp3_gdr.110302-1625) DNS Client API DLL
WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 102400 c:\winnt\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
rsaenh.dll 68000000 221184 C:\WINNT\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
mswsock.dll 71a50000 258048 C:\WINNT\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINNT\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINNT\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
Module information for 'svchost.exe'(1020)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINNT\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINNT\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINNT\system32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINNT\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINNT\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
xpsp2res.dll 6e0000 2904064 C:\WINNT\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
lmhsvc.dll 74c40000 24576 c:\winnt\system32\lmhsvc.dll 5.1.2600.5512 (xpsp.080413-0852) TCPIP NetBios Transport Services DLL
iphlpapi.dll 76d60000 102400 c:\winnt\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
mswsock.dll 71a50000 258048 C:\WINNT\System32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
DNSAPI.dll 76f20000 159744 C:\WINNT\system32\DNSAPI.dll 5.1.2600.6089 (xpsp_sp3_gdr.110302-1625) DNS Client API DLL
rasadhlp.dll 76fc0000 24576 C:\WINNT\system32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
regsvc.dll 76af0000 73728 c:\winnt\system32\regsvc.dll 5.1.2600.5512 (xpsp.080413-2111) Remote Registry Service
ssdpsrv.dll 765e0000 81920 c:\winnt\system32\ssdpsrv.dll 5.1.2600.5512 (xpsp.080413-0852) SSDP Service DLL
hnetcfg.dll 662b0000 360448 C:\WINNT\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
CLBCATQ.DLL 76fd0000 520192 C:\WINNT\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINNT\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
wshtcpip.dll 71a90000 32768 C:\WINNT\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
upnphost.dll 62bf0000 204800 c:\winnt\system32\upnphost.dll 5.1.2600.5512 (xpsp.080413-0852) UPnP Device Host
WINHTTP.dll 4d4f0000 364544 c:\winnt\system32\WINHTTP.dll 5.1.2600.6175 (xpsp_sp3_gdr.111116-1647) Windows HTTP Services
SSDPAPI.dll 74f00000 49152 c:\winnt\system32\SSDPAPI.dll 5.1.2600.5512 (xpsp.080413-0852) SSDP Client API DLL
netapi32.dll 5b860000 348160 C:\WINNT\system32\netapi32.dll 5.1.2600.6260 (xpsp_sp3_gdr.120706-1619) Net Win32 API DLL
Module information for 'svchost.exe'(1768)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINNT\System32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINNT\System32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINNT\System32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
MSACM32.dll 77be0000 86016 C:\WINNT\System32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINNT\System32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINNT\System32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINNT\System32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINNT\System32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINNT\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
xpsp2res.dll 6e0000 2904064 C:\WINNT\System32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
w3ssl.dll 5aa90000 28672 c:\winnt\system32\w3ssl.dll 6.0.2600.5512 (xpsp.080413-0852) SSL service for HTTP
strmfilt.dll 6f290000 90112 C:\WINNT\System32\strmfilt.dll 6.0.2600.5891 (xpsp_sp3_gdr.091020-1758) Stream Filter Library
CRYPT32.dll 77a80000 610304 C:\WINNT\System32\CRYPT32.dll 5.131.2600.6237 (xpsp_sp3_gdr.120530-1718) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINNT\System32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
HTTPAPI.dll 67570000 40960 C:\WINNT\System32\HTTPAPI.dll 5.1.2600.5891 (xpsp_sp3_gdr.091020-1758) HTTP Protocol Stack API
WS2_32.dll 71ab0000 94208 C:\WINNT\System32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINNT\System32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
Module information for 'svchost.exe'(2012)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINNT\System32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINNT\System32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINNT\System32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
MSACM32.dll 77be0000 86016 C:\WINNT\System32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINNT\System32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINNT\System32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINNT\System32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
hpzinw12.dll 10000000 57344 c:\winnt\system32\hpzinw12.dll 13,1,1,51 Dot4Net Module
WSOCK32.dll 71ad0000 36864 c:\winnt\system32\WSOCK32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
NTMARTA.DLL 77690000 135168 C:\WINNT\System32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINNT\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
 
