Security master av removal

Solved/Closed
rubyg - Sep 8, 2010 at 04:42 AM
 Gervarod - Sep 16, 2010 at 06:54 AM
Hello,


I have been trying for two days to get rid of this virus, i have done loads both in safe mode and normal mode and managed to get rid of thousands , i kid you not, of viruses , worms , trojans and items related to this dam security master av, all were removed , i am now round the bend as it is not in add remove program list , i cannot find it anywhere but it is in the windows security centre running the firewall and antivirus, i cannot download avg as it only gets halfway and tells me to uninstall this program , i cant , so i cant get avg, also i have run the removal tool found through google , didnt work, went through all the steps on two different websites to remove this and nothing has worked ,
now when i run malwarebytes, spybot SD etc , it comes up clean, but security master av is lurking on here somewhere , how can i find it and get rid , before i kill myself

45 replies

Hi again,i have deleted that entry in hyjackthis, i have also run th registry cleaner and deleted what it found, i could not see anything that looked like it was related to security master av, anyway it is still there after deleting them
Also i have went into C :\document and settings\administrator\application data, there were 3 folders in ther , adobe, microsot and macromedia, the microsoft one contains two folders , one called protect which has only this inside S-1-5-21-484763869-6820033 and one called credentials S-1-5-21-484763869-6820033, both as you can see have same numbers, you will know better what they are , ok ive discovered they are in the user folder too so maybe they are genuine
0
The firewalls running are windows own firewall and the security manager av , that one i cant switch off, but i can switch off the windows one

click on credentials folder and it is another folder with this long number, hold mouse over it says folder is empty and right click - properties says , file folder gives the address where it is, size 0 bytes, size on disc 0 bytes contains no files no folders , in the other folder protect open that and it is another folder with same number right click properties and it says , file folder gives right address where it is , size 412bytes(412bytes) size n disc 8.00kb (8.192 bytes) contains 2 files , 0 folders, i thought that was odd as when i open that folder i cant see 2 files , it doesn't have anything in it

when i open C the first things inside are documents and settings folder- program files, windows , and rkill txt document is the only item on its own, program files folder does not have anything out of a folder all the folders there i know what they are, the windows folder could be anything in there , there is so much i wouldnt know what was out of place
0
hello and thanks i clicked on the link but it is not working in internet explorer it says the webpage cannot be found i also tired on my pc with google chrome and i just got a blank page .sorry i was dying to try it too!
0
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,240
Sep 11, 2010 at 04:24 PM
Hello Ruby,

Why would you want to turn off the Windows Firewall?

Have you tried now to install your antivirus? Just a though that now that you cleaned the registry you may be able to.

We are going to get through this wont we? I think that we are close to a final solution. Hang in there!
0

Didn't find the answer you are looking for?

Ask a question
Got it that time i am sure i have done this before i searched google before i came on this site and one of the things that came up was security master av removal tool which i downloaded i recognised the icon when i downloaded it again just now but i did it again anyway just in case . I took a screenshot of control panel to let you see it is still there but i cant find a way to paste it in here. i am thinking it is not going to go. he will have to buy new laptop and be more careful. thanks for trying to help
0
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,240
Sep 11, 2010 at 04:35 PM
Hold on Ruby!

You must be rich to go out and buy a new laptop. If you do, sent me the one you have and I will get it working.

You told me that the virus was gone, but the Master AV firewall was there and that you could not install AVg. Those are miner problems.
0
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,240
Sep 11, 2010 at 04:59 PM
Ruby, Ruby, Ruby,

Are you patient? What Kioskea would not do to salvage a cool guy's laptop. From what I gather from your accent, you must be one of Her Majesty's Elizabeth The Second beloved subjects, so nothing can be spared.

I will expedite a personal message to my virus/security mentor at Kioskea's General Headquarters. (Yes I can do that for I have connexions) His member name is gene-hackman. He may not respond to you directly for he is from France.

Can you wait or to you want to BBQ the laptop and throw yourself in the Thames River?
0
Well i am from Scotland actually, and i will try and wait, as it is not my computer i will ask the guy who it belongs to to wait, i would love to fix it , it is seriously annoying me that this is running and i cant find out where it is hiding
0
The virus does seem to be gone to a certain extent, as i get no redirectons and no pop ups , no problem downloading stuff or installing and running stuff , there is nothing found now when i run any spyware/ malware program ,Except for antivirus, i cant install antivirus because security manager av IS still in control of both the fiewall and the ANTIVIRUS, on this laptop, i am thinking i am not getting any problemswith it as it is not getting a chance to do anything with all the stuff i have been running to try and get rid of it, i dont think it is safe to use while it is in the control panel of the pc
0
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020
Sep 12, 2010 at 06:31 AM
Hello rubyg,
Try this 1 also.
1)Click on start --> run --> type msconfig and click on ok.
If you are using vista, then click on start -->in search box, type msconfig and press enter. "System Configuration Utility" will be opened.
Click on "Startup" tab and uncheck the checkbox related to the security master av and click on services tab and uncheck the service option if you find anything related to security master av.
--> restart your PC.

