Win32/Trojan

Win32/Trojan5th October 2010, 8:45 am

When I turn on my computer I receive a message box (Microsoft Security Essentials Alert) saying I have a Win32/Trojan. When I attempt to open Firefox, internet explorer, or task manager. It gives me an error message stating The application taskmgr.exe was launched successfully but it was forced to shut down due to security reasons.
This happened because the application was infected by a malicious program which might pose a threat for the OS.
It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it. I wasnt able to upload anything from Firfox or Internet explorer and figured I would try to upload Malwarebytes' Anti-Malware from a seperate user account on my laptop. I was able to log in as a different user on my lap top and have tried to upload Malwarebytes' Anti-Malware on the separate user account. I ran the Malware program on the separate user account and it did find and elimante the torjan alerts. When I tried to go back in the original user account where I received the virus the pump up was still there. I ran Malwarebytes again but it still has not gone away and I still cant open task manager, IE, or Firefox. Please Help.

Re: Win32/Trojan5th October 2010, 9:16 am

Hi turnej10,

Welcome to GeekPolice.net

My name is TheAvatar and I will be tying to help you resolve your issues.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you haven't, please keep reading.
Note Before we start the process you should:

POST your logs, don't attach them, as it makes it harder to read.
Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
Please be patient, there is no quick fix for malware. Removal can take several attempts. Just because symptoms have gone away, does not mean the infection is gone.
Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.
If I have not replied to your thread within 2 days, please PM me.

Please do the following steps:

Step 1:

Please download OTL from one of the following links

LINK 1
LINK 2
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in;
  
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2:

Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.

Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

In your next reply please include:

The two logs from OTL.
The GMER log.

............................................................................................
- The Avatar
If I have helped you, please consider donating to GeekPolice.net

GeekPolice.net

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

Re: Win32/Trojan5th October 2010, 3:40 pm

OTL logfile created on: 10/5/2010 8:26:52 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\jturner\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 122.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 52.03 Gb Free Space | 69.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC270429458147
Current User Name: jturner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/05 08:23:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jturner\My Documents\Downloads\OTL.exe
PRC - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2009/05/24 13:40:19 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/10/07 08:23:46 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/10/01 14:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2007/09/13 17:49:48 | 000,202,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/23 12:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
PRC - [2007/01/22 22:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
PRC - [2007/01/22 22:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
PRC - [2007/01/22 22:19:26 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
PRC - [2006/12/15 13:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
PRC - [2005/11/28 14:50:44 | 001,491,023 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
PRC - [2005/09/15 16:21:13 | 001,160,800 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/02/02 05:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 13:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

========== Modules (SafeList) ==========

MOD - [2010/10/05 08:23:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jturner\My Documents\Downloads\OTL.exe
MOD - [2010/03/04 15:01:09 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCP71.DLL
MOD - [2010/03/04 15:01:09 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCR71.DLL
MOD - [2007/01/22 22:25:58 | 000,377,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCL40.DLL
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/09/23 18:38:24 | 000,123,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2005/02/02 05:12:14 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2002/01/23 15:09:56 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/04 15:08:20 | 002,106,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009/05/24 13:40:19 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/10/01 14:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/09/13 17:49:48 | 000,202,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2007/05/23 12:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2007/01/22 22:19:34 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/01/22 22:19:28 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/01/16 13:52:26 | 000,072,328 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - [2007/01/16 11:25:28 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - [2006/12/15 13:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2005/09/15 16:21:13 | 001,160,800 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/08/26 14:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - [2010/10/03 07:45:57 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/10/02 01:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101002.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/02 01:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101002.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/16 13:48:40 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/16 13:48:40 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/15 11:07:08 | 000,270,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20100915.005\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/05/24 10:59:22 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007/10/01 14:49:26 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/01 14:49:20 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/10/01 14:49:16 | 000,031,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/10/01 14:49:10 | 000,028,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/10/01 14:49:04 | 000,098,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/10/01 14:48:56 | 000,012,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005/09/15 16:21:13 | 000,389,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/08/26 14:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 14:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/05/27 02:46:22 | 000,913,280 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 02:31:28 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/04/04 09:25:36 | 000,160,768 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/04/01 03:02:36 | 001,034,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/22 07:39:44 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 07:39:42 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 07:39:40 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/15 09:14:52 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/15 09:14:52 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/10 02:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/02/02 04:58:58 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/11 16:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/28 03:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002/07/27 12:28:30 | 000,037,408 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 08:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/17 02:06:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/04 10:15:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 07:46:21 | 000,000,000 | ---D | M]

[2010/10/04 10:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jturner\Application Data\Mozilla\Extensions
[2010/10/04 10:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jturner\Application Data\Mozilla\Firefox\Profiles\ica1fizm.default\extensions
[2010/10/04 10:15:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/11 09:26:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2004/08/04 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hp\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Cisco Systems, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab (TikGames Online Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Blue Sonic.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Blue Sonic.bmp
O28 - HKLM ShellExecuteHooks: {CA2DB500-5ECF-11D2-B28F-0080C8383C7B} - C:\WINDOWS\System32\shmswnrc.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/10/04 10:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Application Data\Malwarebytes
[2010/10/04 10:32:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/04 10:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/04 10:32:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/04 10:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/04 10:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\My Documents\Downloads
[2010/10/04 10:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Application Data\Adobe
[2010/10/04 10:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Local Settings\Application Data\Mozilla
[2010/10/04 10:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Application Data\Mozilla
[2010/10/04 10:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Application Data\Real
[2010/10/04 10:11:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jturner\Application Data\yahoo!
[2010/10/04 10:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Application Data\Macromedia
[2010/10/04 10:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Application Data\Identities
[2010/10/04 10:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Application Data\Apple Computer
[2010/10/04 10:09:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\jturner\Application Data\Microsoft
[2010/10/04 10:09:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jturner\SendTo
[2010/10/04 10:09:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jturner\Recent
[2010/10/04 10:09:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jturner\Application Data
[2010/10/04 10:09:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jturner\My Documents\My Videos
[2010/10/04 10:09:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jturner\My Documents\My Pictures
[2010/10/04 10:09:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jturner\My Documents\My Music
[2010/10/04 10:09:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jturner\My Documents
[2010/10/04 10:09:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jturner\Favorites
[2010/10/04 10:09:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jturner\Cookies
[2010/10/04 10:09:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jturner\PrintHood
[2010/10/04 10:09:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jturner\NetHood
[2010/10/04 10:09:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jturner\Local Settings
[2010/10/04 10:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Application Data\Symantec
[2010/10/04 10:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Local Settings\Application Data\Microsoft
[2010/10/04 10:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Local Settings\Application Data\LightScribe
[2010/10/04 10:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Local Settings\Application Data\Google
[2010/10/04 10:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Desktop
[2010/10/04 10:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Local Settings\Application Data\ApplicationHistory
[2010/10/04 10:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Local Settings\Application Data\Apple Computer
[2010/10/04 10:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Local Settings\Application Data\Adobe
[2010/10/04 10:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jturner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2010/10/04 10:09:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jturner\Start Menu
[2010/10/04 10:09:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jturner\Templates
[2010/10/04 08:33:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/26 07:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2006/02/04 22:51:39 | 000,756,024 | ---- | C] (Cisco Systems, Inc.) -- C:\Program Files\CCAAgent_Setup.exe
[56 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/05 08:05:07 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/05 08:04:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/05 08:01:52 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/05 08:01:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/05 08:01:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/05 08:00:59 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 07:59:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jturner\ntuser.ini
[2010/10/05 07:59:55 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\jturner\NTUSER.DAT
[2010/10/05 07:59:54 | 001,930,896 | -H-- | M] () -- C:\Documents and Settings\jturner\Local Settings\Application Data\IconCache.db
[2010/10/05 07:59:51 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/05 07:59:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/05 07:59:51 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/10/04 10:33:00 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/04 10:11:10 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\jturner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/04 09:35:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/04 09:35:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/03 11:42:36 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/03 07:45:58 | 000,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/10/03 07:45:58 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/10/03 07:45:57 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/10/03 07:45:56 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/10/03 06:47:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\WinInit.ini
[2010/09/18 19:05:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/15 01:43:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[56 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/05 08:00:59 | 535,351,296 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/04 10:33:00 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/04 10:09:15 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\jturner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/04 10:09:15 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\jturner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/04 10:09:15 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\jturner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/10/04 10:09:15 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\jturner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/10/04 10:09:09 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\jturner\ntuser.dat.LOG
[2010/10/04 10:09:09 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\jturner\ntuser.ini
[2010/10/04 10:09:08 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\jturner\NTUSER.DAT
[2010/10/04 09:35:45 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/10/04 09:35:45 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/10/03 07:46:07 | 000,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/10/03 07:46:07 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/10/03 06:47:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2009/05/11 09:59:06 | 000,007,271 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2007/12/06 15:23:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/12/19 21:19:48 | 000,004,853 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/25 00:31:11 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/03/30 17:20:37 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2006/01/19 20:38:58 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/01/06 18:23:27 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/25 10:44:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/11 21:02:36 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/11 21:02:36 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/11 21:02:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/11 21:02:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/11 21:02:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/11 21:02:35 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/11 20:49:08 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 01:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 06:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:10:08 | 000,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/04 01:00:00 | 000,569,344 | ---- | C] () -- C:\WINDOWS\System32\getulsap.dll
[2004/08/04 01:00:00 | 000,133,478 | ---- | C] () -- C:\WINDOWS\System32\aiwecpy32.dll
[2004/08/04 01:00:00 | 000,044,018 | ---- | C] () -- C:\WINDOWS\System32\3dawver.dll
[2004/01/13 12:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/07/27 12:28:30 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== LOP Check ==========

[2007/05/05 20:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lionhead Studios
[2008/03/18 18:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2005/05/11 21:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2006/10/03 19:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2006/02/19 19:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/01/27 17:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/06 14:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2007/01/20 17:43:03 | 000,084,187 | ---- | M] () -- C:\20072001_155538_JEREMIAH TURNER.nbi
[2009/01/27 21:05:32 | 000,015,678 | ---- | M] () -- C:\ainstall.log
[2003/03/18 18:05:50 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\atl71.dll
[2010/10/05 07:59:51 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2007/06/10 19:04:25 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2009/11/28 04:25:47 | 000,000,076 | ---- | M] () -- C:\DVDPATH.TXT
[2010/10/05 08:00:59 | 535,351,296 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 09:35:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/12/20 14:58:54 | 000,000,674 | -H-- | M] () -- C:\IPH.PH
[2003/03/18 20:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\mfc71.dll
[2003/03/18 20:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\mfc71u.dll
[2010/10/04 09:35:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2003/02/21 03:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\msvcr71.dll
[2004/08/04 01:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2004/08/04 01:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/10/05 08:00:57 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2006/09/03 21:52:10 | 000,000,024 | ---- | M] () -- C:\wizard.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/06 22:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/06 22:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/06 22:45:26 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-19 10:04:03

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A11F741D
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Re: Win32/Trojan5th October 2010, 4:39 pm

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-05 09:27:48
Windows 5.1.2600 Service Pack 2
Running: 3vjg2yy9.exe; Driver: C:\DOCUME~1\jturner\LOCALS~1\Temp\awddafob.sys

---- System - GMER 1.0.15 ----

SSDT 82AE24D8 ZwAlertResumeThread
SSDT 82AE24A0 ZwAlertThread
SSDT 8281A080 ZwAllocateVirtualMemory
SSDT 82AE3A80 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEF3C0020]
SSDT 82835DC8 ZwCreateMutant
SSDT 82849770 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEF3C02A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEF3C0800]
SSDT 82AAEDE0 ZwFreeVirtualMemory
SSDT 82ADE7F8 ZwImpersonateAnonymousToken
SSDT 82A1D978 ZwImpersonateThread
SSDT 82849B50 ZwMapViewOfSection
SSDT 82A1E2B0 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xEF3C05B0]
SSDT 82AFCCE0 ZwOpenProcessToken
SSDT 828381B8 ZwOpenThreadToken
SSDT 82ACD8C8 ZwResumeThread
SSDT 82A2F978 ZwSetContextThread
SSDT 8283CB78 ZwSetInformationProcess
SSDT 82832078 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEF3C0A50]
SSDT 82A1B168 ZwSuspendProcess
SSDT 82AE2F18 ZwSuspendThread
SSDT 82847458 ZwTerminateProcess
SSDT 82AE2EE0 ZwTerminateThread
SSDT 82B07588 ZwUnmapViewOfSection
SSDT 82834DE0 ZwWriteVirtualMemory
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x805987C8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x805E59A4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x805E91EA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x805E59D6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x805E9224]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x805E5A0C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x805E9268]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x805E92AC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x8060A932]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x8060BBA6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x805E0D54]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x805E09AC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x8060AF58]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x805AA3C4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x8060A570]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x805A4806]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x805CB498]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x804FEEF0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x8060BBB4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x8056AED4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x8053441A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x80603C42]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x805B0A50]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x805E9724]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x80618B1C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x805EDC38]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x80598EB6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x80618D70]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x80540228]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x80636FD0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x805B294C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x80603C92]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x8060BEFA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x8056D43A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x8056BCCC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x805CA45C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x805CA194]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x8056D548]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x8056D474]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x8059FC26]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x80599284]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x805C601E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x805C5F68]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x8060C712]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x8059F56A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x80609C8E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x805B9754]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x8060BBC2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x805EDFE0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x805992A8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDebugActiveProcess [0x806380AC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x806381FC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x8060B5C6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x8060ADE8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x8056B01A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x805E9830]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x8056D600]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x80607C02]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateObject [0x805B252C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x805E1BF2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x80619798]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x8060B668]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x80619A02]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwExtendSection [0x805A7F30]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFilterToken [0x805E1D9E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFindAtom [0x8060AB9C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushBuffersFile [0x8056B0E6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstructionCache [0x805AAC4E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushKey [0x80619C6C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushVirtualMemory [0x805A0936]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushWriteBuffer [0x805AABF0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x805AA760]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFsControlFile [0x8056D634]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetContextThread [0x805C6318]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetDevicePowerState [0x805BD166]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetPlugPlayEvent [0x8058D660]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetWriteWatch [0x8051CE42]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateClientOfPort [0x80599312]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeRegistry [0x80616F10]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwInitiatePowerAction [0x805BCF4C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwIsProcessInJob [0x805CA058]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x805BD152]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwListenPort [0x8059951E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadDriver [0x8057866C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey [0x8061ACA4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey2 [0x8061A8EE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockFile [0x8056D668]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockProductActivationKeys [0x80608164]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockRegistryKey [0x80618E1C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockVirtualMemory [0x805AAD56]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMakePermanentObject [0x805B3DCC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMakeTemporaryObject [0x805B0AF4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPages [0x805A96B8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x805A9C90]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x8056E298]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeKey [0x8061AC6E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x80619D6E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenDirectoryObject [0x805B2A1E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEventPair [0x8060BFD2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenFile [0x8056E558]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenIoCompletion [0x8056BDA4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenJobObject [0x805CA5E2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenMutant [0x8060C3CA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x805E92F2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcess [0x805BFEAE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessTokenEx [0x805E21F0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSection [0x8059E5A0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSemaphore [0x80609D88]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x805B993A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThread [0x805C013A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadTokenEx [0x805E2360]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTimer [0x8060BCE4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPlugPlayControl [0x8063A29E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPowerInformation [0x805BDF9A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeCheck [0x805EC9DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x805E8604]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x805E87F0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwProtectVirtualMemory [0x805AC81E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPulseEvent [0x80603E4A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryAttributesFile [0x8056B2CC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDebugFilterState [0x8053B446]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultLocale [0x806059B6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x80606616]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryFile [0x8056E232]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryObject [0x805B2ABE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEaFile [0x8056E588]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEvent [0x80603F12]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryFullAttributesFile [0x8056B404]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationAtom [0x8060AE10]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationFile [0x8056EE04]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationJobObject [0x805CAAB4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationPort [0x8059957C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationProcess [0x805C1814]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationThread [0x805C03E0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationToken [0x805E26E8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInstallUILanguage [0x80605DB4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIntervalProfile [0x8060CB94]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIoCompletion [0x8056BE4C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x8061A62E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMultipleValueKey [0x8061811A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMutant [0x8060C472]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryObject [0x805B8E14]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeys [0x80618780]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPerformanceCounter [0x8060CC22]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x8056FC4E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySection [0x805AC9E0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityObject [0x805B4798]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySemaphore [0x80609E40]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x805B99DA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x8060B684]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x8060B65A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformation [0x80606696]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemTime [0x80608518]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimer [0x8060BD9C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimerResolution [0x80607DD0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x80616FF2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVirtualMemory [0x805AD066]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x8057013E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThread [0x805C6064]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseException [0x80540270]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseHardError [0x80609AB2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadFile [0x80570906]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadFileScatter [0x80570E94]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadRequestData [0x8059A004]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadVirtualMemory [0x805A851C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x805C75B4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseMutant [0x8060C5AA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseSemaphore [0x80609F70]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletion [0x8056C144]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveProcessDebug [0x8063817C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRenameKey [0x80618972]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplaceKey [0x8061AB54]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyPort [0x80599684]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePort [0x8059A64C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x8059A054]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReplyPort [0x8059996E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestDeviceWakeup [0x805BD0E4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestPort [0x80596BE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWaitReplyPort [0x80596F0E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWakeupLatency [0x805BCEF2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResetEvent [0x80604024]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x8051D322]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRestoreKey [0x80617340]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResumeProcess [0x805C9914]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKey [0x806173E2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKeyEx [0x80617472]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveMergedKeys [0x8061753E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSecureConnectPort [0x80597EFC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDebugFilterState [0x8063AE34]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x8060995C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultLocale [0x80605B06]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultUILanguage [0x80606378]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEaFile [0x8056EAA4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEvent [0x806040E4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEventBoostPriority [0x806041AE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighEventPair [0x8060C28E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x8060C1BE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationDebugObject [0x80637B46]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationFile [0x8056F408]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationJobObject [0x805CB7C4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationKey [0x80617CE6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationObject [0x805B8258]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationToken [0x805EED5A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetIntervalProfile [0x8060C6F6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletion [0x8056C0E2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLdtEntries [0x805C8740]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowEventPair [0x8060C22A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x8060C152]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetQuotaInformationFile [0x8056FC2C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSecurityObject [0x805B46CC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x8060B908]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemInformation [0x806049E4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemPowerState [0x806473E8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemTime [0x806090D8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetThreadExecutionState [0x805BCE06]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimer [0x80534556]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerResolution [0x806085AA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetUuidSeed [0x8060A426]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetVolumeInformationFile [0x80570562]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownSystem [0x80607BC6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x805220D4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStartProfile [0x8060C940]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStopProfile [0x8060CAEA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSystemDebugControl [0x8060CD0E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateJobObject [0x805CC32E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTestAlert [0x805C9A7E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTraceEvent [0x80530C34]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTranslateFilePath [0x8060B676]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadDriver [0x80578800]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey [0x806178C0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKeyEx [0x80617AB6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockFile [0x8056DA14]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockVirtualMemory [0x805AB2E4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwVdmControl [0x805F0112]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForDebugEvent [0x806378AE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects [0x805B4E04]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForSingleObject [0x805B4D1A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitHighEventPair [0x8060C0EE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitLowEventPair [0x8060C08A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFile [0x805713A4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFileGather [0x805719B4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteRequestData [0x8059A02C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwYieldExecution [0x805018C4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyedEvent [0x8060D166]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyedEvent [0x8060D250]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseKeyedEvent [0x8060D302]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForKeyedEvent [0x8060D58E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPortInformationProcess [0x805C03B0]