Module information for 'svchost.exe'(2028)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINNT\System32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINNT\System32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINNT\System32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
MSACM32.dll 77be0000 86016 C:\WINNT\System32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINNT\System32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINNT\System32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINNT\System32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
hpzipm12.dll 10000000 65536 c:\winnt\system32\hpzipm12.dll 13,1,1,51 PmlDrv Module
WSOCK32.dll 71ad0000 36864 c:\winnt\system32\WSOCK32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 94208 c:\winnt\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\winnt\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
NTMARTA.DLL 77690000 135168 C:\WINNT\System32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINNT\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINNT\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
Module information for 'svchost.exe'(312)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINNT\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINNT\system32\ntdll.dll 5.1.2600.6055 (xpsp_sp3_gdr.101209-1647) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINNT\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINNT\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 602112 C:\WINNT\system32\RPCRT4.dll 5.1.2600.6022 (xpsp_sp3_gdr.100813-1643) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINNT\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINNT\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINNT\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINNT\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINNT\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINNT\system32\WINMM.dll 5.1.2600.6160 (xpsp_sp3_gdr.111014-1624) MCI API DLL
ole32.dll 774e0000 1302528 C:\WINNT\system32\ole32.dll 5.1.2600.6168 (xpsp_sp3_gdr.111101-1829) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINNT\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINNT\system32\OLEAUT32.dll 5.1.2600.6058 5.1.2600.6058
MSACM32.dll 77be0000 86016 C:\WINNT\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINNT\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINNT\system32\SHELL32.dll 6.00.2900.6242 (xpsp_sp3_gdr.120608-1638) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINNT\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINNT\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINNT\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINNT\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINNT\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINNT\system32\USP10.dll 1.0420.2600.5969 (xpsp_sp3_gdr.100416-1716) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 6.0 (xpsp_sp3_qfe.100823-1643) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINNT\system32\comctl32.dll 5.82 (xpsp_sp3_qfe.100823-1643) Common Controls Library
wiaservc.dll 75aa0000 348160 c:\winnt\system32\wiaservc.dll 5.1.2600.5512 (xpsp.080413-0852) Still Image Devices Service
CFGMGR32.dll 74ae0000 28672 c:\winnt\system32\CFGMGR32.dll 5.1.2600.5512 (xpsp.080413-2111) Configuration Manager Forwarder DLL
setupapi.DLL 77920000 995328 c:\winnt\system32\setupapi.DLL 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
mscms.dll 73b30000 86016 c:\winnt\system32\mscms.dll 5.1.2600.5627 (xpsp_sp3_gdr.080624-1245) Microsoft Color Matching System DLL
WINSPOOL.DRV 73000000 155648 c:\winnt\system32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
WINSTA.dll 76360000 65536 c:\winnt\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
NETAPI32.dll 5b860000 348160 c:\winnt\system32\NETAPI32.dll 5.1.2600.6260 (xpsp_sp3_gdr.120706-1619) Net Win32 API DLL
xpsp2res.dll 6e0000 2904064 C:\WINNT\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
CLBCATQ.DLL 76fd0000 520192 C:\WINNT\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINNT\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
WINTRUST.dll 76c30000 188416 C:\WINNT\system32\WINTRUST.dll 5.131.2600.6285 (xpsp_sp3_gdr.120824-1617) Microsoft Trust Verification APIs
CRYPT32.dll 77a80000 610304 C:\WINNT\system32\CRYPT32.dll 5.131.2600.6237 (xpsp_sp3_gdr.120530-1718) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINNT\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
IMAGEHLP.dll 76c90000 163840 C:\WINNT\system32\IMAGEHLP.dll 5.1.2600.6198 (xpsp_sp3_gdr.120229-1643) Windows NT Image Helper
actxprxy.dll 71d40000 110592 C:\WINNT\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library



******************************************
EOF
 
And we go again...

Hitman Pro

Please download Hitman Pro

  • After the download completes please double click the program to run it.
  • Accept the terms of the license agreement and click Next
  • Let the scan run. It will not take long
  • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  • Upload log.xml here for review please

GMER

Note about this tool:
  • This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
  • This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
  • No matter what is in the log, please post all the information/contents of the log.
  • These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
 
Code: 
HitmanPro 3.6.2.173
www.hitmanpro.com

   Computer name . . . . : EE-HMC05
   Windows . . . . . . . : 5.1.3.2600.X86/2
   User name . . . . . . : IC\hmc05
   License . . . . . . . : Free

   Scan date . . . . . . : 2012-10-26 19:36:18
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 34s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 2

   Objects scanned . . . : 1,183,499
   Files scanned . . . . : 15,552
   Remnants scanned  . . : 534,000 files / 633,947 keys

Cookies _____________________________________________________________________

   H:\IExplorer\Cookies\hmc05@bs.serving-sys[7].txt
   H:\IExplorer\Cookies\hmc05@serving-sys[6].txt
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-27 13:42:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 WDC_WD2500AAJS-60M0A0 rev.02.03E02
Running: gmer.exe; Driver: C:\DOCUME~1\hmc05\LOCALS~1\Temp\aflcapob.sys