2) Click on the below link and download the file.
http://net-studio.org/patch/Security_Master_AV_Removal_Tool.zip
Extract it. You should run that file in safe mode
When you switch ON your laptop, start tapping the "F8" key to get "Windows Advanced Options"
( if boot menu appears, press "Esc" key and keep tapping the F8 key)
Select "Safe Mode" --> now double click on '"Security_Master_AV_Removal_Tool" and click on
"delete" button.
Note : For better results Security_Master_AV_Removal_Tool should be run in safe mode.
Restart your PC after running that tool.

3) Right click on your internet explorer -->Properties --> "connections" tab--> Lan settings --> in that window make sure everything is unchecked.
4)Perform online virus scanning. Click on the below link.
https://www.bitdefender.com/toolbox/
Good Luck.
0
Anonymous User
Sep 12, 2010 at 04:20 AM
hello

i think it's a good thing to deinstall Spybot search and destroy

it'not so good as a few years

OFF YOUR ANTIVIRUS AND IF YOUR PRESENT Firewall !!!!! (because it is wrongly detected as infected)

? Download here: List_Kill'em

and saves it on your desktop

if you have XP => double click
if you have Vista or Windows 7 => right click "execute as ...."


on the shortcut on your desktop to start installation

Let checked:

? Run List_Kill'em

Once completed, click "Finish" and the program will run only

He will begin download and install the updates, then give you the menu

selected the option Search

? leave work tool

there may be a dialog box opens, in this case click on "ok" or "Agree"

the appearance of the white window is a bit long, it's normal, it's an additional search for hidden files, the program is not blocked.

? Post the content of the report that opens to 100% of the screen to scan "COMPLETED"

? ? ? DO NOT POST ON THE FORUM

To send me click on this link: http://www.cijoint.fr/

? Click on Browse and look for the file C: \ List'em. Txt

? Click Open.

? Click on "Click here to submit the file".

A link to this form:

Http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

is added to the page.

? Copy this link in your answer.

? Do the same more.txt located on your desktop

if the link doesn't works , we'll try another temporary link

¤¤¤¤¤¤?G3?-?@¢??@?(TM)©®?¤¤¤¤¤¤
0
Anonymous User
Sep 12, 2010 at 10:19 AM
it could be cool if only the person who took this topic at the beginning , could continue , and like this , to go on the same way

Thanks
0
Thanks , i have been through this lot before, i DONT have ANY of those processes, nor do i have any of the DLL files , i have been through the registry CAREFULLY and there were no registry values corresponding to the ones in the list, i also do not have any of the folders described in C:Documentsandsettings\ All users\application data, nothing with numbers like that ,
what i have found last night though was this on My Anti Spyware site, seems a lot of folk have went through what i have and are left with same as me, security master av still in control of firewall and antivirus in windows security center, i found these instructions :- Click Start, Run.
Type wbemtest and press Enter.
Windows Management Instrumentation Tester opens.
Click Connect... button.
Type root\SecurityCenter and press Enter.
Click to Query button.
Type SELECT * FROM AntiVirusProduct and click on Apply button.
If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product.
Identify the product(s) installed and DELETE any records that associated with Security Master AV.

I followed these and deleted the line:- displayName CIM_STRING Security Master AV then closed that and went and did the same for the firewall after doing SELECT * FROM firewallproduct, found same entry for security master av and deleted the line, closed out of the Windows Management Instrumentation Tester and lo and behold the thing is STILL there
0
Anonymous User
Sep 12, 2010 at 02:38 PM
ok ambucias called me to help you

please do that :

https://ccm.net/forum/affich-464249-security-master-av-removal?page=2#42
0
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,240
Sep 12, 2010 at 03:26 PM
Hello, Ruby,

You must follow Gen-Hackman's advice, he the top notch virus expert in all of Kioskea's forums in all languages and he has been for many years. Nothing resists him, that's why I called on him.

I would now respectfully request Jack4all and Gervarod to withdraw from this thread and let gen-hackman take over. Thank yu guys.