INT 0x00 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053D5AC
INT 0x01 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053D724
INT 0x03 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053DAF4
INT 0x04 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053DC74
INT 0x05 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053DDD0
INT 0x06 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053DF44
INT 0x07 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053E5AC
INT 0x09 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Re: Win32/Trojan5th October 2010, 4:39 pm

INT 0x0A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053EAF0
INT 0x0B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053EC30
INT 0x0C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053EE8C
INT 0x0D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053F170
INT 0x0E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053F878
INT 0x0F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x10 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCC8
INT 0x11 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE00
INT 0x12 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x13 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF68
INT 0x14 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x15 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x16 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x17 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x18 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x19 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x1A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x1B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x1C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x1D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x1E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x1F \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806CFFD0
INT 0x2A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053CDEE
INT 0x2B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053CEF0
INT 0x2C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053D090
INT 0x2D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053D9D0
INT 0x2E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C891
INT 0x2F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA8
INT 0x30 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BF50
INT 0x31 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BF5A
INT 0x32 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BF64
INT 0x33 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BF6E
INT 0x34 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BF78
INT 0x35 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BF82
INT 0x36 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BF8C
INT 0x37 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806CF728
INT 0x38 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BFA0
INT 0x39 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BFAA
INT 0x3A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BFB4
INT 0x3B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BFBE
INT 0x3C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BFC8
INT 0x3D \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806D0B70
INT 0x3E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BFDC
INT 0x3F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BFE6
INT 0x40 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053BFF0
INT 0x41 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806D09CC
INT 0x42 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C004
INT 0x43 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C00E
INT 0x44 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C018
INT 0x45 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C022
INT 0x46 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C02C
INT 0x47 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C036
INT 0x48 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C040
INT 0x49 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C04A
INT 0x4A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C054
INT 0x4B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C05E
INT 0x4C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C068
INT 0x4D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C072
INT 0x4E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C07C
INT 0x4F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C086
INT 0x50 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806CF800
INT 0x51 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C09A
INT 0x52 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C0A4
INT 0x53 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C0AE
INT 0x54 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C0B8
INT 0x55 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C0C2
INT 0x56 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C0CC
INT 0x57 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C0D6
INT 0x58 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C0E0
INT 0x59 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C0EA
INT 0x5A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C0F4
INT 0x5B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C0FE
INT 0x5C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C108
INT 0x5D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C112
INT 0x5E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C11C
INT 0x5F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C126
INT 0x60 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C130
INT 0x61 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C13A
INT 0x62 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F83965E0
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F79E8BCA
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F79E8BCA
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F79E8BCA
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F79E8BCA
INT 0x64 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C158
INT 0x65 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C162
INT 0x66 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C16C
INT 0x67 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C176
INT 0x68 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C180
INT 0x69 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C18A
INT 0x6A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C194
INT 0x6B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C19E
INT 0x6C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C1A8
INT 0x6D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C1B2
INT 0x6E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C1BC
INT 0x6F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C1C6
INT 0x70 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C1D0
INT 0x71 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C1DA
INT 0x72 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C1E4
INT 0x73 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) F79F2B78
INT 0x74 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C1F8
INT 0x75 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C202
INT 0x76 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C20C
INT 0x77 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C216
INT 0x78 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C220
INT 0x79 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C22A
INT 0x7A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C234
INT 0x7B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C23E
INT 0x7C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C248
INT 0x7D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C252
INT 0x7E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C25C
INT 0x7F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C266
INT 0x80 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C270
INT 0x81 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C27A
INT 0x82 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F83965E0
INT 0x83 ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) F853C1D2
INT 0x84 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C298
INT 0x85 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C2A2
INT 0x86 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C2AC
INT 0x87 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C2B6
INT 0x88 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C2C0
INT 0x89 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C2CA
INT 0x8A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C2D4
INT 0x8B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C2DE
INT 0x8C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C2E8
INT 0x8D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C2F2
INT 0x8E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C2FC
INT 0x8F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C306
INT 0x90 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C310
INT 0x91 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C31A
INT 0x92 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C324
INT 0x93 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F8786495
INT 0x94 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C338
INT 0x95 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C342
INT 0x96 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C34C
INT 0x97 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C356
INT 0x98 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C360
INT 0x99 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C36A
INT 0x9A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C374
INT 0x9B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C37E
INT 0x9C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C388
INT 0x9D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C392
INT 0x9E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C39C
INT 0x9F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C3A6
INT 0xA0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C3B0
INT 0xA1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C3BA
INT 0xA2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C3C4
INT 0xA3 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F878DD80
INT 0xA4 \SystemRoot\system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) F78EBE80
INT 0xA5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C3E2
INT 0xA6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C3EC
INT 0xA7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C3F6
INT 0xA8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C400
INT 0xA9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C40A
INT 0xAA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C414
INT 0xAB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C41E
INT 0xAC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C428
INT 0xAD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C432
INT 0xAE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C43C
INT 0xAF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C446
INT 0xB0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C450
INT 0xB1 ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F840231E
INT 0xB1 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) F82B8E80
INT 0xB1 \SystemRoot\system32\drivers\tifm21.sys (tifm21.sys/Texas Instruments) F78F9D1C
INT 0xB1 ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F840231E
INT 0xB2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C464
INT 0xB3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C46E
INT 0xB4 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) F82B8E80
INT 0xB5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C482
INT 0xB6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C48C
INT 0xB7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C496
INT 0xB8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C4A0
INT 0xB9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C4AA
INT 0xBA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C4B4
INT 0xBB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C4BE
INT 0xBC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C4C8
INT 0xBD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C4D2
INT 0xBE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C4DC
INT 0xBF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C4E6
INT 0xC0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C4F0
INT 0xC1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsof

Re: Win32/Trojan5th October 2010, 4:40 pm

t Corporation) 806CF984
INT 0xC2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C504
INT 0xC3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C50E
INT 0xC4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C518
INT 0xC5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C522
INT 0xC6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C52C
INT 0xC7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C536
INT 0xC8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C540
INT 0xC9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C54A
INT 0xCA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C554
INT 0xCB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C55E
INT 0xCC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C568
INT 0xCD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C572
INT 0xCE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C57C
INT 0xCF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C586
INT 0xD0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C590
INT 0xD1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806CED34
INT 0xD2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C5A4
INT 0xD3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C5AE
INT 0xD4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C5B8
INT 0xD5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C5C2
INT 0xD6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C5CC
INT 0xD7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C5D6
INT 0xD8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C5E0
INT 0xD9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C5EA
INT 0xDA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C5F4
INT 0xDB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C5FE
INT 0xDC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C608
INT 0xDD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C612
INT 0xDE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C61C
INT 0xDF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C626
INT 0xE0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C630
INT 0xE1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806CFF0C
INT 0xE2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C644
INT 0xE3 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806CFC70
INT 0xE4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C658
INT 0xE5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C662
INT 0xE6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C66C
INT 0xE7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C676
INT 0xE8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C680
INT 0xE9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C68A
INT 0xEA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C694
INT 0xEB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C69E
INT 0xEC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6A8
INT 0xED \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6B2
INT 0xEE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6B9
INT 0xEF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6C0
INT 0xF0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6C7
INT 0xF1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6CE
INT 0xF2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6D5
INT 0xF3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6DC
INT 0xF4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6E3
INT 0xF5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6EA
INT 0xF6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6F1
INT 0xF7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6F8
INT 0xF8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C6FF
INT 0xF9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C706
INT 0xFA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C70D
INT 0xFB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C714
INT 0xFC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C71B
INT 0xFD \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806D0464
INT 0xFE \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806D0604
INT 0xFF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053C730

SYSENTER \WINDOWS\system32\ntkrnlpa.exe 8053C950

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2364 80501254 8 Bytes [D8, 24, AE, 82, A0, 24, AE, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2378 80501268 4 Bytes [80, A0, 81, 82]
.text ntkrnlpa.exe!ZwCallbackReturn + 23B0 805012A0 4 Bytes [80, 3A, AE, 82]
.text ntkrnlpa.exe!ZwCallbackReturn + 23D8 805012C8 4 Bytes [20, 00, 3C, EF] {AND [EAX], AL; CMP AL, 0xef}
.text ntkrnlpa.exe!ZwCallbackReturn + 23E0 805012D0 4 Bytes [C8, 5D, 83, 82] {ENTER 0x835d, 0x82}
.text ...
.text ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + C12 8053CB46 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 22A 80540E7A 18 Bytes [E0, 25, 7F, FF, FF, FF, 0F, ...]
.text ntkrnlpa.exe!KiDispatchInterrupt + 242 80540E92 1 Byte [00]
.text ntkrnlpa.exe!RtlPrefetchMemoryNonTemporal 80541774 1 Byte [90]
.text hal.dll!HalBeginSystemInterrupt + 96A 806D1616 5 Bytes [97, 32, 2D, 57, 50]
.text hal.dll!HalBeginSystemInterrupt + 970 806D161C 2 Bytes [02, A3]
.text hal.dll!HalBeginSystemInterrupt + 974 806D1620 17 Bytes [97, 32, 2D, 57, EC, 02, A3, ...]
.text hal.dll!HalBeginSystemInterrupt + 986 806D1632 1 Byte [02]
.text hal.dll!HalBeginSystemInterrupt + 98A 806D1636 4 Bytes [11, 57, 02, 32]
.text ...
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF791D8BF]

---- User code sections - GMER 1.0.15 ----

Re: Win32/Trojan5th October 2010, 4:42 pm

.text C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE[332] C:\Program Files\Norton Internet Security\nisProd.dll section is writeable [0x673F1000, 0x39000, 0xE0000020]
.asdfas C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE[332] C:\Program Files\Norton Internet Security\nisProd.dll entry point in ".asdfas" section [0x6744C000]
.asdfas C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE[332] C:\Program Files\Norton Internet Security\nisProd.dll unknown last code section [0x6744C000, 0x1F000, 0xE0000020]
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[940] C:\PROGRA~1\NORTON~1\NORTON~1\NAVOPTRF.DLL section is writeable [0x6A091000, 0x2C000, 0xE0000020]
.asdfas C:\Program Files\Common Files\Symantec Shared\ccApp.exe[940] C:\PROGRA~1\NORTON~1\NORTON~1\NAVOPTRF.DLL entry point in ".asdfas" section [0x6A0DD000]
.asdfas C:\Program Files\Common Files\Symantec Shared\ccApp.exe[940] C:\PROGRA~1\NORTON~1\NORTON~1\NAVOPTRF.DLL unknown last code section [0x6A0DD000, 0x1E000, 0xE0000020]
.storm C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1804] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll entry point in ".storm" section [0x20060000]
.storm C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[1804] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll unknown last code section [0x20060000, 0x1A000, 0xE0000020]
CODE C:\Documents and Settings\jturner\My Documents\Downloads\OTL.exe[3820] C:\Documents and Settings\jturner\My Documents\Downloads\OTL.exe entry point in "CODE" section [0x00401000]
.rsrc C:\Documents and Settings\jturner\My Documents\Downloads\OTL.exe[3820] C:\Documents and Settings\jturner\My Documents\Downloads\OTL.exe section is executable [0x00630000, 0x3000, 0xE0000020]
UPX1 C:\Documents and Settings\jturner\My Documents\Downloads\3vjg2yy9.exe[3840] C:\Documents and Settings\jturner\My Documents\Downloads\3vjg2yy9.exe entry point in "UPX1" section [0x004B3F40]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \FileSystem\Ntfs \Ntfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Mup \Dfs Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\NDIS \Device\Ndis NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
Device \Driver\KSecDD \Device\KsecDD ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Beep \Device\Beep Beep.SYS (BEEP Driver/Microsoft Corporation)
Device \Driver\Beep \Device\Beep ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000032
Device \Device\00000025
Device \Device\00000019
Device \FileSystem\NetBIOS \Device\Netbios netbios.sys (NetBIOS interface driver/Microsoft Corporation)
Device \FileSystem\NetBIOS \Device\Netbios ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\eabfiltr \Device\EABFiltr EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
Device \Driver\eabfiltr \Device\EABFiltr ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000033
Device \Device\00000026
Device \Driver\Tcpip \Device\Ip tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000001 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\SymEvent \Device\SymEvent SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
Device \Driver\PnpManager \Device\00000040 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000040 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\RDP_CONSOLE0 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000034
Device \Device\00000027
Device \Driver\swenum \Device\KSENUM#00000002 swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation)
Device \Driver\swenum \Device\KSENUM#00000002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

Device \Driver\Fips \Device\Fips Fips.SYS (FIPS Crypto Driver/Microsoft Corporation)
Device \Driver\Fips \Device\Fips ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video0
Device \Driver\PnpManager \Device\00000041 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000041 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\{560E42A4-22AE-41BE-8134-3B3CC5E10A59} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\PptpMiniport \Device\{576D289D-F42A-4212-97E7-6EB65DB53672} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\TermDD \Device\RDP_CONSOLE1 termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Device\00000035
Device \Device\00000028
Device \Driver\Kbdclass \Device\KeyboardClass1 kbdclass.sys (Keyboard Class Driver/Microsoft Corporation)
Device \Driver\Kbdclass \Device\KeyboardClass1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

Device \Driver\NDProxy \Device\NDProxy NDProxy.SYS (NDIS Proxy/Microsoft Corporation)
Device \Driver\NDProxy \Device\NDProxy ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video1
Device \Driver\PnpManager \Device\00000042 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000042 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000036
Device \Device\00000029
Device \Device\Video2
Device \Device\00000043
Device \Driver\Mouclass \Device\PointerClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000050 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000037
Device \Device\0000000a
Device \Driver\PnpManager \Device\00000044 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000044 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video3
Device \Driver\usbohci \Device\USBPDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Compbatt \Device\CompositeBattery compbatt.sys (Composite Battery Driver/Microsoft Corporation)
Device \Driver\Compbatt \Device\CompositeBattery ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Processor
Device \Driver\Mouclass \Device\PointerClass1 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
Device \Driver\Mouclass \Device\PointerClass1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\CmBatt \Device\AcAdapter CmBatt.sys (Control Method Battery Driver/Microsoft Corporation)
Device \Driver\CmBatt \Device\AcAdapter ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000051 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000038
Device \Device\0000000b
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\WMIxWDM \Device\WMIDataDevice ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000045 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000045 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Video4
Device \Driver\usbohci \Device\USBPDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000052
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawTape ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\00000039
Device \Device\0000000c
Device \Driver\PnpManager \Device\00000046 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000046 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation)
Device \FileSystem\MRxDAV \Device\WebDavRedirector ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000053 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\NTPNP_PCI0000
Device \Device\0000001a
Device \Device\0000000d
Device \Driver\isapnp \Device\00000060 isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation)
Device \Driver\isapnp \Device\00000060 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000054 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\NTPNP_PCI0001
Device \Device\00000047
Device \Device\0000001b
Device \Device\0000000e
Device \Driver\RasAcd \Device\RasAcd rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation)
Device \Driver\RasAcd \Device\RasAcd ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\IpNat \Device\IPNAT ipnat.sys (IP Network Address Translator/Microsoft Corporation)
Device \Driver\IpNat \Device\IPNAT ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NAVEX15 \Device\NAVEX15 NavEx15.Sys (AV Engine/Symantec Corporation)
Device \Driver\NAVEX15 \Device\NAVEX15 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\PSched NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\SbcpHid \Device\{21d5aec6-3ca5-32e5-5d03-c709a82cbdc8} SbcpHid.sys
Device \Driver\SbcpHid \Device\{21d5aec6-3ca5-32e5-5d03-c709a82cbdc8} ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\GEARAspiWDM \Device\GEARAspiWDMDevice GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.)
Device \Device\00000061
Device \Driver\ACPI \Device\00000055 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\NTPNP_PCI0002
Device \Device\00000048
Device \Device\0000001c
Device \Device\0000000f
Device \Driver\Tcpip \Device\Tcp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Device\NTPNP_PCI0010
Device \Driver\PCI \Device\NTPNP_PCI0003 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0003 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Device\00000062
Device \Device\00000056
Device \Device\0000001d
Device \Driver\PCI \Device\NTPNP_PCI0004 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0004