---- System - GMER 1.0.15 ----

SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwAllocateVirtualMemory [0xB9CEB2D2]
SSDT 8A16A008 ZwConnectPort
SSDT spvu.sys ZwCreateKey [0xB9EB50E0]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwCreateThread [0xB9CEC904]
SSDT spvu.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spvu.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwFreeVirtualMemory [0xB9CEB55E]
SSDT spvu.sys ZwOpenKey [0xB9EB50C0]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwOpenSection [0xB9CEB0F0]
SSDT spvu.sys ZwQueryKey [0xB9ECE20A]
SSDT spvu.sys ZwQueryValueKey [0xB9ECE08A]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwQueueApcThread [0xB9CECA0C]
SSDT 8A184DF0 ZwResumeThread
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSetContextThread [0xB9CECA58]
SSDT spvu.sys ZwSetValueKey [0xB9ECE29C]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSystemDebugControl [0xB9CEB006]
SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwWriteVirtualMemory [0xB9CEB66E]

INT 0x62 ? 8A47FBF8
INT 0x73 ? 8A47FBF8
INT 0x73 ? 8A47FBF8
INT 0x73 ? 8A47FBF8
INT 0x73 ? 8A47FBF8
INT 0x73 ? 8A47FBF8
INT 0x82 ? 8A47FBF8
INT 0x83 ? 8A083BF8
INT 0x83 ? 8A083BF8
INT 0x83 ? 8A083BF8
INT 0x83 ? 8A083BF8
INT 0x84 ? 8A083BF8
INT 0x84 ? 8A083BF8
INT 0x84 ? 8A083BF8
INT 0x84 ? 8A083BF8
INT 0x94 ? 8A083BF8
INT 0x94 ? 8A083BF8
INT 0x94 ? 8A083BF8

---- Kernel code sections - GMER 1.0.15 ----

? spvu.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B92308AC 5 Bytes JMP 8A0831D8

---- User code sections - GMER 1.0.15 ----

.text C:\WINNT\system32\SearchIndexer.exe[808] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINNT\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spvu.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spvu.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spvu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spvu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spvu.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EC5B90] spvu.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[3900] @ C:\WINNT\System32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINNT\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A4ED1F8

AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)

Device \Driver\usbuhci \Device\USBPDO-0 8A08A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4EF1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A4EF1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A4EF1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A4EF1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A08A1F8
Device \Driver\usbuhci \Device\USBPDO-2 8A08A1F8
Device \Driver\usbehci \Device\USBPDO-3 8A0F71F8
Device \Driver\usbuhci \Device\USBPDO-4 8A08A1F8

AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 8A08A1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BA44147E-D188-421D-83F4-E51BBDEDA4DC} 89A941F8
Device \Driver\usbuhci \Device\USBPDO-6 8A08A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4801F8
Device \Driver\usbehci \Device\USBPDO-7 8A0F71F8
Device \Driver\Cdrom \Device\CdRom0 8A0CE1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-16 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-7 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89A941F8
Device \Driver\NetBT \Device\NetbiosSmb 89A941F8

AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\Udp fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8A08A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A08A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A8E1F8
Device \Driver\usbuhci \Device\USBFDO-2 8A08A1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A8E1F8
Device \Driver\usbehci \Device\USBFDO-3 8A0F71F8
Device \Driver\usbuhci \Device\USBFDO-4 8A08A1F8
Device \Driver\Ftdisk \Device\FtControl 8A4801F8
Device \Driver\usbuhci \Device\USBFDO-5 8A08A1F8
Device \Driver\usbuhci \Device\USBFDO-6 8A08A1F8
Device \Driver\usbehci \Device\USBFDO-7 8A0F71F8
Device \FileSystem\Cdfs \Cdfs 89A7F1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x02 0x47 0x65 0x45 ...

---- EOF - GMER 1.0.15 ----
 
To enableCD Emulation programs using DeFogger please perform these steps:
  • Please download DeFogger to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Then, re-run GMER and post a log.


SystemLook x86 scan

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    atapi.sys
    usb*.sys
    spvu.*
    Click to expand...
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
You must log in or register to reply here.

Similar threads

T
Russian users report that they can't download Windows 10 and 11
2
Replies
46
Views
15K
Gastec
Gastec
B
Solved Is this malware and how to remove it? "Received message from unexpected origin : chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj
Replies
6
Views
8K
Broni
Broni
M
Ashampoo Burning Studio 21 Update not working
Replies
1
Views
1K
Mondriaan
M

Latest posts

Back