Re: Win32/Trojan5th October 2010, 4:43 pm

Device \Driver\PCI \Device\NTPNP_PCI0011 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0011 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000070 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\00000063
Device \Device\00000057
Device \Device\0000002a
Device \Device\0000001e
Device \Driver\Ftdisk \Device\HarddiskVolume1 ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\mdmxsdk \Device\ConexantDiagnosticsServer mdmxsdk.sys (Diagnostic Interface DRIVER/Conexant)
Device \Driver\mdmxsdk \Device\ConexantDiagnosticsServer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Device\Http\Filter
Device \Device\Http\AppPool
Device \Device\Http\Control
Device \Driver\eeCtrl \Device\EraserCtrlDrv eeCtrl.sys (Symantec Eraser Control Driver/Symantec Corporation)
Device \Driver\eeCtrl \Device\EraserCtrlDrv ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0005 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0005 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\HSFHWATI \Device\RKSAMPLE0 HSFHWATI.sys (HSFHWATI WDM driver/Conexant Systems, Inc.)
Device \Driver\HSFHWATI \Device\RKSAMPLE0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000064 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\00000058 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Device\i
Device \Driver\NetBT \Device\NetBT_Tcpip_{06065E56-3C94-4B6A-A935-64CD5360C23E} netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{06065E56-3C94-4B6A-A935-64CD5360C23E} ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\TermDD \Device\Termdd termdd.sys (Terminal Server Driver/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ks.sys (Kernel CSA Library/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\sysaudio \Device\sysaudio sysaudio.sys (System Audio WDM Filter/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation)
Device \FileSystem\Rdbss \Device\FsWrap ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdePort1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel0-0 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel1-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCIIde \Device\Ide\PciIde0Channel1-1 PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation)
Device \Device\Ide\PciIde0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0020 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0020 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI \Device\00000067 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0021 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0021 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPIEC \Device\ACPIEC ACPIEC.sys (ACPI Embedded Controller Driver/Microsoft Corporation)
Device \Driver\ACPIEC \Device\ACPIEC ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0008 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\NAVENG \Device\NAVENG NAVENG.Sys (AV Engine/Symantec Corporation)
Device \Driver\NAVENG \Device\NAVENG ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000068 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0022 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0022 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\PxHelp20 \Device\PxHelperDevice0 PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)
Device \Driver\PxHelp20 \Device\PxHelperDevice0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000081 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Pcmcia \Device\Pcmcia0 pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation)
Device \Driver\Pcmcia \Device\Pcmcia0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0016 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0016 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\Secdrv \Device\Secdrv secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
Device \Driver\Secdrv \Device\Secdrv ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0017 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0017 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003d ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\CmBatt \Device\ControlMethodBattery1 CmBatt.sys (Control Method Battery Driver/Microsoft Corporation)
Device \Driver\CmBatt \Device\ControlMethodBattery1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\00000082 ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBt_Wins_Export ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003e ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\HSF_DP \Device\HSF_MDMDevice0 HSF_DP.sys (HSF_DP driver/Conexant Systems, Inc.)
Device \Driver\HSF_DP \Device\HSF_MDMDevice0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0018 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0018 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0019 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PCI \Device\NTPNP_PCI0019 pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\0000003f ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Modem \Device\00000084 Modem.SYS (Modem Device Driver/Microsoft Corporation)
Device \Driver\Modem \Device\00000084 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetbiosSmb ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000085 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000085 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbhub \Device\00000086 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000086 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000004d ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager MountMgr.sys (Mount Manager/Microsoft Corporation)
Device \Driver\MountMgr \Device\MountPointManager ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbhub \Device\00000087 usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
Device \Driver\usbhub \Device\00000087 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\{3488BBE4-6B96-4AAC-8515-1ECB14A0DC60} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\Wanarp \Device\WANARP wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation)
Device \FileSystem\Srv \Device\LanmanServer srv.sys (Server driver/Microsoft Corporation)
Device \FileSystem\Mup \Device\Mup Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \Driver\RasPppoe \Device\{D3278DB8-46EA-499D-99F0-348755FCEE33} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Tcpip \Device\Udp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Device\Harddisk0\DP(1)0x7e00-0x12a14b8200+1
Device \Driver\Disk \Device\Harddisk0\DR0 CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation)
Device \Driver\Disk \Device\Harddisk0\DR0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\SAVRT \Device\SAVRT SAVRT.SYS (AutoProtect/Symantec Corporation)
Device \Driver\SAVRT \Device\SAVRT ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\SAVRT \Device\SAVRT SAVRT.SYS (AutoProtect/Symantec Corporation)
Device \Driver\Tcpip \Device\RawIp tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWanIp NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005e ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{F40919E4-0F4E-4749-AC13-98A1C9DE20F2} netbt.sys (MBT Transport driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{F40919E4-0F4E-4749-AC13-98A1C9DE20F2} ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawDisk ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\CAMCHALA \Device\CAMCHALServiceProvider camc6hal.sys (Conexant AmcHal Driver/Conexant Systems Inc.)
Device \Driver\CAMCHALA \Device\CAMCHALServiceProvider ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\tifm21 \Device\TIFMxx21DE-0 tifm21.sys (tifm21.sys/Texas Instruments)
Device \Driver\tifm21 \Device\TIFMxx21DE-0 tifm21.sys (tifm21.sys/Texas Instruments)
Device \Driver\ACPI \Device\0000006b ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\ACPI \Device\0000005f ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000002 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006c ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Null \Device\Null Null.SYS (NULL Driver/Microsoft Corporation)
Device \Driver\Null \Device\Null ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PnpManager \Device\00000003 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ohci1394 \Device\1394BUS0 1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation)
Device \Driver\ohci1394 \Device\1394BUS0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ipsec.sys (IPSec Driver/Microsoft Corporation)
Device \Driver\IPSec \Device\IPSEC ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\EraserUtilRebootDrv \Device\EraserUtilDrv11010 EraserUtilRebootDrv.sys (Symantec Eraser Utility Driver/Symantec Corporation)
Device \Driver\EraserUtilRebootDrv \Device\EraserUtilDrv11010 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-1 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-1 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006d ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\SYMTDI \Device\SymTDI SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation)
Device \Driver\NdisTapi \Device\NdisTapi ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\NdisWan \Device\NdisWan NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\Secdrv \Device\AscKmd secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
Device \Driver\Secdrv \Device\AscKmd ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-2 USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBFDO-2 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\RTL8023xp \Device\{06065E56-3C94-4B6A-A935-64CD5360C23E} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \Driver\BCM43XX \Device\{F40919E4-0F4E-4749-AC13-98A1C9DE20F2} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \FileSystem\MRxSmb \Device\LanmanRedirector mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \Driver\Gpc \Device\Gpc msgpc.sys (MS General Packet Classifier/Microsoft Corporation)
Device \Driver\symlcbrd \Device\SymantecBiosReader symlcbrd.sys (Symantec Core Component/Symantec Corporation)
Device \Driver\symlcbrd \Device\SymantecBiosReader ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\ACPI \Device\0000006f ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe Npfs.SYS (NPFS Driver/Microsoft Corporation)
Device \FileSystem\Npfs \Device\NamedPipe ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ftdisk.sys (FT Disk Driver/Microsoft Corporation)
Device \Driver\Ftdisk \Device\FtControl ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\SAVRTPEL \Device\SAVRTPEL SAVRTPEL.SYS (SAVRTPEL/Symantec Corporation)
Device \Driver\SAVRTPEL \Device\SAVRTPEL ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\SYMIDSCO \Device\SymIDSCo symidsco.sys (IDS Core Driver/Symantec Corporation)
Device \Driver\SYMIDSCO \Device\SymIDSCo ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot Msfs.SYS (Mailslot driver/Microsoft Corporation)
Device \FileSystem\Msfs \Device\Mailslot ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\AFD \Device\Afd afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation)
Device \Driver\Ndisuio \Device\Ndisuio ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\RAW \Device\RawCdRom ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\winachsf \Device\Winachsf0 HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.)
Device \Driver\winachsf \Device\Winachsf0 ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\awddafob \Device\awddafob awddafob.sys
Device \Driver\awddafob \Device\awddafob ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \Driver\PSched \Device\{091862C5-1E2E-4BFF-B470-9CC651FBA0B9} NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation)
Device \FileSystem\Mup \Device\WinDfs\Root Mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Filters\FltMgrMsg
Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Re: Win32/Trojan5th October 2010, 4:44 pm

Module \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 804D7000-806CD880 (2058368 bytes)
Module \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806CE000-806EE380 (131968 bytes)
Module \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation) F8A26000-F8A28000 (8192 bytes)
Module \WINDOWS\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) F8936000-F8939000 (12288 bytes)
Module ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F83F7000-F8425000 (188416 bytes)
Module \WINDOWS\system32\DRIVERS\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) F8A28000-F8A2A000 (8192 bytes)
Module pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) F83E6000-F83F7000 (69632 bytes)
Module isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) F8526000-F852F000 (36864 bytes)
Module ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) F8536000-F8545000 (61440 bytes)
Module \WINDOWS\system32\DRIVERS\1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation) F8546000-F8553000 (53248 bytes)
Module compbatt.sys (Composite Battery Driver/Microsoft Corporation) F893A000-F893D000 (12288 bytes)
Module \WINDOWS\system32\DRIVERS\BATTC.SYS (Battery Class Driver/Microsoft Corporation) F893E000-F8942000 (16384 bytes)
Module pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F8AEE000-F8AEF000 (4096 bytes)
Module \WINDOWS\system32\DRIVERS\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) F87A6000-F87AD000 (28672 bytes)
Module intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) F8A2A000-F8A2C000 (8192 bytes)
Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F8A2C000-F8A2E000 (8192 bytes)
Module aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) F8A2E000-F8A30000 (8192 bytes)
Module pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) F83C8000-F83E6000 (122880 bytes)
Module MountMgr.sys (Mount Manager/Microsoft Corporation) F8556000-F8561000 (45056 bytes)
Module ftdisk.sys (FT Disk Driver/Microsoft Corporation) F83A9000-F83C8000 (126976 bytes)
Module ACPIEC.sys (ACPI Embedded Controller Driver/Microsoft Corporation) F8942000-F8945000 (12288 bytes)
Module \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS (ACPI Operation Registration Driver/Microsoft Corporation) F8AEF000-F8AF0000 (4096 bytes)
Module PartMgr.sys (Partition Manager/Microsoft Corporation) F87AE000-F87B3000 (20480 bytes)
Module VolSnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) F8566000-F8573000 (53248 bytes)
Module atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F8391000-F83A9000 (98304 bytes)
Module disk.sys (PnP Disk Driver/Microsoft Corporation) F8576000-F857F000 (36864 bytes)
Module \WINDOWS\system32\DRIVERS\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) F8586000-F8593000 (53248 bytes)
Module fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) F8371000-F8391000 (131072 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F87B6000-F87BB000 (20480 bytes)
Module KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation) F835A000-F8371000 (94208 bytes)
Module Ntfs.sys (NT File System Driver/Microsoft Corporation) F82CD000-F835A000 (577536 bytes)
Module NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) F82A0000-F82CD000 (184320 bytes)
Module serial.sys (Serial Device Driver/Microsoft Corporation) F8596000-F85A6000 (65536 bytes)
Module Mup.sys (Multiple UNC Provider driver/Microsoft Corporation) F8285000-F82A0000 (110592 bytes)
Module \SystemRoot\system32\DRIVERS\AmdK8.sys (AMD Processor Driver/Advanced Micro Devices) F8746000-F8755000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) F89EA000-F89ED000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F7A05000-F7B0B000 (1073152 bytes)
Module \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) F79F1000-F7A05000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) F884E000-F8853000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F79CE000-F79F1000 (143360 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) F8856000-F885D000 (28672 bytes)
Module \SystemRoot\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) F8756000-F8761000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) F8766000-F8773000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) F8776000-F8785000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation) F79AB000-F79CE000 (143360 bytes)
Module \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F89EE000-F89F1000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F8786000-F8793000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) F885E000-F8864000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) F797C000-F79AB000 (192512 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) F8A46000-F8A48000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) F8866000-F886C000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) F89F6000-F89FA000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\bcmwl5.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corporation) F7921000-F797C000 (372736 bytes)
Module \SystemRoot\system32\drivers\tifm21.sys (tifm21.sys/Texas Instruments) F78F9000-F7921000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) F78E8000-F78F9000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\Rtlnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) F78D6000-F78E8000 (73728 bytes)
Module \SystemRoot\system32\drivers\camc6hal.sys (Conexant AmcHal Driver/Conexant Systems Inc.) F7881000-F78D6000 (348160 bytes)
Module \SystemRoot\system32\drivers\camc6aud.sys (Conexant WDM AC97 Audio Driver/Conexant Systems Inc.) F85B6000-F85C0000 (40960 bytes)
Module \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) F785D000-F7881000 (147456 bytes)
Module \SystemRoot\system32\drivers\drmk.sys (Microsoft Kernel DRM Descrambler Filter/Microsoft Corporation) F85C6000-F85D5000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\HSFHWATI.sys (HSFHWATI WDM driver/Conexant Systems, Inc.) F782C000-F785D000 (200704 bytes)
Module \SystemRoot\system32\DRIVERS\HSF_DP.sys (HSF_DP driver/Conexant Systems, Inc.) F76E3000-F77E1000 (1040384 bytes)
Module \SystemRoot\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) F7637000-F76E3000 (704512 bytes)
Module \SystemRoot\System32\Drivers\Modem.SYS (Modem Device Driver/Microsoft Corporation) F886E000-F8876000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) F8BF5000-F8BF6000 (4096 bytes)
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) F7B9B000-F7BA8000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) F89FA000-F89FD000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) F7620000-F7637000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) F7B8B000-F7B96000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) F7B7B000-F7B87000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) F8876000-F887B000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) F760F000-F7620000 (69632 bytes)
Module \SystemRoot\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) F7B6B000-F7B74000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F887E000-F8883000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) F8886000-F888B000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) F7B5B000-F7B65000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) F8A4A000-F8A4C000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) F75A2000-F75D6000 (212992 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) F8A0A000-F8A0E000 (16384 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation) F7B4B000-F7B55000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) F7B1B000-F7B2A000 (61440 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) F8A5C000-F8A5E000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) F8B6D000-F8B6E000 (4096 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) F8A5E000-F8A60000 (8192 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) F88AE000-F88B4000 (24576 bytes)
Module \SystemRoot\System32\Drivers\mnmdd.SYS (Frame buffer simulator/Microsoft Corporation) F8A60000-F8A62000 (8192 bytes)
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) F8A62000-F8A64000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) F88B6000-F88BB000 (20480 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) F88BE000-F88C6000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) F8238000-F823B000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) EF49E000-EF4B1000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) EF446000-EF49E000 (360448 bytes)
Module \SystemRoot\System32\Drivers\SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) EF40D000-EF446000 (233472 bytes)
Module \SystemRoot\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) EF3CF000-EF3F0000 (135168 bytes)
Module \SystemRoot\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) F8656000-F865F000 (36864 bytes)
Module \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) EF3AA000-EF3CF000 (151552 bytes)
Module \SystemRoot\System32\Drivers\SYMREDRV.SYS (Redirector Filter Driver/Symantec Corporation) F8666000-F8670000 (40960 bytes)
Module \SystemRoot\System32\Drivers\SYMDNS.SYS (DNS Filter Driver/Symantec Corporation) F88C6000-F88CD000 (28672 bytes)
Module \SystemRoot\System32\Drivers\SYMNDIS.SYS (NDIS Filter Driver/Symantec Corporation) F8676000-F8681000 (45056 bytes)
Module \SystemRoot\System32\Drivers\SYMFW.SYS (Firewall Filter Driver/Symantec Corporation) EF2E4000-EF30A000 (155648 bytes)
Module \SystemRoot\System32\Drivers\SYMIDS.SYS (IDS Filter Driver/Symantec Corporation) F8686000-F8692000 (49152 bytes)
Module \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20100915.005\symidsco.sys (IDS Core Driver/Symantec Corporation) EF29D000-EF2E4000 (290816 bytes)
Module \SystemRoot\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) EF275000-EF29D000 (163840 bytes)
Module \SystemRoot\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) EF253000-EF275000 (139264 bytes)
Module \SystemRoot\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) F8696000-F869F000 (36864 bytes)
Module \??\C:\Program_Files\Common_Files\Symantec_Shared\SPBBC\SPBBCDrv.sys (SPBBC Driver/Symantec Corporation) EF1F1000-EF253000 (401408 bytes)
Module \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) EF18C000-EF1B7000 (176128 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) EF11D000-EF18C000 (454656 bytes)
Module \SystemRoot\System32\Drivers\Fips.SYS (FIPS Crypto Driver/Microsoft Corporation) F86C6000-F86CF000 (36864 bytes)
Module \??\C:\Program_Files\Common_Files\Symantec_Shared\EENGINE\eeCtrl.sys (Symantec Eraser Control Driver/Symantec Corporation) EF0BF000-EF11D000 (385024 bytes)
Module \??\C:\Program_Files\Norton_Internet_Security\Norton_AntiVirus\SAVRTPEL.SYS (SAVRTPEL/Symantec Corporation) EF0AB000-EF0BF000 (81920 bytes)
Module \??\C:\Program_Files\Common_Files\Symantec_Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Eraser Utility Driver/Symantec Corporation) EF08E000-EF0AB000 (118784 bytes)
Module \??\C:\WINDOWS\system32\drivers\EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) F8A66000-F8A68000 (8192 bytes)
Module \SystemRoot\System32\Drivers\Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) F8796000-F87A6000 (65536 bytes)
Module \SystemRoot\System32\Drivers\dump_atapi.sys EF04E000-EF066000 (98304 bytes)
Module \SystemRoot\System32\Drivers\dump_WMILIB.SYS F8A76000-F8A78000 (8192 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) BF800000-BF9C4000 (1851392 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) EF537000-EF53A000 (12288 bytes)
Module \SystemRoot\System32\watchdog.sys (Watchdog Driver/Microsoft Corporation) F87D6000-F87DB000 (20480 bytes)
Module \SystemRoot\System32\drivers\dxg.sys (DirectX Graphics Driver/Microsoft Corporation) BF000000-BF012000 (73728 bytes)
Module \SystemRoot\System32\drivers\dxgthk.sys (DirectX Graphics Driver Thunk/Microsoft Corporation) F8BD0000-F8BD1000 (4096 bytes)
Module \SystemRoot\System32\ati2dvag.dll (ATI Radeon WindowsNT Display Driver/ATI Technologies Inc.) BF012000-BF04D000 (241664 bytes)
Module \SystemRoot\System32\ati2cqag.dll (Central Memory Manager / Queue Server Module/ATI Technologies Inc.) BF04D000-BF07F000 (204800 bytes)
Module \SystemRoot\System32\atikvmag.dll (Virtual Command And Memory Manager/ATI Technologies Inc.) BF07F000-BF0B1000 (204800 bytes)
Module \SystemRoot\System32\ati3duag.dll (ati3duag.dll/ATI Technologies Inc. ) BF0B1000-BF2E2000 (2297856 bytes)
Module \SystemRoot\System32\ativvaxx.dll (Radeon Video Acceleration Universal Driver/ATI Technologies Inc. ) BF2E2000-BF377000 (610304 bytes)
Module \SystemRoot\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) B8650000-B8654000 (16384 bytes)
Module \SystemRoot\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) B80C4000-B80F0000 (180224 bytes)
Module \SystemRoot\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) B7FBF000-B7FD4000 (86016 bytes)
Module \SystemRoot\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) B8198000-B81A7000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) B7CBA000-B7D11000 (356352 bytes)
Module \SystemRoot\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface DRIVER/Conexant) B809C000-B809F000 (12288 bytes)
Module \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys

Re: Win32/Trojan5th October 2010, 4:45 pm

Module \SystemRoot\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) B7F1C000-B7F26000 (40960 bytes)
Module \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Core Component/Symantec Corporation) F8906000-F890C000 (24576 bytes)
Module \??\C:\Program_Files\Norton_Internet_Security\Norton_AntiVirus\SAVRT.SYS (AutoProtect/Symantec Corporation) B78F2000-B794A000 (360448 bytes)
Module \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101002.003\NavEx15.Sys (AV Engine/Symantec Corporation) B7754000-B78A2000 (1368064 bytes)
Module \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101002.003\NAVENG.Sys (AV Engine/Symantec Corporation) B7740000-B7754000 (81920 bytes)
Module \SystemRoot\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) B758F000-B75D0000 (266240 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes)
Module \??\C:\DOCUME~1\jturner\LOCALS~1\Temp\awddafob.sys (GMER) B6B4A000-B6B61000 (94208 bytes)
Module \WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 7C900000-7C9B2000 (729088 bytes)

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 124
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library c:\windows\system32\webclnt.dll (Web DAV Service DLL/Microsoft Corporation) 0x5A6E0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00760000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000

Process C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple, Inc.) 176
Library C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000

Process C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Automatic LiveUpdate Scheduler Service/Symantec Corporation) 180
Library C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Automatic LiveUpdate Scheduler Service/Symantec Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\Program Files\Symantec\LiveUpdate\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\Program Files\Symantec\LiveUpdate\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000

Process C:\Program Files\HPQ\SHARED\HPQWMI.exe (hpqwmi Module/Hewlett-Packard Development Company, L.P.) 236
Library C:\Program Files\HPQ\SHARED\HPQWMI.exe (hpqwmi Module/Hewlett-Packard Development Company, L.P.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\WINDOWS\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74EF0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation)

Re: Win32/Trojan5th October 2010, 4:46 pm

Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74ED0000
Library C:\WINDOWS\system32\wbem\fastprox.dll (WMI/Microsoft Corporation) 0x75690000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000

Process C:\Program Files\QuickTime\qttask.exe (QuickTime Task/Apple Inc.) 312
Library C:\Program Files\QuickTime\qttask.exe (QuickTime Task/Apple Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000

Process C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (Norton Security Console Norton Protection Center Service/Symantec Corporation) 332
Library C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (Norton Security Console Norton Protection Center Service/Symantec Corporation) 0x6F440000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\DBGHELP.DLL (Windows Image Helper/Microsoft Corporation) 0x59A60000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVPS.DLL (Norton Security Console Norton Protection Center Service/Symantec Corporation) 0x6F3B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\WINDOWS\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74EF0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74ED0000
Library C:\WINDOWS\system32\wbem\fastprox.dll (WMI/Microsoft Corporation) 0x75690000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll (Symantec Trust Validation Engine/Symantec Corporation) 0x6B350000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\Crypt32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\WinTrust.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\Program Files\Common Files\Symantec Shared\ccSet.dll (Symantec Settings Manager Engine/Symantec Corporation) 0x6B310000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\userenv.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUIBL.DLL (Norton Security Console UI Business Logic/Symantec Corporation) 0x6F3C0000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUICOR.LOC (Norton Security Console UI Core Component/Symantec Corporation) 0x6F370000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCJSBL.DLL (Norton Security Console Jack Sparrow Business Logic/Symantec Corporation) 0x6F200000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\avFPXY.dll (Norton Security Console Feature Proxy/Symantec Corporation) 0x699D0000
Library C:\Program Files\Norton Internet Security\isFtMst.dll (Norton Security Console Feature Master/Symantec Corporation) 0x66A30000
Library C:\Program Files\Norton Internet Security\nscNISpi.dll (Internet Security Location Wizard/Symantec Corporation) 0x67000000
Library C:\PROGRA~1\NORTON~1\NORTON~1\avNSCPlg.dll (Norton AntiVirus Security Console Plug-in/Symantec Corporation) 0x699E0000
Library C:\PROGRA~1\NORTON~1\NORTON~1\avNSCPlg.loc (Norton AntiVirusavNSCPlg Module Resources/Symantec Corporation) 0x69A10000
Library C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_WSCR.DLL (Norton Security Console Jack Sparrow Plugin/Symantec Corporation) 0x6F0D0000
Library C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_WSCR.LOC (Norton Security Console Jack Sparrow Plugin Resources/Symantec Corporation) 0x6F340000
Library C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_Hlpr.dll (Norton Security Console NSCHelper/Symantec Corporation) 0x6F0B0000
Library C:\Program Files\Norton Internet Security\isFtPxy.dll (Norton Security Console Feature Proxy/Symantec Corporation) 0x66A50000
Library C:\Program Files\Norton Internet Security\NISRes.dll (Resource DLL/Symantec Corporation) 0x67470000
Library C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll (Symantec Settings Manager Event Factory/Symantec Corporation) 0x6B330000
Library C:\Program Files\Common Files\Symantec Shared\ccProSub.dll (Symantec Proxy Factory/Symantec Corporation) 0x6B200000
Library C:\Program Files\Norton Internet Security\nisProd.dll (NIS Product Plugin/Symantec Corporation) 0x673F0000
Library C:\Program Files\Common Files\Symantec Shared\AntiSpam\asFtPxy.dll (Norton Security Console Feature Proxy/Symantec Corporation) 0x65000000
Library C:\Program Files\Common Files\Symantec Shared\AntiSpam\asNSCPlg.dll (AntiSpam Security Console Plugin/Symantec Corporation) 0x651A0000
Library C:\Program Files\Common Files\Symantec Shared\Options\asOpts.dll (AntiSpam Options/Symantec Corporation) 0x651E0000
Library C:\Program Files\Common Files\Symantec Shared\ccLogin.dll (Symantec Login Manager/Symantec Corporation) 0x6B1D0000
Library C:\Program Files\Common Files\Symantec Shared\AdBlocking\adFtPxy.dll (Norton Security Console Feature Proxy/Symantec Corporation) 0x6F030000
Library C:\Program Files\Common Files\Symantec Shared\AdBlocking\adNscPlg.dll (Ad Blocking Security Console Plugin/Symantec Corporation) 0x67660000
Library C:\Program Files\Common Files\Symantec Shared\Options\SymAd.dll (Sym Ad/Symantec Corporation) 0x676F0000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVEvent.dll (Norton AntiVirus Events/Symantec Corporation) 0x69E50000

Process C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper Module/Apple Inc.) 364
Library C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper Module/Apple Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00330000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x003D0000
Library C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL (iTunesHelper Resource Library/Apple Inc.) 0x10000000
Library C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL (iTunesHelper Resource Library/Apple Inc.) 0x00DB0000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\Program Files\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.) 0x66800000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x4EC50000
Library C:\WINDOWS\system32\DSOUND.dll (DirectSound/Microsoft Corporation) 0x73F10000
Library C:\WINDOWS\system32\ddraw.dll (Microsoft DirectDraw/Microsoft Corporation) 0x73760000

Re: Win32/Trojan5th October 2010, 4:47 pm

Library C:\WINDOWS\system32\ddraw.dll (Microsoft DirectDraw/Microsoft Corporation) 0x73760000
Library C:\WINDOWS\system32\DCIMAN32.dll (DCI Manager/Microsoft Corporation) 0x73BC0000
Library C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x095A0000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\Wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000

Process C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (hpwuSchd Application/Hewlett-Packard) 368
Library C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (hpwuSchd Application/Hewlett-Packard) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000

Process C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Application/Yahoo! Inc) 500
Library C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Application/Yahoo! Inc) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\Program Files\Yahoo!\Search Protection\fdload.dll (fdLoad Dynamic Link Library/Yahoo! Inc.) 0x10000000
Library C:\WINDOWS\system32\imagehlp.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x4D4F0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (GoogleToolbarNotifier/Google Inc.) 0x00DC0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x00EA0000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00F90000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IPHLPAPI.DLL (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000

Process C:\WINDOWS\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation) 596
Library C:\WINDOWS\System32\smss.exe (Windows NT Session Manager/Microsoft Corporation) 0x48580000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000

Process C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 616
Library C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\Program Files\Java\jre6\bin\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\psapi.dll (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\pdh.dll (Windows Performance Data Helper DLL/Microsoft Corporation) 0x74000000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x74320000
Library C:\WINDOWS\system32\odbcbcp.dll (Microsoft BCP for ODBC/Microsoft Corporation) 0x711A0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\odbcint.dll (Microsoft Data Access - ODBC Resources/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\perfos.dll (Windows System Performance Objects DLL/Microsoft Corporation) 0x5E760000
Library C:\WINDOWS\system32\perfdisk.dll (Windows Disk Performance Objects DLL/Microsoft Corporation) 0x5E790000

Process C:\Program Files\Common Files\LightScribe\LSSrvc.exe 628
Library C:\Program Files\Common Files\LightScribe\LSSrvc.exe 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\Program Files\Common Files\LightScribe\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C340000
Library C:\Program Files\Common Files\LightScribe\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3A0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000

Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 644
Library C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 0x4A680000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\CSRSRV.dll (Client Server Runtime Process/Microsoft Corporation) 0x75B40000
Library C:\WINDOWS\system32\basesrv.dll (Windows NT BASE API Server DLL/Microsoft Corporation) 0x75B50000
Library C:\WINDOWS\system32\winsrv.dll (Windows Server DLL/Microsoft Corporation) 0x75B60000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\KERNEL32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x75E90000

Re: Win32/Trojan5th October 2010, 4:48 pm

Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 672
Library C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\NDdeApi.dll (Network DDE Share Management APIs/Microsoft Corporation) 0x75940000
Library C:\WINDOWS\system32\PROFMAP.dll (Userenv/Microsoft Corporation) 0x75930000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\REGAPI.dll (Registry Configuration APIs/Microsoft Corporation) 0x76BC0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\MSGINA.dll (Windows NT Logon GINA DLL/Microsoft Corporation) 0x75970000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\ODBC32.dll (Microsoft Data Access - ODBC Driver Manager/Microsoft Corporation) 0x74320000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\odbcint.dll (Microsoft Data Access - ODBC Resources/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\SHSVCS.dll (Windows Shell Services Dll/Microsoft Corporation) 0x776E0000
Library C:\WINDOWS\system32\sfc.dll (Windows File Protection/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\system32\sfc_os.dll (Windows File Protection/Microsoft Corporation) 0x76C60000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\WINSCARD.DLL (Microsoft Smart Card API/Microsoft Corporation) 0x723D0000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\sxs.dll (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\Ati2evxx.dll (ATI External Event Utility DLL Module/ATI Technologies Inc.) 0x10000000
Library C:\WINDOWS\system32\cscdll.dll (Offline Network Agent/Microsoft Corporation) 0x76600000
Library C:\WINDOWS\system32\WlNotify.dll (Common DLL to receive Winlogon notifications/Microsoft Corporation) 0x75950000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\WgaLogon.dll (Windows Genuine Advantage Notification/Microsoft Corporation) 0x01F70000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x01620000
Library C:\WINDOWS\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72D20000
Library C:\WINDOWS\system32\msacm32.drv (Microsoft Sound Mapper/Microsoft Corporation) 0x72D10000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\midimap.dll (Microsoft MIDI Mapper/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\cryptnet.dll (Crypto Network Related API/Microsoft Corporation) 0x75E60000
Library C:\WINDOWS\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x4D4F0000
Library C:\WINDOWS\system32\SensApi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x722B0000
Library C:\WINDOWS\system32\sclgntfy.dll (Secondary Logon Service Notification DLL/Microsoft Corporation) 0x5CF10000
Library C:\WINDOWS\System32\drprov.dll (Microsoft Terminal Server Network Provider/Microsoft Corporation) 0x75F60000
Library C:\WINDOWS\System32\ntlanman.dll (Microsoft® Lan Manager/Microsoft Corporation) 0x71C10000
Library C:\WINDOWS\System32\NETUI0.dll (NT LM UI Common Code - GUI Classes/Microsoft Corporation) 0x71CD0000
Library C:\WINDOWS\System32\NETUI1.dll (NT LM UI Common Code - Networking classes/Microsoft Corporation) 0x71C90000
Library C:\WINDOWS\System32\NETRAP.dll (Net Remote Admin Protocol DLL/Microsoft Corporation) 0x71C80000
Library C:\WINDOWS\System32\davclnt.dll (Web DAV Client DLL/Microsoft Corporation) 0x75F70000
Library C:\WINDOWS\system32\RASAPI32.dll (Remote Access API/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E90000
Library C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows(TM) Telephony API Client DLL/Microsoft Corporation) 0x76EB0000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E80000
Library C:\WINDOWS\system32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A20000

Process C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 716
Library C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5F770000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\SCESRV.dll (Windows Security Configuration Editor Engine/Microsoft Corporation) 0x758E0000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library C:\WINDOWS\system32\umpnpmgr.dll (User-mode Plug-and-Play Service/Microsoft Corporation) 0x7DBA0000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\eventlog.dll (Event Logging Service/Microsoft Corporation) 0x77B70000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000

Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 728
Library C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation) 0x75730000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\SAMSRV.dll (SAM Server DLL/Microsoft Corporation) 0x74440000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\msprivs.dll (Microsoft Privilege Translations/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x71CF0000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\netlogon.dll (Net Logon Services DLL/Microsoft Corporation) 0x744B0000
Library C:\WINDOWS\system32\w32time.dll (Windows Time Service/Microsoft Corporation) 0x767C0000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767F0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\wdigest.dll (Microsoft Digest Access/Microsoft Corporation) 0x7DFC0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\scecli.dll (Windows Security Configuration Editor Client Engine/Microsoft Corporation) 0x74410000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\ipsecsvc.dll (Windows IPSec SPD Server DLL/Microsoft Corporation) 0x743E0000
Library C:\WINDOWS\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library C:\WINDOWS\system32\oakley.DLL (Oakley Key Manager/Microsoft Corporation) 0x75D90000
Library C:\WINDOWS\system32\WINIPSEC.DLL (Windows IPSec SPD Client DLL/Microsoft Corporation) 0x74370000
Library C:\WINDOWS\system32\pstorsvc.dll (Protected storage server/Microsoft Corporation) 0x743A0000
Library C:\WINDOWS\system32\psbase.dll (Protected Storage default provider/Microsoft Corporation) 0x743C0000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\dssenh.dll (Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider/Microsoft Corporation) 0x68100000

Re: Win32/Trojan5th October 2010, 4:49 pm

Process C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Desktop Control Panel/ATI Technologies, Inc.) 768
Library C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Desktop Control Panel/ATI Technologies, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll (ATI Desktop Control Panel/ATI Technologies, Inc.) 0x10000000
Library C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU (ATI Desktop Control Panel/ATI Technologies, Inc.) 0x00BA0000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll (ATI Desktop Control Panel/ATI Technologies, Inc.) 0x00CE0000
Library C:\WINDOWS\system32\DINPUT8.dll (Microsoft DirectInput/Microsoft Corporation) 0x6CE10000
Library C:\WINDOWS\system32\HID.DLL (Hid User Library/Microsoft Corporation) 0x688F0000
Library C:\WINDOWS\system32\SETUPAPI.DLL (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\WINMM.DLL (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000

Process C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 868
Library C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.) 0x00CD0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 904
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x76A80000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library c:\windows\system32\termsrv.dll (Terminal Server Service/Microsoft Corporation) 0x760F0000
Library c:\windows\system32\ICAAPI.dll (DLL Interface to TermDD Device Driver/Microsoft Corporation) 0x74F70000
Library c:\windows\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library c:\windows\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library c:\windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library c:\windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library c:\windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library c:\windows\system32\mstlsapi.dll (Microsoft® Terminal Server Licensing/Microsoft Corporation) 0x75110000
Library c:\windows\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x77CC0000
Library c:\windows\system32\adsldpc.dll (ADs LDAP Provider C DLL/Microsoft Corporation) 0x76E10000
Library c:\windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\WINDOWS\system32\REGAPI.dll (Registry Configuration APIs/Microsoft Corporation) 0x76BC0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000

Process C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec User Session/Symantec Corporation) 940
Library C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec User Session/Symantec Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\DBGHELP.DLL (Windows Image Helper/Microsoft Corporation) 0x59A60000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\WinTrust.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\userenv.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll (Symantec Trust Validation Engine/Symantec Corporation) 0x6B350000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\Program Files\Common Files\Symantec Shared\ccSet.dll (Symantec Settings Manager Engine/Symantec Corporation) 0x6B310000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL (Symantec Alert and Notification/Symantec Corporation) 0x6AA40000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL (Symantec Email Proxy/Symantec Corporation) 0x6AD80000
Library C:\WINDOWS\system32\MSWSOCK.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\OPTIONS\SYMDYNLD.DLL (Symantec Dynamic Load Helper/Symantec Corporation) 0x653F0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\PIF\{B8E1D~1\ALERTENG.DLL (Alert Engine/Symantec Corporation) 0x10000000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCTRAY.DLL (Norton Security Console NSCTray/Symantec Corporation) 0x6F250000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCTRAY.LOC (Norton Security Console NSCTray/Symantec Corporation) 0x6F360000
Library C:\PROGRA~1\NORTON~1\ISLALERT.DLL (ISLAlert DLL/Symantec Corporation) 0x66A60000
Library C:\PROGRA~1\NORTON~1\AlertRes.dll (Alert UI Localization/Symantec Corporation) 0x668C0000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUICOR.dll (Norton Security Console UI Core Component/Symantec Corporation) 0x6F290000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76380000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUICOR.LOC (Norton Security Console UI Core Component/Symantec Corporation) 0x6F370000
Library C:\Program Files\Common Files\Symantec Shared\ccProSub.dll (Symantec Proxy Factory/Symantec Corporation) 0x6B200000
Library C:\PROGRA~1\NORTON~1\NISTRAY.DLL (Internet Security System Tray/Symantec Corporation) 0x66FA0000
Library C:\WINDOWS\system32\SymNeti.DLL (Symantec Network Driver Interface/Symantec Corporation) 0x6F660000
Library C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll (Symantec Settings Manager Event Factory/Symantec Corporation) 0x6B330000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\Program Files\Common Files\Symantec Shared\Security Console\NSC_Hlpr.dll (Norton Security Console NSCHelper/Symantec Corporation) 0x6F0B0000
Library C:\WINDOWS\system32\SYMREDIR.DLL (Redirector Interface DLL/Symantec Corporation) 0x6F700000
Library C:\PROGRA~1\NORTON~1\NISTrRes.dll (Internet Security System Tray Localization/Symantec Corporation) 0x01130000
Library C:\PROGRA~1\NORTON~1\NORTON~1\CCIMSCAN.DLL (Symantec Instant Message Scanner/Symantec Corporation) 0x6AF60000
Library C:\WINDOWS\system32\ATL71.DLL (ATL Module for Windows (Unicode)/Microsoft Corporation) 0x7C120000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\PROGRA~1\NORTON~1\NORTON~1\DEFALERT.DLL (Norton AntiVirus DefAlert/Symantec Corporation) 0x69B30000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x01280000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x01250000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\PROGRA~1\NORTON~1\NORTON~1\HPP32.DLL (Norton AntiVirus HPP App Module/Symantec Corporation) 0x6A650000
Library C:\Program Files\Common Files\Symantec Shared\ccLogin.dll (Symantec Login Manager/Symantec Corporation) 0x6B1D0000
Library C:\PROGRA~1\NORTON~1\NORTON~1\HPPRES32.loc (Norton AntiVirus NAVOptions Module Resources/Symantec Corporation) 0x6A690000
Library C:\Program Files\Common Files\Symantec Shared\AntiSpam\asFilter.dll (AntiSpam Email Filter/Symantec Corporation) 0x65120000
Library C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.DLL (Norton AntiVirus Agent/Symantec Corporation) 0x69C90000
Library C:\PROGRA~1\NORTON~1\NORTON~1\apwutil.dll (NAV Agent Utility Library/Symantec Corporation) 0x69960000
Library C:\Program Files\Common Files\Symantec Shared\AntiSpam\asUniPlg.dll (AntiSpam Universal Plug-in Helper/Symantec Corporation) 0x652D0000
Library C:\WINDOWS\system32\MAPI32.dll (Extended MAPI 1.0 for Windows NT/Microsoft Corporation) 0x61E00000
Library C:\PROGRA~1\NORTON~1\ccFWSetg.dll (Symantec Firewall Settings Engine/Symantec Corporation) 0x6AEE0000
Library C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.loc (Norton AntiVirus Agent Resources/Symantec Corporation) 0x69CD0000
Library C:\Program Files\Common Files\Symantec Shared\AntiSpam\asSpmEvt.dll (Antispam Event/Symantec Corporation) 0x65270000
Library C:\PROGRA~1\NORTON~1\NORTON~1\NAVOPTRF.DLL (Norton AntiVirus Options Refresh/Symantec Corporation) 0x6A090000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\HPPEVT32.dll (Norton AntiVirusHPP Events Module/Symantec Corporation) 0x6A6C0000
Library C:\PROGRA~1\NORTON~1\NORTON~1\STATUSHP.DLL (Norton AntiVirus StatusHelper/Symantec Corporation) 0x6A620000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\Navlcom.dll (Norton AntiVirus NavLicense/Symantec Corporation) 0x69F00000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FB0000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVError.dll (Norton AntiVirus NAVError Module/Symantec Corporation) 0x69E20000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\PROGRA~1\NORTON~1\NORTON~1\apwutil.loc (NAV Agent Utility Library Resources/Symantec Corporation) 0x69980000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\apwcmdnt.dll (NAV Agent Command Library./Symantec Corporation) 0x69910000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\naverror.loc (Norton AntiVirus NAVError Resources/Symantec Corporation) 0x69E40000
Library C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll (SPBBC Events/Symantec Corporation) 0x69500000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\apwcmdNT.loc (NAV Agent Command Library Resources./Symantec Corporation) 0x69950000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\ccAVMail.dll (Symantec Email Scanner/Symantec Corporation) 0x6AAA0000
Library C:\Program Files\Norton Internet Security\ccEmlflt.dll (Symantec Email Confidential Info Scanner/Symantec Corporation) 0x6AD50000
Library C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll (Symantec Proxy Event Factory/Symantec Corporation) 0x6B240000
Library C:\Program Files\Norton Internet Security\ObrkData.dll (OutBreak Data/Symantec Corporation) 0x67040000
Library C:\Program Files\Norton Internet Security\ObrkAV.dll (Outbreak Alert AV Wrapper/Symantec Corporation) 0x67030000
Library C:\PROGRA~1\NORTON~1\NORTON~1\NAVSTATS.dll (Norton AntiVirus Status/Symantec Corporation) 0x6A600000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVEvent.dll (Norton AntiVirus Events/Symantec Corporation) 0x69E50000
Library C:\WINDOWS\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74EF0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74ED0000
Library C:\WINDOWS\system32\wbem\fastprox.dll (WMI/Microsoft Corporation) 0x75690000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\Program Files\Norton Internet Security\ObrkIDS.dll (Outbreak Alert IDS Wrapper/Symantec Corporation) 0x67090000
Library C:\WINDOWS\system32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x74980000
Library C:\Program Files\Norton Internet Security\SymFWAgt.dll (Symantec Firewall Agent/Symantec Corporation) 0x6B7E0000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCSRVPS.DLL (Norton Security Console Norton Protection Center Service/Symantec Corporation) 0x6F3B0000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCUIBL.DLL (Norton Security Console UI Business Logic/Symantec Corporation) 0x6F3C0000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVOpts.dll (Norton AntiVirus NAVOptions Module/Symantec Corporation) 0x69FF0000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\navopts.loc (Norton AntiVirus NAVOptions Module Resources/Symantec Corporation) 0x028E0000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSCR.dll (Norton AntiVirus AutoProtect/Symantec Corporation) 0x69C60000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\PIF\{B8E1D~1\AlertUi.dll (Alert UI/Symantec Corporation) 0x02C70000

Re: Win32/Trojan5th October 2010, 4:50 pm

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1012
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library c:\windows\system32\rpcss.dll (Distributed COM Services/Microsoft Corporation) 0x76A80000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000

Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1068
Library C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\System32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\System32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\System32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\System32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\System32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\System32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\System32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library c:\windows\system32\shsvcs.dll (Windows Shell Services Dll/Microsoft Corporation) 0x776E0000
Library C:\WINDOWS\System32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\System32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library c:\windows\system32\dhcpcsvc.dll (DHCP Client Service/Microsoft Corporation) 0x76D80000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library c:\windows\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library c:\windows\system32\wzcsvc.dll (Wireless Zero Configuration Service/Microsoft Corporation) 0x77620000
Library c:\windows\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E80000
Library c:\windows\system32\WMI.dll (WMI DC and DP functionality/Microsoft Corporation) 0x76D30000
Library c:\windows\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library c:\windows\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library c:\windows\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library c:\windows\system32\ESENT.dll (Server Database Storage Engine/Microsoft Corporation) 0x606B0000
Library c:\windows\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\WINDOWS\System32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\System32\rastls.dll (Remote Access PPP EAP-TLS/Microsoft Corporation) 0x76B70000
Library C:\WINDOWS\System32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x754D0000
Library C:\WINDOWS\System32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00CA0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\System32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x76D40000
Library C:\WINDOWS\System32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x77CC0000
Library C:\WINDOWS\System32\adsldpc.dll (ADs LDAP Provider C DLL/Microsoft Corporation) 0x76E10000
Library C:\WINDOWS\System32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\System32\RASAPI32.dll (Remote Access API/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\System32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E90000
Library C:\WINDOWS\System32\TAPI32.dll (Microsoft® Windows(TM) Telephony API Client DLL/Microsoft Corporation) 0x76EB0000
Library C:\WINDOWS\System32\SCHANNEL.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767F0000
Library C:\WINDOWS\System32\WinSCard.dll (Microsoft Smart Card API/Microsoft Corporation) 0x723D0000
Library C:\WINDOWS\System32\raschap.dll (Remote Access PPP CHAP/Microsoft Corporation) 0x76BD0000
Library C:\WINDOWS\system32\msv1_0.dll (Microsoft Authentication Package v1.0/Microsoft Corporation) 0x77C70000
Library C:\WINDOWS\System32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library C:\WINDOWS\System32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\System32\COMRes.dll (Microsoft Corporation) 0x77050000
Library c:\windows\system32\schedsvc.dll (Task Scheduler Engine/Microsoft Corporation) 0x77300000
Library c:\windows\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\System32\MSIDLE.DLL (User Idle Monitor/Microsoft Corporation) 0x74F50000
Library c:\windows\system32\audiosrv.dll (Windows Audio Service/Microsoft Corporation) 0x708B0000
Library c:\windows\system32\wkssvc.dll (Workstation Service DLL/Microsoft Corporation) 0x76E40000
Library c:\windows\system32\cryptsvc.dll (Cryptographic Services/Microsoft Corporation) 0x76CE0000
Library c:\windows\system32\certcli.dll (Microsoft® Certificate Services Client/Microsoft Corporation) 0x77B90000
Library c:\windows\system32\es.dll (Microsoft Corporation) 0x77710000
Library c:\windows\system32\ersvc.dll (Windows Error Reporting Service/Microsoft Corporation) 0x74F80000
Library c:\windows\pchealth\helpctr\binaries\pchsvc.dll (Microsoft PCHealth Service Holder/Microsoft Corporation) 0x74F40000
Library c:\windows\system32\srvsvc.dll (Server Service DLL/Microsoft Corporation) 0x75090000
Library C:\WINDOWS\System32\HNETCFG.DLL (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library c:\windows\system32\netman.dll (Network Connections Manager/Microsoft Corporation) 0x77D00000
Library c:\windows\system32\netshell.dll (Network Connections Shell/Microsoft Corporation) 0x76400000
Library c:\windows\system32\credui.dll (Credential Manager User Interface/Microsoft Corporation) 0x76C00000
Library c:\windows\system32\WZCSAPI.DLL (Wireless Zero Configuration service API/Microsoft Corporation) 0x73030000
Library c:\windows\system32\browser.dll (Computer Browser Service DLL/Microsoft Corporation) 0x76DA0000
Library c:\windows\system32\wuauserv.dll (Windows Update AutoUpdate Service/Microsoft Corporation) 0x50000000
Library c:\windows\system32\wbem\wmisvc.dll (WMI/Microsoft Corporation) 0x59490000
Library C:\WINDOWS\system32\VSSAPI.DLL (Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL/Microsoft Corporation) 0x753E0000
Library C:\WINDOWS\system32\wuaueng.dll (Windows Update Agent/Microsoft Corporation) 0x50040000
Library C:\WINDOWS\System32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINDOWS\System32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x4D4F0000
Library C:\WINDOWS\System32\Cabinet.dll (Microsoft® Cabinet File API/Microsoft Corporation) 0x75150000
Library C:\WINDOWS\System32\mspatcha.dll (Microsoft(R) Patch Engine/Microsoft Corporation) 0x600A0000
Library c:\windows\system32\w32time.dll (Windows Time Service/Microsoft Corporation) 0x767C0000
Library c:\windows\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76080000
Library c:\windows\system32\trkwks.dll (Distributed Link Tracking Client/Microsoft Corporation) 0x75070000
Library c:\windows\system32\srsvc.dll (System Restore Service/Microsoft Corporation) 0x751A0000
Library c:\windows\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74AD0000
Library c:\windows\system32\sens.dll (System Event Notification Service (SENS)/Microsoft Corporation) 0x722D0000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library c:\windows\system32\seclogon.dll (Secondary Logon Service DLL/Microsoft Corporation) 0x73D20000
Library C:\WINDOWS\System32\sfc.dll (Windows File Protection/Microsoft Corporation) 0x76BB0000
Library C:\WINDOWS\System32\sfc_os.dll (Windows File Protection/Microsoft Corporation) 0x76C60000
Library c:\windows\system32\ipnathlp.dll (Microsoft NAT Helper Components/Microsoft Corporation) 0x66460000
Library c:\windows\system32\AUTHZ.dll (Authorization Framework/Microsoft Corporation) 0x776C0000
Library C:\WINDOWS\System32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\WINDOWS\system32\comsvcs.dll (Microsoft Corporation) 0x76620000
Library C:\WINDOWS\system32\colbact.DLL (Microsoft Corporation) 0x75130000
Library C:\WINDOWS\system32\MTXCLU.DLL (MS DTC amd MTS clustering support DLL/Microsoft Corporation) 0x750F0000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\System32\CLUSAPI.DLL (Cluster API Library/Microsoft Corporation) 0x76D10000
Library C:\WINDOWS\System32\RESUTILS.DLL (Microsoft Cluster Resource Utility DLL/Microsoft Corporation) 0x750B0000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\upnp.dll (Universal Plug and Play API/Microsoft Corporation) 0x76DE0000
Library C:\WINDOWS\system32\SSDPAPI.dll (SSDP Client API DLL/Microsoft Corporation) 0x74F00000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINDOWS\System32\Wbem\wbemcore.dll (WMI/Microsoft Corporation) 0x762C0000
Library C:\WINDOWS\System32\Wbem\esscli.dll (WMI/Microsoft Corporation) 0x75310000
Library C:\WINDOWS\System32\Wbem\FastProx.dll (WMI/Microsoft Corporation) 0x75690000
Library C:\WINDOWS\system32\netcfgx.dll (Network Configuration Objects/Microsoft Corporation) 0x755F0000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74ED0000
Library C:\WINDOWS\System32\rasmans.dll (Remote Access Connection Manager/Microsoft Corporation) 0x7DF30000
Library C:\WINDOWS\System32\WINIPSEC.DLL (Windows IPSec SPD Client DLL/Microsoft Corporation) 0x74370000
Library C:\WINDOWS\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x75020000
Library C:\WINDOWS\system32\wbem\repdrvfs.dll (WMI/Microsoft Corporation) 0x75200000
Library C:\WINDOWS\system32\wbem\wmiprvsd.dll (WMI/Microsoft Corporation) 0x418A0000
Library C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5F770000
Library C:\WINDOWS\system32\wbem\wbemess.dll (WMI/Microsoft Corporation) 0x75390000
Library C:\WINDOWS\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x5F740000
Library C:\WINDOWS\System32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000
Library c:\windows\system32\tapisrv.dll (Microsoft® Windows(TM) Telephony Server/Microsoft Corporation) 0x733E0000
Library c:\windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\System32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\System32\rastapi.dll (Remote Access TAPI Compliance Layer/Microsoft Corporation) 0x75880000
Library C:\WINDOWS\System32\unimdm.tsp (Unimodem 5 Service Provider/Microsoft Corporation) 0x57CC0000
Library C:\WINDOWS\System32\uniplat.dll (Unimodem AT Mini Driver Platform Driver for Windows NT/Microsoft Corporation) 0x72000000
Library C:\WINDOWS\System32\unimdmat.dll (Unimodem Service Provider AT Mini Driver/Microsoft Corporation) 0x5B070000
Library C:\WINDOWS\system32\modemui.dll (Windows Modem Properties/Microsoft Corporation) 0x61650000
Library C:\WINDOWS\System32\kmddsp.tsp (TAPI Kernel-Mode Service Provider/Microsoft Corporation) 0x57D40000
Library C:\WINDOWS\System32\ndptsp.tsp (NDIS Proxy TAPI Service Provider/Microsoft Corporation) 0x57D20000
Library C:\WINDOWS\System32\ipconf.tsp (Microsoft Multicast Conference TAPI Service Provider/Microsoft Corporation) 0x57D50000
Library C:\WINDOWS\System32\h323.tsp (Microsoft H.323 Telephony Service Provider/Microsoft Corporation) 0x57D70000
Library C:\WINDOWS\System32\hidphone.tsp (Microsoft HID Phone TSP/Microsoft Corporation) 0x57D60000
Library C:\WINDOWS\System32\HID.DLL (Hid User Library/Microsoft Corporation) 0x688F0000
Library C:\WINDOWS\System32\rasppp.dll (Remote Access PPP/Microsoft Corporation) 0x72240000
Library C:\WINDOWS\System32\ntlsapi.dll (Microsoft® License Server Interface DLL/Microsoft Corporation) 0x724B0000
Library C:\WINDOWS\system32\kerberos.dll (Kerberos Security Package/Microsoft Corporation) 0x71CF0000
Library C:\WINDOWS\System32\RASDLG.dll (Remote Access Common Dialog API/Microsoft Corporation) 0x768D0000
Library c:\windows\system32\qmgr.dll (Background Intelligent Transfer Service/Microsoft Corporation) 0x5B9F0000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library c:\windows\system32\SHFOLDER.dll (Shell Folder Service/Microsoft Corporation) 0x76780000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\System32\dssenh.dll (Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider/Microsoft Corporation) 0x68100000
Library C:\WINDOWS\system32\advpack.dll (ADVPACK/Microsoft Corporation) 0x65000000
Library C:\WINDOWS\system32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x74980000

Re: Win32/Trojan5th October 2010, 4:50 pm

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1132
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library c:\windows\system32\dnsrslvr.dll (DNS Caching Resolver Service/Microsoft Corporation) 0x76770000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library c:\windows\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000

Process C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Norton AntiVirus Auto-Protect Service/Symantec Corporation) 1148
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Norton AntiVirus Auto-Protect Service/Symantec Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\WINDOWS\system32\ATL71.DLL (ATL Module for Windows (Unicode)/Microsoft Corporation) 0x7C120000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT32.DLL (AutoProtect DLL/Symantec Corporation) 0x6FA60000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll (Symantec Trust Validation Engine/Symantec Corporation) 0x6B350000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.loc (Norton AntiVirus Auto-Protect Service Resources/Symantec Corporation) 0x69C80000
Library C:\WINDOWS\system32\DBGHELP.DLL (Windows Image Helper/Microsoft Corporation) 0x59A60000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\Crypt32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\WinTrust.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\userenv.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\N32Exclu.dll (Norton AntiVirusNAV Exclusions Module/Symantec Corporation) 0x69C20000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\Program Files\Common Files\Symantec Shared\ccSet.dll (Symantec Settings Manager Engine/Symantec Corporation) 0x6B310000

Process C:\WINDOWS\notepad.exe (Notepad/Microsoft Corporation) 1156
Library C:\WINDOWS\notepad.exe (Notepad/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1236
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library c:\windows\system32\lmhsvc.dll (TCPIP NetBios Transport Services DLL/Microsoft Corporation) 0x74C40000
Library c:\windows\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library c:\windows\system32\ssdpsrv.dll (SSDP Service DLL/Microsoft Corporation) 0x765E0000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1132
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library c:\windows\system32\dnsrslvr.dll (DNS Caching Resolver Service/Microsoft Corporation) 0x76770000
Library c:\windows\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library c:\windows\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000

Process C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Norton AntiVirus Auto-Protect Service/Symantec Corporation) 1148
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Norton AntiVirus Auto-Protect Service/Symantec Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\WINDOWS\system32\ATL71.DLL (ATL Module for Windows (Unicode)/Microsoft Corporation) 0x7C120000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT32.DLL (AutoProtect DLL/Symantec Corporation) 0x6FA60000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll (Symantec Trust Validation Engine/Symantec Corporation) 0x6B350000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.loc (Norton AntiVirus Auto-Protect Service Resources/Symantec Corporation) 0x69C80000
Library C:\WINDOWS\system32\DBGHELP.DLL (Windows Image Helper/Microsoft Corporation) 0x59A60000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\Crypt32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\WinTrust.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\userenv.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\Program Files\Norton Internet Security\Norton AntiVirus\N32Exclu.dll (Norton AntiVirusNAV Exclusions Module/Symantec Corporation) 0x69C20000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\Program Files\Common Files\Symantec Shared\ccSet.dll (Symantec Settings Manager Engine/Symantec Corporation) 0x6B310000

Process C:\WINDOWS\notepad.exe (Notepad/Microsoft Corporation) 1156
Library C:\WINDOWS\notepad.exe (Notepad/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1236
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library c:\windows\system32\lmhsvc.dll (TCPIP NetBios Transport Services DLL/Microsoft Corporation) 0x74C40000
Library c:\windows\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library c:\windows\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library c:\windows\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library c:\windows\system32\ssdpsrv.dll (SSDP Service DLL/Microsoft Corporation) 0x765E0000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000

Re: Win32/Trojan5th October 2010, 4:51 pm

Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1272
Library C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library c:\windows\system32\wiaservc.dll (Still Image Devices Service/Microsoft Corporation) 0x75AA0000
Library c:\windows\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74AE0000
Library C:\WINDOWS\system32\setupapi.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library c:\windows\system32\mscms.dll (Microsoft Color Matching System DLL/Microsoft Corporation) 0x73B30000
Library c:\windows\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library c:\windows\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library c:\windows\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\actxprxy.dll (ActiveX Interface Marshaling Library/Microsoft Corporation) 0x71D40000

Process C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Settings Manager Service/Symantec Corporation) 1432
Library C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Settings Manager Service/Symantec Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\DBGHELP.DLL (Windows Image Helper/Microsoft Corporation) 0x59A60000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll (Symantec Trust Validation Engine/Symantec Corporation) 0x6B350000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\Crypt32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\WinTrust.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll (Symantec Settings Manager Event Factory/Symantec Corporation) 0x6B330000

Process C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Event Manager Service/Symantec Corporation) 1476
Library C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Event Manager Service/Symantec Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\DBGHELP.DLL (Windows Image Helper/Microsoft Corporation) 0x59A60000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll (Symantec Trust Validation Engine/Symantec Corporation) 0x6B350000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\Crypt32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\WinTrust.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\Program Files\Common Files\Symantec Shared\ccSet.dll (Symantec Settings Manager Engine/Symantec Corporation) 0x6B310000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASSPMEVT.DLL (Antispam Event/Symantec Corporation) 0x65270000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL (SPBBC Events/Symantec Corporation) 0x69500000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL (Symantec Login Manager/Symantec Corporation) 0x6B1D0000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYEVT.DLL (Symantec Proxy Event Factory/Symantec Corporation) 0x6B240000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL (Symantec Settings Manager Event Factory/Symantec Corporation) 0x6B330000
Library C:\PROGRA~1\NORTON~1\ISSVC.DLL (Internet Security Service/Symantec Corporation) 0x66AC0000
Library C:\WINDOWS\system32\SymNeti.DLL (Symantec Network Driver Interface/Symantec Corporation) 0x6F660000
Library C:\PROGRA~1\NORTON~1\NORTON~1\HPPEVT32.DLL (Norton AntiVirusHPP Events Module/Symantec Corporation) 0x6A6C0000
Library C:\PROGRA~1\NORTON~1\NORTON~1\HPPRES32.loc (Norton AntiVirus NAVOptions Module Resources/Symantec Corporation) 0x6A690000
Library C:\PROGRA~1\NORTON~1\NORTON~1\NAVEVENT.DLL (Norton AntiVirus Events/Symantec Corporation) 0x69E50000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\Program Files\Norton Internet Security\ObrkData.dll (OutBreak Data/Symantec Corporation) 0x67040000
Library C:\WINDOWS\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74EF0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74ED0000
Library C:\WINDOWS\system32\wbem\fastprox.dll (WMI/Microsoft Corporation) 0x75690000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000

Process C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Network Proxy Service/Symantec Corporation) 1624
Library C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Network Proxy Service/Symantec Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\SYMREDIR.dll (Redirector Interface DLL/Symantec Corporation) 0x6F700000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\SymNeti.DLL (Symantec Network Driver Interface/Symantec Corporation) 0x6F660000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\DBGHELP.DLL (Windows Image Helper/Microsoft Corporation) 0x59A60000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll (Symantec Trust Validation Engine/Symantec Corporation) 0x6B350000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\Crypt32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\WinTrust.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\Program Files\Common Files\Symantec Shared\DPHTML.dll (Symantec HTML Data Processor/Symantec Corporation) 0x6B3D0000
Library C:\Program Files\Common Files\Symantec Shared\DPJS.dll (Symantec JavaScript Data Processor/Symantec Corporation) 0x6B410000
Library C:\Program Files\Common Files\Symantec Shared\DPVBS.dll (Symantec VBScript Data Processor/Symantec Corporation) 0x6B420000
Library C:\Program Files\Common Files\Symantec Shared\PFPriv.dll (Symantec Privacy Proxy Filter/Symantec Corporation) 0x6B520000
Library C:\Program Files\Common Files\Symantec Shared\PFSec.dll (Symantec Security Proxy Filter/Symantec Corporation) 0x6B550000
Library C:\Program Files\Common Files\Symantec Shared\PFAdBlk.dll (Symantec Ad Blocking Proxy Filter/Symantec Corporation) 0x6B4F0000
Library C:\Program Files\Common Files\Symantec Shared\PFMisc.dll (Symantec Miscellaneous Proxy Filter/Symantec Corporation) 0x6B510000
Library C:\Program Files\Common Files\Symantec Shared\PxyHTTP.dll (Symantec HTTP Proxy/Symantec Corporation) 0x6B560000
Library C:\Program Files\Common Files\Symantec Shared\DPHTTP.dll (Symantec HTTP Data Processor/Symantec Corporation) 0x6B3F0000
Library C:\Program Files\Common Files\Symantec Shared\PxyIM.dll (Symantec IM Proxy/Symantec Corporation) 0x6B580000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\userenv.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\Program Files\Common Files\Symantec Shared\ccProSub.dll (Symantec Proxy Factory/Symantec Corporation) 0x6B200000
Library C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll (Symantec Proxy Event Factory/Symantec Corporation) 0x6B240000
Library C:\Program Files\Common Files\Symantec Shared\ccLogin.dll (Symantec Login Manager/Symantec Corporation) 0x6B1D0000
Library C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll (Symantec Settings Manager Event Factory/Symantec Corporation) 0x6B330000
Library C:\Program Files\Common Files\Symantec Shared\ccCharCv.dll (Symantec Character Converter/Symantec Corporation) 0x6AAC0000

Re: Win32/Trojan5th October 2010, 4:52 pm

Process C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (LiveUpdate Notice Service/Symantec Corporation) 1652
Library C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (LiveUpdate Notice Service/Symantec Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (PIF Engine/Symantec Corporation) 0x10000000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x008A0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x74980000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\PIF\{B8E1D~1\PollMgr.dll (Poll Manager/Symantec Corporation) 0x00D80000
Library C:\WINDOWS\system32\MSVCP71.DLL (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\Apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000

Process C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Network Driver Service/Symantec Corporation) 1700
Library C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Network Driver Service/Symantec Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\RASAPI32.DLL (Remote Access API/Microsoft Corporation) 0x76EE0000
Library C:\WINDOWS\system32\rasman.dll (Remote Access Connection Manager/Microsoft Corporation) 0x76E90000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\TAPI32.dll (Microsoft® Windows(TM) Telephony API Client DLL/Microsoft Corporation) 0x76EB0000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E80000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\SymNeti.dll (Symantec Network Driver Interface/Symantec Corporation) 0x6F660000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\userenv.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\MPRAPI.dll (Windows NT MP Router Administration DLL/Microsoft Corporation) 0x76D40000
Library C:\WINDOWS\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x77CC0000
Library C:\WINDOWS\system32\adsldpc.dll (ADs LDAP Provider C DLL/Microsoft Corporation) 0x76E10000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000

Process C:\Program Files\Java\jre6\bin\jusched.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 1724
Library C:\Program Files\Java\jre6\bin\jusched.exe (Java(TM) Platform SE binary/Sun Microsystems, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00330000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x00C60000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000

Process C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (SPBBC Service/Symantec Corporation) 1756
Library C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (SPBBC Service/Symantec Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\DBGHELP.DLL (Windows Image Helper/Microsoft Corporation) 0x59A60000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll (Symantec Trust Validation Engine/Symantec Corporation) 0x6B350000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\Crypt32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\WinTrust.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\Program Files\Common Files\Symantec Shared\ccSet.dll (Symantec Settings Manager Engine/Symantec Corporation) 0x6B310000
Library C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll (SPBBC Events/Symantec Corporation) 0x69500000
Library C:\WINDOWS\system32\msxml3.dll (MSXML 3.0 SP10/Microsoft Corporation) 0x74980000
Library C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll (Rule Preprocessor/Symantec Corporation) 0x695B0000

Process C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 1804
Library C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll 0x20000000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x00FF0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74EF0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74ED0000
Library C:\WINDOWS\system32\wbem\fastprox.dll (WMI/Microsoft Corporation) 0x75690000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000

Re: Win32/Trojan5th October 2010, 4:52 pm

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1992
Library C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\SPOOLSS.DLL (Spooler SubSystem DLL/Microsoft Corporation) 0x742E0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000
Library C:\WINDOWS\system32\localspl.dll (Local Spooler DLL/Microsoft Corporation) 0x75BB0000
Library C:\WINDOWS\system32\sfc_os.dll (Windows File Protection/Microsoft Corporation) 0x76C60000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\winspool.drv (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\cnbjmon.dll (Langage Monitor for Canon Bubble-Jet Printer/Microsoft Corporation) 0x742A0000
Library C:\WINDOWS\system32\mdimon.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00AA0000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\pjlmon.dll (PJL Language monitor/Microsoft Corporation) 0x74280000
Library C:\WINDOWS\system32\tcpmon.dll (Standard TCP/IP Port Monitor DLL/Microsoft Corporation) 0x72400000
Library C:\WINDOWS\system32\usbmon.dll (Standard Dynamic Printing Port Monitor DLL/Microsoft Corporation) 0x723F0000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00AB0000
Library C:\WINDOWS\System32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\win32spl.dll (32-bit Spooler API DLL/Microsoft Corporation) 0x75C10000
Library C:\WINDOWS\system32\NETRAP.dll (Net Remote Admin Protocol DLL/Microsoft Corporation) 0x71C80000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\inetpp.dll (Internet Print Provider DLL/Microsoft Corporation) 0x74300000

Process C:\WINDOWS\notepad.exe (Notepad/Microsoft Corporation) 2152
Library C:\WINDOWS\notepad.exe (Notepad/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000

Process C:\WINDOWS\system32\wbem\wmiprvse.exe (WMI/Microsoft Corporation) 2320
Library C:\WINDOWS\system32\wbem\wmiprvse.exe (WMI/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\wbem\FastProx.dll (WMI/Microsoft Corporation) 0x75690000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\NCObjAPI.DLL (Microsoft Corporation) 0x5F770000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74ED0000
Library C:\WINDOWS\system32\wbem\wmiutils.dll (WMI/Microsoft Corporation) 0x75020000
Library C:\WINDOWS\system32\wbem\wmiprov.dll (WMI/Microsoft Corporation) 0x72F20000
Library C:\WINDOWS\system32\WMI.dll (WMI DC and DP functionality/Microsoft Corporation) 0x76D30000
Library C:\WINDOWS\system32\wbem\esscli.dll (WMI/Microsoft Corporation) 0x75310000

Process C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Reader and Acrobat Manager/Adobe Systems Incorporated) 2392
Library C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Reader and Acrobat Manager/Adobe Systems Incorporated) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\COMDLG32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINDOWS\system32\oledlg.dll (Microsoft Windows(TM) OLE 2.0 User Interface Support/Microsoft Corporation) 0x7DF70000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\cryptnet.dll (Crypto Network Related API/Microsoft Corporation) 0x75E60000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x4D4F0000
Library C:\WINDOWS\system32\SensApi.dll (SENS Connectivity API DLL/Microsoft Corporation) 0x722B0000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000

Re: Win32/Trojan5th October 2010, 4:53 pm

Process C:\Program Files\Messenger\msmsgs.exe (Windows Messenger/Microsoft Corporation) 3080
Library C:\Program Files\Messenger\msmsgs.exe (Windows Messenger/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x4EC50000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76380000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00400000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\cryptdll.dll (Cryptography Manager/Microsoft Corporation) 0x76790000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x00A10000
Library C:\WINDOWS\system32\XPOB2RES.DLL (Service Pack 2 OOB Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x00A60000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\WINDOWS\system32\es.dll (Microsoft Corporation) 0x77710000
Library C:\WINDOWS\system32\wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\credui.dll (Credential Manager User Interface/Microsoft Corporation) 0x76C00000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000

Process C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) 3088
Library C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\CFGMGR32.dll (Configuration Manager Forwarder DLL/Microsoft Corporation) 0x74AE0000
Library C:\WINDOWS\system32\setupapi.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL (iPodService Resource Library/Apple Inc.) 0x10000000
Library C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL (iPodService Resource Library/Apple Inc.) 0x00890000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\Wtsapi32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000

Process C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 3096
Library C:\WINDOWS\system32\ctfmon.exe (CTF Loader/Microsoft Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\WINDOWS\system32\MSUTB.dll (MSUTB Server DLL/Microsoft Corporation) 0x5FC10000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000

Process C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 3192
Library C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\Ati2edxx.dll (ati2edxx/ATI Technologies, Inc.) 0x00E20000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000

Process C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Clean Access Agent/Cisco Systems, Inc) 3300
Library C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (Clean Access Agent/Cisco Systems, Inc) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\MSVBVM60.DLL (Visual Basic Virtual Machine/Microsoft Corporation) 0x73420000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\mscomctl.ocx (Windows Common Controls ActiveX Control DLL/Microsoft Corporation) 0x27580000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\asycfilt.dll (Microsoft Corporation) 0x708F0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\WINDOWS\system32\mswinsck.ocx (Microsoft Winsock Control DLL/Microsoft Corporation) 0x22170000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\IPHlpApi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000

Re: Win32/Trojan5th October 2010, 4:54 pm

Process C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 3364
Library C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) 0x10000000
Library C:\Program Files\Mozilla Firefox\sqlite3.dll (SQLite Database Library/sqlite.org) 0x00270000
Library C:\Program Files\Mozilla Firefox\MOZCRT19.dll (User-Generated Microsoft (R) C/C++ Runtime Library/Mozilla Foundation) 0x78130000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\Program Files\Mozilla Firefox\js3250.dll (Netscape 32-bit JavaScript Module/Netscape Communications Corporation) 0x002F0000
Library C:\Program Files\Mozilla Firefox\nspr4.dll (NSPR Library/Mozilla Foundation) 0x004E0000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\Program Files\Mozilla Firefox\smime3.dll (NSS S/MIME Library/Mozilla Foundation) 0x003E0000
Library C:\Program Files\Mozilla Firefox\nss3.dll (NSS Base Library/Mozilla Foundation) 0x00510000
Library C:\Program Files\Mozilla Firefox\nssutil3.dll (NSS Utility Library/Mozilla Foundation) 0x005B0000
Library C:\Program Files\Mozilla Firefox\plc4.dll (PLC Library/Mozilla Foundation) 0x005D0000
Library C:\Program Files\Mozilla Firefox\plds4.dll (PLDS Library/Mozilla Foundation) 0x005E0000
Library C:\Program Files\Mozilla Firefox\ssl3.dll (NSS SSL Library/Mozilla Foundation) 0x005F0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\WINSPOOL.DRV (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINDOWS\system32\COMDLG32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\IMM32.dll (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76380000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\Program Files\Mozilla Firefox\xpcom.dll (Mozilla Foundation) 0x00620000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\dbghelp.dll (Windows Image Helper/Microsoft Corporation) 0x59A60000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll (Mozilla Foundation) 0x01120000
Library C:\WINDOWS\system32\mswsock.dll (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\system32\hnetcfg.dll (Home Networking Configuration Manager/Microsoft Corporation) 0x662B0000
Library C:\WINDOWS\System32\wshtcpip.dll (Windows Sockets Helper DLL/Microsoft Corporation) 0x71A90000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\System32\winrnr.dll (LDAP RnR Provider DLL/Microsoft Corporation) 0x76FB0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll (Mozilla Foundation) 0x01690000
Library C:\WINDOWS\system32\t2embed.dll (Microsoft T2Embed Font Embedding/Microsoft Corporation) 0x73CE0000
Library C:\WINDOWS\system32\LZ32.dll (LZ Expand/Compress API DLL/Microsoft Corporation) 0x73DC0000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\mscms.dll (Microsoft Color Matching System DLL/Microsoft Corporation) 0x73B30000
Library C:\WINDOWS\system32\rasadhlp.dll (Remote Access AutoDial Helper/Microsoft Corporation) 0x76FC0000
Library C:\Program Files\Mozilla Firefox\softokn3.dll (NSS PKCS #11 Library/Mozilla Foundation) 0x02100000
Library C:\Program Files\Mozilla Firefox\nssdbm3.dll (Legacy Database Driver/Mozilla Foundation) 0x02130000
Library C:\Program Files\Mozilla Firefox\freebl3.dll (NSS freebl Library/Mozilla Foundation) 0x02150000
Library C:\Program Files\Mozilla Firefox\nssckbi.dll (NSS Builtin Trusted Root CAs/Mozilla Foundation) 0x021A0000
Library C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x600A0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) 0x4EC50000
Library C:\Program Files\Real\RealPlayer\browserrecord\rpmainbrowserrecordplugin.dll (RealPlayer Download and Record Plugin/RealPlayer) 0x60050000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x02A00000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x021F0000
Library C:\WINDOWS\system32\shdocvw.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x7E290000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x754D0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\Program Files\Real\RealPlayer\browserrecord\thinshims\rpnpshimswf.DLL (RealPlayer Download and Record Plugin/RealPlayer) 0x600C0000
Library C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 0x05900000
Library C:\WINDOWS\system32\DSOUND.dll (DirectSound/Microsoft Corporation) 0x73F10000
Library C:\WINDOWS\system32\mlang.dll (Multi Language Support DLL/Microsoft Corporation) 0x75CF0000
Library C:\WINDOWS\system32\schannel.dll (TLS / SSL Security Provider/Microsoft Corporation) 0x767F0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72D20000
Library C:\WINDOWS\system32\msacm32.drv (Microsoft Sound Mapper/Microsoft Corporation) 0x72D10000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\midimap.dll (Microsoft MIDI Mapper/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\System32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A20000
Library C:\WINDOWS\System32\CSCDLL.dll (Offline Network Agent/Microsoft Corporation) 0x76600000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000

Process C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 3440
Library C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\System32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\System32\WSOCK32.dll (Windows Socket 32-Bit DLL/Microsoft Corporation) 0x71AD0000
Library C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\System32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\System32\MSWSOCK.DLL (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation) 0x71A50000
Library C:\WINDOWS\System32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\System32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\System32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\System32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\System32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\System32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\System32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\System32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000

Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 3456
Library C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 0x01000000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\BROWSEUI.dll (Shell Browser UI Library/Microsoft Corporation) 0x75F80000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\SHDOCVW.dll (Shell Doc Object and Control Library/Microsoft Corporation) 0x7E290000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\CRYPTUI.dll (Microsoft Trust UI Provider/Microsoft Corporation) 0x754D0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) 0x63000000
Library C:\WINDOWS\system32\Normaliz.dll (Unicode Normalization DLL/Microsoft Corporation) 0x00400000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\UxTheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x5CB70000
Library C:\WINDOWS\AppPatch\AcGenral.DLL (Windows Compatibility DLL/Microsoft Corporation) 0x6F880000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x77BE0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\System32\cscui.dll (Client Side Caching UI/Microsoft Corporation) 0x77A20000
Library C:\WINDOWS\System32\CSCDLL.dll (Offline Network Agent/Microsoft Corporation) 0x76600000
Library C:\WINDOWS\system32\themeui.dll (Windows Theme API/Microsoft Corporation) 0x5BA60000
Library C:\WINDOWS\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x76380000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\actxprxy.dll (ActiveX Interface Marshaling Library/Microsoft Corporation) 0x71D40000
Library C:\WINDOWS\system32\msutb.dll (MSUTB Server DLL/Microsoft Corporation) 0x5FC10000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x76980000
Library C:\WINDOWS\system32\ntshrui.dll (Shell extensions for sharing/Microsoft Corporation) 0x76990000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) 0x014D0000
Library C:\WINDOWS\system32\NETSHELL.dll (Network Connections Shell/Microsoft Corporation) 0x76400000
Library C:\WINDOWS\system32\rtutils.dll (Routing Utilities/Microsoft Corporation) 0x76E80000
Library C:\WINDOWS\system32\credui.dll (Credential Manager User Interface/Microsoft Corporation) 0x76C00000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\iphlpapi.dll (IP Helper API/Microsoft Corporation) 0x76D60000
Library C:\WINDOWS\system32\WINSTA.dll (Winstation Library/Microsoft Corporation) 0x76360000
Library C:\WINDOWS\system32\webcheck.dll (Web Site Monitor/Microsoft Corporation) 0x020C0000
Library C:\WINDOWS\system32\MLANG.dll (Multi Language Support DLL/Microsoft Corporation) 0x75CF0000
Library C:\WINDOWS\system32\stobject.dll (Systray shell service object/Microsoft Corporation) 0x76280000
Library C:\WINDOWS\system32\BatMeter.dll (Battery Meter Helper DLL/Microsoft Corporation) 0x74AF0000
Library C:\WINDOWS\system32\POWRPROF.dll (Power Profile Helper DLL/Microsoft Corporation) 0x74AD0000
Library C:\WINDOWS\system32\WTSAPI32.dll (Windows Terminal Server SDK APIs/Microsoft Corporation) 0x76F50000
Library C:\WINDOWS\system32\WPDShServiceObj.dll (Windows Portable Device Shell Service Object/Microsoft Corporation) 0x164A0000
Library C:\WINDOWS\system32\WINHTTP.dll (Windows HTTP Services/Microsoft Corporation) 0x4D4F0000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x02340000
Library C:\WINDOWS\system32\mydocs.dll (My Documents Folder UI/Microsoft Corporation) 0x72410000
Library C:\WINDOWS\system32\PortableDeviceTypes.dll (Windows Portable Device (Parameter) Types Component/Microsoft Corporation) 0x109C0000
Library C:\WINDOWS\system32\PortableDeviceApi.dll (Windows Portable Device API Components/Microsoft Corporation) 0x10930000
Library C:\WINDOWS\system32\wdmaud.drv (WDM Audio driver mapper/Microsoft Corporation) 0x72D20000
Library C:\WINDOWS\system32\msacm32.drv (Microsoft Sound Mapper/Microsoft Corporation) 0x72D10000
Library C:\WINDOWS\system32\midimap.dll (Microsoft MIDI Mapper/Microsoft Corporation) 0x77BD0000
Library C:\WINDOWS\system32\WZCSAPI.DLL (Wireless Zero Configuration service API/Microsoft Corporation) 0x73030000
Library C:\WINDOWS\system32\wzcdlg.dll (Wireless Zero Configuration Service UI/Microsoft Corporation) 0x5DF10000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINDOWS\System32\drprov.dll (Microsoft Terminal Server Network Provider/Microsoft Corporation) 0x75F60000
Library C:\WINDOWS\System32\ntlanman.dll (Microsoft® Lan Manager/Microsoft Corporation) 0x71C10000
Library C:\WINDOWS\System32\NETUI0.dll (NT LM UI Common Code - GUI Classes/Microsoft Corporation) 0x71CD0000
Library C:\WINDOWS\System32\NETUI1.dll (NT LM UI Common Code - Networking classes/Microsoft Corporation) 0x71C90000
Library C:\WINDOWS\System32\NETRAP.dll (Net Remote Admin Protocol DLL/Microsoft Corporation) 0x71C80000
Library C:\WINDOWS\System32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\System32\davclnt.dll (Web DAV Client DLL/Microsoft Corporation) 0x75F70000
Library C:\WINDOWS\system32\rsaenh.dll (Microsoft Enhanced Cryptographic Provider/Microsoft Corporation) 0x0FFD0000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCEXT.DLL (Norton Security Console ExplorerExtensions/Symantec Corporation) 0x6F1A0000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\NSCEXT.LOC (Norton Security Console ExplorerExtensions/Symantec Corporation) 0x6F350000

Re: Win32/Trojan5th October 2010, 4:54 pm

Process C:\Documents and Settings\jturner\My Documents\Downloads\OTL.exe (OldTimer Tools) 3820
Library C:\Documents and Settings\jturner\My Documents\Downloads\OTL.exe (OldTimer Tools) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\user32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\version.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\winspool.drv (Windows Spooler Driver/Microsoft Corporation) 0x73000000
Library C:\WINDOWS\system32\shell32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\olepro32.dll (Microsoft Corporation) 0x5EDD0000
Library C:\WINDOWS\system32\SRCLIENT.DLL (SR CLIENT DLL/Microsoft Corporation) 0x5C060000
Library C:\WINDOWS\System32\Wbem\framedyn.dll (WMI SDK Provider Framework/Microsoft Corporation) 0x692C0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\Program Files\Common Files\SunnComm Shared\msscript.OCX (Microsoft (r) Script Control/Microsoft Corporation) 0x64AF0000
Library C:\WINDOWS\system32\NTMARTA.DLL (Windows NT MARTA provider/Microsoft Corporation) 0x77690000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\SAMLIB.dll (SAM Library DLL/Microsoft Corporation) 0x71BF0000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\PSAPI.dll (Process Status Helper/Microsoft Corporation) 0x76BF0000
Library C:\WINDOWS\system32\LINKINFO.dll (Windows Volume Tracking/Microsoft Corporation) 0x76980000
Library C:\WINDOWS\system32\ntshrui.dll (Shell extensions for sharing/Microsoft Corporation) 0x76990000
Library C:\WINDOWS\system32\ATL.DLL (ATL Module for Windows XP (Unicode)/Microsoft Corporation) 0x76B20000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000
Library C:\WINDOWS\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\mstask.dll (Task Scheduler interface DLL/Microsoft Corporation) 0x75830000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\MPR.dll (Multiple Provider Router DLL/Microsoft Corporation) 0x71B20000
Library C:\WINDOWS\system32\ieframe.dll (Internet Explorer/Microsoft Corporation) 0x01310000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000

Process C:\Documents and Settings\jturner\My Documents\Downloads\3vjg2yy9.exe 3840
Library C:\Documents and Settings\jturner\My Documents\Downloads\3vjg2yy9.exe 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\COMCTL32.DLL (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000
Library C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL (AntiSpam OE Hook/Symantec Corporation) 0x651B0000
Library C:\WINDOWS\system32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) 0x7C360000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\Program Files\Common Files\Symantec Shared\ccL40.dll (Symantec Library/Symantec Corporation) 0x6AF90000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\MSVCP71.dll (Microsoft® C++ Runtime Library/Microsoft Corporation) 0x7C3C0000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\USERENV.dll (Userenv/Microsoft Corporation) 0x769C0000

Process C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (TouchPad Driver Helper Application/Synaptics, Inc.) 3868
Library C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (TouchPad Driver Helper Application/Synaptics, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\SynCOM.dll (SynCOM/Synaptics, Inc.) 0x10000000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000

Process C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics TouchPad Enhancements/Synaptics, Inc.) 3880
Library C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics TouchPad Enhancements/Synaptics, Inc.) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\COMCTL32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\WINMM.dll (MCI API DLL/Microsoft Corporation) 0x76B40000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\SynCOM.dll (SynCOM/Synaptics, Inc.) 0x10000000
Library C:\WINDOWS\system32\SynTPAPI.dll (SynTPAPI/Synaptics, Inc.) 0x63010000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x011E0000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000

Re: Win32/Trojan5th October 2010, 4:55 pm

Process C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (hp Wireless Assistant Module/Hewlett-Packard Company) 4012
Library C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (hp Wireless Assistant Module/Hewlett-Packard Company) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\wbem\wbemprox.dll (WMI/Microsoft Corporation) 0x74EF0000
Library C:\WINDOWS\system32\wbem\wbemcomn.dll (WMI/Microsoft Corporation) 0x75290000
Library C:\WINDOWS\system32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) 0x71AB0000
Library C:\WINDOWS\system32\WS2HELP.dll (Windows Socket 2.0 Helper for Windows NT/Microsoft Corporation) 0x71AA0000
Library C:\WINDOWS\system32\wbem\wbemsvc.dll (WMI/Microsoft Corporation) 0x74ED0000
Library C:\WINDOWS\system32\wbem\fastprox.dll (WMI/Microsoft Corporation) 0x75690000
Library C:\WINDOWS\system32\MSVCP60.dll (Microsoft (R) C++ Runtime Library/Microsoft Corporation) 0x76080000
Library C:\WINDOWS\system32\NTDSAPI.dll (NT5DS/Microsoft Corporation) 0x767A0000
Library C:\WINDOWS\system32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) 0x76F20000
Library C:\WINDOWS\system32\WLDAP32.dll (Win32 LDAP API DLL/Microsoft Corporation) 0x76F60000
Library C:\WINDOWS\system32\NETAPI32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\msi.dll (Windows Installer/Microsoft Corporation) 0x7D1E0000
Library C:\WINDOWS\system32\SXS.DLL (Fusion 2.5/Microsoft Corporation) 0x75E90000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000

Process C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Quick Launch Buttons/Hewlett-Packard ) 4024
Library C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Quick Launch Buttons/Hewlett-Packard ) 0x00400000
Library C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 0x7C900000
Library C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) 0x7C800000
Library C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) 0x7E410000
Library C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) 0x77F10000
Library C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) 0x77DD0000
Library C:\WINDOWS\system32\RPCRT4.dll (Remote Procedure Call Runtime/Microsoft Corporation) 0x77E70000
Library C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) 0x77FE0000
Library C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) 0x7C9C0000
Library C:\WINDOWS\system32\msvcrt.dll (Windows NT CRT DLL/Microsoft Corporation) 0x77C10000
Library C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) 0x77F60000
Library C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) 0x774E0000
Library C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) 0x77120000
Library C:\WINDOWS\system32\SETUPAPI.dll (Windows Setup API/Microsoft Corporation) 0x77920000
Library C:\WINDOWS\system32\IMM32.DLL (Windows XP IMM32 API Client DLL/Microsoft Corporation) 0x76390000
Library C:\WINDOWS\system32\LPK.DLL (Language Pack/Microsoft Corporation) 0x629C0000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D90000
Library C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (User Experience Controls Library/Microsoft Corporation) 0x773D0000
Library C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) 0x5D090000
Library C:\WINDOWS\system32\uxtheme.dll (Microsoft UxTheme Library/Microsoft Corporation) 0x5AD70000
Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000
Library C:\WINDOWS\system32\VERSION.dll (Version Checking and File Installation Libraries/Microsoft Corporation) 0x77C00000
Library C:\WINDOWS\system32\netapi32.dll (Net Win32 API DLL/Microsoft Corporation) 0x5B860000
Library C:\WINDOWS\system32\appHelp.dll (Application Compatibility Client Library/Microsoft Corporation) 0x77B40000
Library C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation) 0x76FD0000
Library C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation) 0x77050000
Library C:\WINDOWS\system32\iertutil.dll (Run time utility for Internet Explorer/Microsoft Corporation) 0x5DCA0000
Library C:\WINDOWS\system32\urlmon.dll (OLE32 Extensions for Win32/Microsoft Corporation) 0x1A400000
Library C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL (Quick Launch Buttons/Hewlett-Packard ) 0x10000000
Library C:\WINDOWS\system32\xpsp2res.dll (Service Pack 2 Messages/Microsoft Corporation) 0x20000000
Library C:\WINDOWS\system32\msctfime.ime (Microsoft Text Frame Work Service IME/Microsoft Corporation) 0x755C0000
Library C:\WINDOWS\system32\WINTRUST.dll (Microsoft Trust Verification APIs/Microsoft Corporation) 0x76C30000
Library C:\WINDOWS\system32\CRYPT32.dll (Crypto API32/Microsoft Corporation) 0x77A80000
Library C:\WINDOWS\system32\MSASN1.dll (ASN.1 Runtime APIs/Microsoft Corporation) 0x77B20000
Library C:\WINDOWS\system32\IMAGEHLP.dll (Windows NT Image Helper/Microsoft Corporation) 0x76C90000
Library C:\Program Files\HPQ\Quick Launch Buttons\HPQPRES.DLL (hpqPres/Hewlett-Packard ) 0x00BD0000
Library C:\WINDOWS\system32\comdlg32.dll (Common Dialogs DLL/Microsoft Corporation) 0x763B0000
Library C:\WINDOWS\system32\MSCTF.dll (MSCTF Server DLL/Microsoft Corporation) 0x74720000

---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NETFramework
Service [DISABLED] Abiosdsk
Service [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service C:\WINDOWS\system32\DRIVERS\ACPIEC.sys (ACPI Embedded Controller Driver/Microsoft Corporation) [BOOT] ACPIEC
Service [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service [DISABLED] Aha154x
Service [DISABLED] aic78u2
Service [DISABLED] aic78xx
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service C:\WINDOWS\system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [BOOT] AliIde
Service C:\WINDOWS\system32\DRIVERS\AmdK8.sys (AMD Processor Driver/Advanced Micro Devices) [SYSTEM] AmdK8
Service [DISABLED] amsint
Service C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple, Inc.) [AUTO] Apple Mobile Device
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service C:\WINDOWS\system32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) [MANUAL] Arp1394
Service [DISABLED] asc
Service [DISABLED] asc3350p
Service [DISABLED] asc3550
Service ASP.NET
Service ASP.NET_1.1.4322
Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (aspnet_state.exe/Microsoft Corporation) [MANUAL] aspnet_state
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\Ati2evxx.exe (ATI External Event Utility EXE Module/ATI Technologies Inc.) [AUTO] Ati HotKey Poller
Service C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) [MANUAL] ati2mtag
Service Atierecord
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Automatic LiveUpdate Scheduler Service/Symantec Corporation) [AUTO] Automatic LiveUpdate Scheduler
Service (Battery Class Driver/Microsoft Corporation) BattC
Service C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom 802.11 Network Adapter wireless driver/Broadcom Corporation) [MANUAL] BCM43XX
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant WDM AC97 Audio Driver/Conexant Systems Inc.) [MANUAL] CAMCAUD
Service C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant AmcHal Driver/Conexant Systems Inc.) [MANUAL] CAMCHALA
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service C:\WINDOWS\system32\DRIVERS\CCDECODE.sys (WDM Closed Caption VBI Codec/Microsoft Corporation) [MANUAL] CCDECODE
Service C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Event Manager Service/Symantec Corporation) [AUTO] ccEvtMgr
Service C:\Program Files\Norton Internet Security\ccPwdSvc.exe (Password Validation/Symantec Corporation) [MANUAL] ccISPwdSvc
Service C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Network Proxy Service/Symantec Corporation) [AUTO] ccProxy
Service C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Settings Manager Service/Symantec Corporation) [AUTO] ccSetMgr
Service [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [DISABLED] ClipSrv
Service C:\WINDOWS\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt
Service [DISABLED] CmdIde
Service C:\Program Files\Norton Internet Security\comHost.exe (COM Aggregation Host/Symantec Corporation) [MANUAL] comHost
Service C:\WINDOWS\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service [DISABLED] dac2w2k
Service [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe (Logical Disk Manager service process/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) [DISABLED] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [DISABLED] dmload
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic

Re: Win32/Trojan5th October 2010, 4:56 pm

Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\WINDOWS\system32\drivers\EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) [SYSTEM] eabfiltr
Service C:\WINDOWS\system32\drivers\eabusb.sys (QLB USB Keyboard filter driver/Hewlett-Packard Company) [MANUAL] eabusb
Service C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Eraser Control Driver/Symantec Corporation) [SYSTEM] eeCtrl
Service C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Eraser Utility Driver/Symantec Corporation) [MANUAL] EraserUtilRebootDrv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc
Service (FIPS Crypto Driver/Microsoft Corporation) [SYSTEM] Fips
Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk
Service C:\WINDOWS\system32\DRIVERS\fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (FT Disk Driver/Microsoft Corporation) [BOOT] Ftdisk
Service C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [AUTO] gusvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ
Service [DISABLED] hpn
Service C:\Program Files\HPQ\SHARED\HPQWMI.exe (hpqwmi Module/Hewlett-Packard Development Company, L.P.) [MANUAL] hpqwmi
Service C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys (HSFHWATI WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWATI
Service C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DP
Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service [SYSTEM] i2omgmt
Service [DISABLED] i2omp
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService
Service inetaccs
Service [DISABLED] ini910u
Service Inport
Service C:\WINDOWS\system32\DRIVERS\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [BOOT] IntelIde
Service C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw
Service C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) [MANUAL] iPod Service
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java(TM) Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe [AUTO] LightScribeService
Service C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (LiveUpdate Engine COM Module/Symantec Corporation) [MANUAL] LiveUpdate
Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (LiveUpdate Notice Service/Symantec Corporation) [AUTO] LiveUpdate Notice Service
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys (USB Statistic Driver/Logitech Inc.) [MANUAL] LVUSBSta
Service C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface DRIVER/Conexant) [AUTO] mdmxsdk
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:\WINDOWS\system32\mnmsrvc.exe (NetMeeting Remote Desktop Sharing/Microsoft Corporation) [MANUAL] mnmsrvc
Service (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] Mouclass
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service [DISABLED] mraid35x
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service C:\WINDOWS\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\WINDOWS\system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys (WDM NABTS/FEC VBI Codec/Microsoft Corporation) [MANUAL] NABTSFEC
Service C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Norton AntiVirus Auto-Protect Service/Symantec Corporation) [AUTO] navapsvc
Service C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101002.003\NAVENG.SYS (AV Engine/Symantec Corporation) [MANUAL] NAVENG
Service C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101002.003\NAVEX15.SYS (AV Engine/Symantec Corporation) [MANUAL] NAVEX15
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\NdisIP.sys (Microsoft IP Driver/Microsoft Corporation) [MANUAL] NdisIP
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service C:\WINDOWS\system32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) [MANUAL] NIC1394
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (Norton Security Console Norton Protection Center Service/Symantec Corporation) [MANUAL] NSCService
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:\WINDOWS\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [BOOT] ohci1394
Service C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service Outlook
Service (Processor Device Driver/Microsoft Corporation) P3
Service C:\WINDOWS\system32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM Parallel Driver/Microsoft Corporation) [DISABLED] ParVdm
Service C:\WINDOWS\system32\DRIVERS\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] PCIIde
Service C:\WINDOWS\system32\DRIVERS\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [BOOT] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service [DISABLED] perc2
Service [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\DRIVERS\LV302AV.SYS (Logitech QuickCam Driver/Logitech Inc.) [MANUAL] PID_08A0
Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] PlugPlay
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\WINDOWS\system32\DRIVERS\processr.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] Processor
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:\WINDOWS\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service [DISABLED] ql1080
Service [DISABLED] Ql10wnt
Service [DISABLED] ql12160
Service [DISABLED] ql1240
Service [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\WINDOWS\system32\DRIVERS\rasirda.sys (IrDA WAN Miniport Driver/Microsoft Corporation) [MANUAL] Rasirda
Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel(R) mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe (Microsoft® Remote Desktop Help Session Manager/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) [SYSTEM] redbook
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023xp
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS (AutoProtect/Symantec Corporation) [MANUAL] SAVRT
Service C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS (SAVRTPEL/Symantec Corporation) [AUTO] SAVRTPEL
Service C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (AutoProtect/Symantec Corporation) [MANUAL] SAVScan
Service C:\WINDOWS\system32\Drivers\SbcpHid.sys [AUTO] SbcpHid
Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service C:\WINDOWS\system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) [MANUAL] sdbus
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] Secdrv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service C:\WINDOWS\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum
Service C:\WINDOWS\system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) [BOOT] Serial
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service

Re: Win32/Trojan5th October 2010, 4:57 pm

Service [DISABLED] Simbad
Service C:\WINDOWS\system32\DRIVERS\SLIP.sys (Microsoft Slip Deframing Filter Minidriver/Microsoft Corporation) [MANUAL] SLIP
Service C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMC IrCC NDIS 5.0 IrDA FIR Device Driver/SMC) [MANUAL] SMCIRDA
Service C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Network Driver Service/Symantec Corporation) [AUTO] SNDSrvc
Service [DISABLED] Sparrow
Service C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (SPBBC Driver/Symantec Corporation) [SYSTEM] SPBBCDrv
Service C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (SPBBC Service/Symantec Corporation) [AUTO] SPBBCSvc
Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\WINDOWS\system32\DRIVERS\sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) [DISABLED] sr
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [AUTO] Symantec Core LC
Service [DISABLED] symc810
Service [DISABLED] symc8xx
Service C:\WINDOWS\System32\Drivers\SYMDNS.SYS (DNS Filter Driver/Symantec Corporation) [MANUAL] SYMDNS
Service C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) [MANUAL] SymEvent
Service C:\WINDOWS\System32\Drivers\SYMFW.SYS (Firewall Filter Driver/Symantec Corporation) [MANUAL] SYMFW
Service C:\WINDOWS\System32\Drivers\SYMIDS.SYS (IDS Filter Driver/Symantec Corporation) [MANUAL] SYMIDS
Service C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20100915.005\SymIDSCo.sys (IDS Core Driver/Symantec Corporation) [MANUAL] SYMIDSCO
Service system32\DRIVERS\SymIM.sys [MANUAL] SymIM
Service system32\DRIVERS\SymIM.sys [MANUAL] SymIMMP
Service C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Core Component/Symantec Corporation) [AUTO] symlcbrd
Service C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (NDIS Filter Driver/Symantec Corporation) [MANUAL] SYMNDIS
Service C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Redirector Filter Driver/Symantec Corporation) [MANUAL] SYMREDRV
Service C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) [SYSTEM] SYMTDI
Service [DISABLED] sym_hi
Service [DISABLED] sym_u3
Service C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP
Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe (Performance Logs and Alerts Service/Microsoft Corporation) [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service C:\WINDOWS\system32\drivers\tifm21.sys (tifm21.sys/Texas Instruments) [MANUAL] tifm21
Service [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service [DISABLED] ultra
Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service C:\WINDOWS\system32\drivers\usbaudio.sys (USB Audio Class Driver/Microsoft Corporation) [MANUAL] usbaudio
Service system32\DRIVERS\lgusbbus.sys [MANUAL] usbbus
Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service system32\DRIVERS\lgusbdiag.sys [MANUAL] UsbDiag
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service system32\DRIVERS\lgusbmodem.sys [MANUAL] USBModem
Service C:\WINDOWS\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde
Service (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service VxD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient
Service C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service C:\WINDOWS\system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [SYSTEM] WmiAcpi
Service WmiApRpl
Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (WMI Performance Adapter Service/Microsoft Corporation) [MANUAL] WmiApSrv
Service C:\Program Files\Windows Media Player\WMPNetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc
Service C:\WINDOWS\System32\Drivers\wpdusb.sys (WPD USB Driver/Microsoft Corporation) [MANUAL] WpdUsb
Service (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] wscsvc
Service C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS (WDM WST Codec Driver/Microsoft Corporation) [MANUAL] WSTCODEC
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\WINDOWS\system32\DRIVERS\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
Service C:\WINDOWS\system32\DRIVERS\wudfrd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WudfRd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WudfSvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service {06065E56-3C94-4B6A-A935-64CD5360C23E}
Service {2101F1D3-A247-4FCE-8FF0-95B20A25EEEB}
Service {DD472C16-8443-4AF0-9C19-002F9B7B324C}
Service {F40919E4-0F4E-4749-AC13-98A1C9DE20F2}

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{7786E088-D097-778B-5D41-726AE7948F69}\InprocServer32@ C:\WINDOWS\system32\quartz.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{7786E088-D097-778B-5D41-726AE7948F69}\InprocServer32@ThreadingModel Both

---- EOF - GMER 1.0.15 ----

Re: Win32/Trojan5th October 2010, 11:00 pm

Hi ,

Please work your way through these steps:

Step 1:

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:
:OTL O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O4 - HKLM..\Run: [BearShare] C:\Program Files\BearShare\BearShare.exe File not found O4 - HKLM..\Run: [UserFaultCheck] File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) :Commands [purity] [emptytemp] [emptyflash]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
After rebooting, please post the OTL you are presented with on startup.

Step 2:

Please download Combofix from one of the following locations:

LINK 1
LINK 2

**IMPORTANT! Save Combofix to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Win32/Trojan RcAuto1

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Win32/Trojan Whatnext

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not re-run Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

In your next reply please include:

The log from OTL.
The Combofix log.

Thanks.

............................................................................................
- The Avatar
If I have helped you, please consider donating to GeekPolice.net

GeekPolice.net

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

Re: Win32/Trojan7th October 2010, 1:51 am

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BearShare deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 552 bytes
->Temporary Internet Files folder emptied: 70789 bytes
->Flash cache emptied: 83 bytes

User: All Users

User: Default User
->Temp folder emptied: 552 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 83 bytes

User: JEREMIAH TURNER
->Temp folder emptied: 1329679404 bytes
->Temporary Internet Files folder emptied: 8919465 bytes
->Java cache emptied: 25037644 bytes
->FireFox cache emptied: 47987426 bytes
->Apple Safari cache emptied: 1060864 bytes

User: jturner
->Temp folder emptied: 3008676 bytes
->Temporary Internet Files folder emptied: 298103 bytes
->FireFox cache emptied: 80620377 bytes
->Flash cache emptied: 1471 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 38156 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2664019 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 79343585 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 762181621 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 552 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,233.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: JEREMIAH TURNER

User: jturner
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 10062010_183253

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Re: Win32/Trojan7th October 2010, 2:29 am

ComboFix 10-10-06.02 - jturner 10/06/2010 19:15:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.200 [GMT -7:00]
Running from: c:\documents and settings\jturner\My Documents\Downloads\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JEREMIAH TURNER\Application Data\hotfix.exe
c:\program files\Internet Explorer\msimg32.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll

----- File Replicators -----

c:\program files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe
c:\program files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe
c:\program files\InstallShield Installation Information\{9E11661F-C75F-4566-A91F-85BD90D09C70}\setup.exe
c:\program files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe
c:\program files\InstallShield Installation Information\{FC6E442D-ACBF-4EE3-BB0F-E9EFD6A43D07}\setup.exe
c:\swsetup\Default\Disk1\setup.exe
c:\swsetup\MVEDV\muveeInstall\setup.exe
c:\swsetup\QLB\Disk1\setup.exe
c:\swsetup\SEDXPSP2\AR\Disk1\setup.exe
c:\swsetup\SEDXPSP2\BR\Disk1\setup.exe
c:\swsetup\SEDXPSP2\CH\Disk1\setup.exe
c:\swsetup\SEDXPSP2\CS\Disk1\setup.exe
c:\swsetup\SEDXPSP2\DK\Disk1\setup.exe
c:\swsetup\SEDXPSP2\FI\Disk1\setup.exe
c:\swsetup\SEDXPSP2\FR\Disk1\setup.exe
c:\swsetup\SEDXPSP2\GK\Disk1\setup.exe
c:\swsetup\SEDXPSP2\GR\Disk1\setup.exe
c:\swsetup\SEDXPSP2\HU\Disk1\setup.exe
c:\swsetup\SEDXPSP2\IL\Disk1\setup.exe
c:\swsetup\SEDXPSP2\IT\Disk1\setup.exe
c:\swsetup\SEDXPSP2\JP\Disk1\setup.exe
c:\swsetup\SEDXPSP2\KR\Disk1\setup.exe
c:\swsetup\SEDXPSP2\NL\Disk1\setup.exe
c:\swsetup\SEDXPSP2\NO\Disk1\setup.exe
c:\swsetup\SEDXPSP2\PL\Disk1\setup.exe
c:\swsetup\SEDXPSP2\PT\Disk1\setup.exe
c:\swsetup\SEDXPSP2\RU\Disk1\setup.exe
c:\swsetup\SEDXPSP2\SE\Disk1\setup.exe
c:\swsetup\SEDXPSP2\SEDInstaller\setup.exe
c:\swsetup\SEDXPSP2\SK\Disk1\setup.exe
c:\swsetup\SEDXPSP2\SL\Disk1\setup.exe
c:\swsetup\SEDXPSP2\SP\Disk1\setup.exe
c:\swsetup\SEDXPSP2\TH\Disk1\setup.exe
c:\swsetup\SEDXPSP2\TR\Disk1\setup.exe
c:\swsetup\SEDXPSP2\TW\Disk1\setup.exe
c:\swsetup\SEDXPSP2\TZ\Disk1\setup.exe
c:\swsetup\SEDXPSP2\US\Disk1\setup.exe
c:\swsetup\WLASST\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))))))))))))))))))))))))))
.

2010-10-07 02:14 . 2010-10-07 02:14 862872 ----a-w- c:\documents and settings\jturner\Application Data\yahoo!\SearchProtection\fudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe
2010-10-07 01:32 . 2010-10-07 01:32 -------- d-----w- C:\_OTL
2010-10-05 12:31 . 2010-10-05 12:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-04 19:27 . 2010-10-04 19:27 -------- d-----w- c:\documents and settings\JEREMIAH TURNER\Application Data\Malwarebytes
2010-10-04 17:33 . 2010-10-04 17:33 -------- d-----w- c:\documents and settings\jturner\Application Data\Malwarebytes
2010-10-04 17:32 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-04 17:32 . 2010-10-04 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-04 17:32 . 2010-10-04 17:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-04 15:58 . 2010-10-04 15:58 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-10-04 15:57 . 2010-10-04 15:57 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-26 14:27 . 2010-09-26 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-21 18:37 . 2010-09-21 18:37 932288 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31033\AdobeARM.exe
2010-09-21 18:37 . 2010-09-21 18:37 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31033\AdobeExtractFiles.dll
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31033\ReaderUpdater.exe
2010-09-21 18:37 . 2010-09-21 18:37 338856 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\31033\AcrobatUpdater.exe
2010-09-07 13:52 . 2010-08-30 21:34 1496064 ----a-w- c:\documents and settings\JEREMIAH TURNER\Application Data\Mozilla\Firefox\Profiles\k6xkhw08.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-07 13:52 . 2010-08-30 21:33 43008 ----a-w- c:\documents and settings\JEREMIAH TURNER\Application Data\Mozilla\Firefox\Profiles\k6xkhw08.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-07 13:52 . 2010-08-30 21:33 338944 ----a-w- c:\documents and settings\JEREMIAH TURNER\Application Data\Mozilla\Firefox\Profiles\k6xkhw08.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-07 13:52 . 2010-08-30 21:33 346112 ----a-w- c:\documents and settings\JEREMIAH TURNER\Application Data\Mozilla\Firefox\Profiles\k6xkhw08.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 01:33 . 2005-05-12 04:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-07 01:17 . 2008-04-15 00:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-10-04 19:40 . 2007-01-20 06:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-10-04 19:38 . 2008-02-11 06:29 -------- d-----w- c:\program files\DivX
2010-10-04 19:38 . 2005-05-12 03:51 -------- d-----w- c:\program files\MSN Encarta Plus
2010-10-04 19:38 . 2005-05-12 03:51 -------- d-----w- c:\program files\Microsoft Works
2010-10-04 17:12 . 2010-10-04 17:09 -------- d-----w- c:\documents and settings\jturner\Application Data\Symantec
2010-10-04 17:11 . 2010-10-04 17:11 -------- d--h--r- c:\documents and settings\jturner\Application Data\yahoo!
2010-10-03 18:42 . 2008-04-09 03:43 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-10-03 14:49 . 2008-04-19 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-10-03 14:46 . 2009-05-24 17:54 -------- d-----w- c:\program files\Symantec
2010-10-03 14:45 . 2010-10-03 14:46 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-10-03 14:45 . 2010-10-03 14:46 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-10-03 14:45 . 2009-05-24 17:56 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-03 14:45 . 2009-05-24 17:56 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-03 13:47 . 2009-05-24 17:58 -------- d-----w- c:\program files\Norton Internet Security
2006-02-05 05:51 . 2006-02-05 05:51 756024 -c--a-w- c:\program files\CCAAgent_Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-28 136600]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-23 52840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-15 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2005-11-28 1491023]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/3/2010 6:20 AM 102448]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [3/22/2005 7:39 AM 200192]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2010-10-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-07 05:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\jturner\Application Data\Mozilla\Firefox\Profiles\ica1fizm.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\JEREMIAH TURNER\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\JEREMIAH TURNER\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{CA2DB500-5ECF-11D2-B28F-0080C8383C7B} - c:\windows\system32\shmswnrc.dll

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-06 19:26:22
ComboFix-quarantined-files.txt 2010-10-07 02:26

Pre-Run: 57,307,672,576 bytes free
Post-Run: 60,584,603,648 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - EC382136CA6187E56050FED9E84B67CE

Re: Win32/Trojan7th October 2010, 9:49 am

Hi turnej10,

I have unpleasant news for you. Sad tearing

In addition to some malwares in the system, one of the infections is identified as Sality or so-called Virut virus. It's a file infector, and as such our efforts in cleaning will be futile. You'll be better off to perform a reformat and reinstall (clean install).

Win32/Virut.BM is a polymorphic file infector that targets .EXE and .SCR files. This virus also opens a backdoor by connecting to an IRC server, allowing a remote attacker to download and execute arbitrary files on the infected computer. you may refer to the following thread.

http://www.f-secure.com/v-descs/sality_q.shtml
http://www.sophos.com/security/analyses/w32salityaa.html

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

If you need assistance in performing a clean install, here are a couple of good guides to walk you through the process:

http://www.winsupersite.com/showcase/windowsxp_sg_clean.asp
http://www.windowsreinstall.com/winxppro/i...stallguides.htm

Good luck.

My Buddy

............................................................................................
- The Avatar
If I have helped you, please consider donating to GeekPolice.net

GeekPolice.net

Online: GMT 10+ 7:30pm to 8:30pm weekdays. On and off on weekends regularly.

Win32/Trojan

descriptionWin32/Trojan5th October 2010, 8:45 am

descriptionRe: Win32/Trojan5th October 2010, 9:16 am

descriptionRe: Win32/Trojan5th October 2010, 3:40 pm

descriptionRe: Win32/Trojan5th October 2010, 4:39 pm

descriptionRe: Win32/Trojan5th October 2010, 4:39 pm

descriptionRe: Win32/Trojan5th October 2010, 4:40 pm

descriptionRe: Win32/Trojan5th October 2010, 4:42 pm

descriptionRe: Win32/Trojan5th October 2010, 4:43 pm

descriptionRe: Win32/Trojan5th October 2010, 4:44 pm

descriptionRe: Win32/Trojan5th October 2010, 4:45 pm

descriptionRe: Win32/Trojan5th October 2010, 4:46 pm

descriptionRe: Win32/Trojan5th October 2010, 4:47 pm

descriptionRe: Win32/Trojan5th October 2010, 4:48 pm

descriptionRe: Win32/Trojan5th October 2010, 4:49 pm

descriptionRe: Win32/Trojan5th October 2010, 4:50 pm

descriptionRe: Win32/Trojan5th October 2010, 4:50 pm

descriptionRe: Win32/Trojan5th October 2010, 4:51 pm

descriptionRe: Win32/Trojan5th October 2010, 4:52 pm

descriptionRe: Win32/Trojan5th October 2010, 4:52 pm

descriptionRe: Win32/Trojan5th October 2010, 4:53 pm

descriptionRe: Win32/Trojan5th October 2010, 4:54 pm

descriptionRe: Win32/Trojan5th October 2010, 4:54 pm

descriptionRe: Win32/Trojan5th October 2010, 4:55 pm

descriptionRe: Win32/Trojan5th October 2010, 4:56 pm

descriptionRe: Win32/Trojan5th October 2010, 4:57 pm

descriptionRe: Win32/Trojan5th October 2010, 11:00 pm

descriptionRe: Win32/Trojan7th October 2010, 1:51 am

descriptionRe: Win32/Trojan7th October 2010, 2:29 am

descriptionRe: Win32/Trojan7th October 2010, 9:49 am

descriptionRe: Win32/Trojan

Win32/Trojan5th October 2010, 8:45 am

Re: Win32/Trojan5th October 2010, 9:16 am

Re: Win32/Trojan5th October 2010, 3:40 pm

Re: Win32/Trojan5th October 2010, 4:39 pm

Re: Win32/Trojan5th October 2010, 4:39 pm

Re: Win32/Trojan5th October 2010, 4:40 pm

Re: Win32/Trojan5th October 2010, 4:42 pm

Re: Win32/Trojan5th October 2010, 4:43 pm

Re: Win32/Trojan5th October 2010, 4:44 pm

Re: Win32/Trojan5th October 2010, 4:45 pm

Re: Win32/Trojan5th October 2010, 4:46 pm

Re: Win32/Trojan5th October 2010, 4:47 pm

Re: Win32/Trojan5th October 2010, 4:48 pm

Re: Win32/Trojan5th October 2010, 4:49 pm

Re: Win32/Trojan5th October 2010, 4:50 pm

Re: Win32/Trojan5th October 2010, 4:50 pm

Re: Win32/Trojan5th October 2010, 4:51 pm

Re: Win32/Trojan5th October 2010, 4:52 pm

Re: Win32/Trojan5th October 2010, 4:52 pm

Re: Win32/Trojan5th October 2010, 4:53 pm

Re: Win32/Trojan5th October 2010, 4:54 pm

Re: Win32/Trojan5th October 2010, 4:54 pm

Re: Win32/Trojan5th October 2010, 4:55 pm

Re: Win32/Trojan5th October 2010, 4:56 pm

Re: Win32/Trojan5th October 2010, 4:57 pm

Re: Win32/Trojan5th October 2010, 11:00 pm

Re: Win32/Trojan7th October 2010, 1:51 am

Re: Win32/Trojan7th October 2010, 2:29 am

Re: Win32/Trojan7th October 2010, 9:49 am

Re: Win32/Trojan