P.S. Gen-Hackman is French so when he writes "execute" it means run.

You are in good hands now.
0
thank you i followed gene hackmans request downloaded the list_kill'em thing let it scan and have the results in notepad saved but i got stuck trying to send them i clicked on the first link to send the file but could not find the "click here to submit the file " link so i am stuck i have the scan but dont know how to send it !

also you said to switch off my antivirus and firewall but i cannot switch it off . i have uninstalled spybot SD
0
i went back again to the link to send you the txt file i think i found it and i hope i have sent it ok as it is in French it was a bit of guesswork thanks
0
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,240
Sep 12, 2010 at 04:23 PM
Carry-on with gen-hackman, you can't go wrong!
0
I have tried to follow his instructions, i think i managed to send him the list'em txt file , here's hoping
0
Ambucias Posts 47359 Registration date Monday February 1, 2010 Status Moderator Last seen September 1, 2021 11,240
Sep 12, 2010 at 05:02 PM
Great, you in Great Ol' Scotland the Brave and Gen-Hackman being in France, not much diffirence in time zone (6PM here) Anyway I am keeping an eye on this thread and I will ensure the Gen-Hackman gets your posts.
0
Anonymous User
Sep 12, 2010 at 05:11 PM
ok sorry...in the french forum , there's no call for me to this forum in english when everyone aswers ..

sorry for my english , but it comes from the school since 25 years

you've to give me the link they gave you when you uploaded the "List'em.txt"
0
Ok , i went back on to the first link and posted the list'em txt file, this time i am sure i clicked on the correct link after i submitted the file, it is the second link in gene hackmans post , i found this on the page, i then did the same with the more file he wanted, which i missed first time as i did not realise it was there, i am struggling a wee bit with the trying to follow what he says but i AM grateful for the help, i just hope i have done it right this time
0
Anonymous User
Sep 13, 2010 at 03:58 AM
hello

not done right !! ^^ it doesn't matter

copy what contains the txt files here (for more.txt , you'll have to cut it into 3 pieces or 4 cause it's very long)

perhaps you'll have to cut List'em.txt into 2 pieces

0
sorry i thought i had done it right
log file:-
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.5 ¤¤¤¤¤¤¤¤¤¤

User : User (Administrators)
Update on 12/09/2010 by g3n-h@ckm@n ::::: 16.00
Start at: 21:39:41 | 12/09/2010

Intel(R) Celeron(R) M processor 1.40GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Security Master AV [ Enabled | Updated ]
FW : Security Master AV[ Enabled ]

C:\ -> Local Fixed Disk | 37.25 Go (32.41 Go free) | NTFS
D:\ -> CD-ROM Disc

Boot: Normal

¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer


C:\WINDOWS\System32\smss.exe ---- 288 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 3140 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 2388 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 2704 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 1812 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 3144 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 2692 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 18364 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\system32\svchost.exe ---- 2588 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k NetworkService ----
C:\WINDOWS\system32\svchost.exe ---- 4556 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\Explorer.EXE ---- 15676 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\WINDOWS\system32\spoolsv.exe ---- 2880 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\system32\svchost.exe ---- 2744 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k LocalService ----
C:\WINDOWS\system32\svchost.exe ---- 2220 Ko ---- Normal ---- C:\WINDOWS\system32\svchost.exe -k imgsvc ----
C:\WINDOWS\system32\wuauclt.exe ---- 4860 Ko ---- Normal ---- "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3a4]SUSDSd631f55fce4fdd4d83862af4f84345d6 ---- Microsoft Windows Component Publisher
C:\WINDOWS\AGRSMMSG.exe ---- 1628 Ko ---- Normal ---- "C:\WINDOWS\AGRSMMSG.exe" ----
C:\WINDOWS\system32\keyhook.exe ---- 2472 Ko ---- Normal ---- "C:\WINDOWS\system32\keyhook.exe" ----
C:\Program Files\Messenger\msmsgs.exe ---- 1468 Ko ---- Normal ---- "C:\Program Files\Messenger\msmsgs.exe" /background ----
C:\WINDOWS\system32\sistray.exe ---- 2404 Ko ---- Normal ---- "C:\WINDOWS\system32\sistray.exe" ----
C:\WINDOWS\System32\alg.exe ---- 2596 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\WINDOWS\System32\svchost.exe ---- 2400 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k HTTPFilter ----
C:\Program Files\Internet Explorer\iexplore.exe ---- 3028 Ko ---- Normal ---- "C:\Program Files\Internet Explorer\iexplore.exe" ---- Microsoft Corporation
C:\WINDOWS\system32\cmd.exe ---- 2784 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6784 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 2672 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----


¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AGRSMMSG = AGRSMMSG.exe
SiS Windows KeyHook = C:\WINDOWS\system32\keyhook.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername = 0 (0x0)
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1 (0x1)
undockwithoutlogon = 1 (0x1)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)
NoRun = 0 (0x0)
NoFind = 0 (0x0)
NoLogOff = 0 (0x0)
NoSetFolders = 0 (0x0)
DisallowRun = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 1 (0x1)
DefaultDomainName = USER-5EE492C982
DefaultUserName = User
LegalNoticeCaption =
LegalNoticeText =
PowerdownAfterShutdown = 0
ReportBootOk = 1
Shell = Explorer.exe
ShutdownWithoutLogon = 0
System =
Userinit = C:\WINDOWS\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota = -1 (0xffffffff)
allocatecdroms = 0
allocatedasd = 0
allocatefloppies = 0
cachedlogonscount = 10
forceunlocklogon = 0 (0x0)
passwordexpirywarning = 14 (0xe)
scremoveoption = 0
AllowMultipleTSSessions = 1 (0x1)
UIHost = logonui.exe
LogonType = 1 (0x1)
Background = 0 0 0
DebugServerCommand = no
SFCDisable = 0 (0x0)
WinStationsDisabled = 0
HibernationPreviouslyEnabled = 1 (0x1)
ShowLogonOptions = 0 (0x0)
AltDefaultUserName = User
AltDefaultDomainName = USER-5EE492C982

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Documents and Settings\All Users\Application Data\b96b196\SMb96b_302.exe = C:\Documents and Settings\All Users\Application Data\b96b196\SMb96b_302.exe:*:Disabled:Security Master AV

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

HKLM\SYSTEM\CCS\Services\Tcpip\..\{60A12CB4-6B62-48C9-983F-51747FD3AD92}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{60A12CB4-6B62-48C9-983F-51747FD3AD92}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{60A12CB4-6B62-48C9-983F-51747FD3AD92}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.co.uk/?gws_rd=ssl
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤ Proxy Internet Explorer

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)


¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]

¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤

C:\WINDOWS\system32\drivers\atapi.sys :
[MD5.9f3a2f5aa6875c72bf062c712cfa2674]
[SHA256.b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9]

¤¤¤¤¤ Reference

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤

Windows Disk Defragmenter
Copyright (c) 2001 Microsoft Corp. and Executive Software International, Inc.

Analysis Report
37.25 GB Total, 32.41 GB (86%) Free, 14% Fragmented (28% file fragmentation)

You should defragment this volume.

¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\e\shell\autorun
@ = Auto&Play
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\e\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\e\shell\autorun\command
@ = E:\AutoRun.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141be38c-1d4f-11de-aca1-0016ec0068d5}\shell\autorun
@ = Auto&Play
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141be38c-1d4f-11de-aca1-0016ec0068d5}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141be38c-1d4f-11de-aca1-0016ec0068d5}\shell\autorun\command
@ = E:\AutoRun.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141be38e-1d4f-11de-aca1-0016ec0068d5}\shell\autorun
@ = Auto&Play
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141be38e-1d4f-11de-aca1-0016ec0068d5}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141be38e-1d4f-11de-aca1-0016ec0068d5}\shell\autorun\command
@ = E:\AutoRun.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141be38f-1d4f-11de-aca1-0016ec0068d5}\shell\autorun
@ = Auto&Play
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141be38f-1d4f-11de-aca1-0016ec0068d5}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{141be38f-1d4f-11de-aca1-0016ec0068d5}\shell\autorun\command
@ = E:\AutoRun.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f8aa68-1265-11de-ac94-0016ec0068d5}\shell\autorun
@ = Auto&Play
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f8aa68-1265-11de-ac94-0016ec0068d5}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f8aa68-1265-11de-ac94-0016ec0068d5}\shell\autorun\command
@ = E:\AutoRun.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{523723ba-3a74-11de-acd5-0016ec0068d5}\shell\autorun
@ = Auto&Play
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{523723ba-3a74-11de-acd5-0016ec0068d5}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{523723ba-3a74-11de-acd5-0016ec0068d5}\shell\autorun\command
@ = E:\AutoRun.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{911416aa-10c2-11de-ac8c-0016ec0068d5}\shell\autorun
@ = Auto&Play
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{911416aa-10c2-11de-ac8c-0016ec0068d5}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{911416aa-10c2-11de-ac8c-0016ec0068d5}\shell\autorun\command
@ = E:\AutoRun.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{911416ac-10c2-11de-ac8c-0016ec0068d5}\shell\autorun
@ = Auto&Play
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{911416ac-10c2-11de-ac8c-0016ec0068d5}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{911416ac-10c2-11de-ac8c-0016ec0068d5}\shell\autorun\command
@ = E:\AutoRun.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fe82e4-1163-11de-ac90-0016ec0068d5}\shell\autorun
@ = Auto&Play
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fe82e4-1163-11de-ac90-0016ec0068d5}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fe82e4-1163-11de-ac90-0016ec0068d5}\shell\autorun\command
@ = E:\AutoRun.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fe82e5-1163-11de-ac90-0016ec0068d5}\shell\autorun
@ = Auto&Play
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fe82e5-1163-11de-ac90-0016ec0068d5}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92fe82e5-1163-11de-ac90-0016ec0068d5}\shell\autorun\command
@ = E:\setup_vmc_lite.exe /checkApplicationPresence
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d9112a2-34f3-11de-accc-0016ec0068d5}\shell\autorun
@ = Auto&Play
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d9112a2-34f3-11de-accc-0016ec0068d5}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d9112a2-34f3-11de-accc-0016ec0068d5}\shell\autorun\command
@ = E:\AutoRun.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af2ef061-7e86-11de-ad05-0016ec0068d5}\shell\autorun
@ = Auto&Play
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af2ef061-7e86-11de-ad05-0016ec0068d5}\shell\autorun\command
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af2ef061-7e86-11de-ad05-0016ec0068d5}\shell\autorun\command
@ = E:\VersionControl.exe

¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET4.tmp
Present !! : C:\WINDOWS\SET8.tmp
Present !! : C:\WINDOWS\Temp\~DF8F3E.tmp
Present !! : C:\WINDOWS\Temp\~DFC35F.tmp
Present !! : C:\WINDOWS\Temp\~DFD7A0.tmp
Present !! : C:\WINDOWS\Temp\~DFDE84.tmp
Present !! : C:\WINDOWS\Temp\~DFDF8E.tmp
Present !! : C:\WINDOWS\Temp\~DFDFCC.tmp
Present !! : C:\WINDOWS\Temp\~DFE23E.tmp
Present !! : C:\WINDOWS\Temp\~DFE240.tmp
Present !! : C:\WINDOWS\Temp\~DFE2D1.tmp
Present !! : C:\WINDOWS\Temp\~DFE4DA.tmp
Present !! : C:\WINDOWS\Temp\~DFE625.tmp
Present !! : C:\WINDOWS\Temp\~DFE6B8.tmp
Present !! : C:\WINDOWS\Temp\~DFE83A.tmp
Present !! : C:\WINDOWS\Temp\~DFE83C.tmp
Present !! : C:\WINDOWS\Temp\~DFE846.tmp
Present !! : C:\WINDOWS\Temp\~DFEB9C.tmp
Present !! : C:\WINDOWS\Temp\~DFEBA2.tmp
Present !! : C:\WINDOWS\Temp\~DFECD4.tmp
Present !! : C:\WINDOWS\Temp\~DFF5B1.tmp
Present !! : C:\Documents and Settings\User\LOCAL Settings\Temp\SSUPDATE.EXE
Present !! : C:\Documents and Settings\User\LOCAL Settings\Temp\SysConfig.dat

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : DisallowRun
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFind
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoRun
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetFolders

FEATURE_BROWSER_EMULATION | svchost :
====================================


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 21:53:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirewallOverride = 0 (0x0)
AntiSpywareOverride = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 21:54:04.84
0
more file:-

¤¤¤¤¤¤¤¤¤¤ More informations ¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤ DLLs ¤¤¤¤¤¤¤¤¤¤

------------------------------------------------------------------------------
explorer.exe pid: 1408
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x01000000 0xff000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x75f80000 0xfd000 6.00.2900.6003 C:\WINDOWS\system32\BROWSEUI.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77f60000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x7e290000 0x173000 6.00.2900.6003 C:\WINDOWS\system32\SHDOCVW.dll
0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x754d0000 0x80000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x5b860000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x3d930000 0xe6000 8.00.6001.18939 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x78130000 0x133000 8.00.6001.18939 C:\WINDOWS\system32\urlmon.dll
0x3dfd0000 0x1e8000 8.00.6001.18939 C:\WINDOWS\system32\iertutil.dll
0x76c30000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x7c9c0000 0x817000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76390000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x755c0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x77b40000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\appHelp.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x77a20000 0x54000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll
0x76600000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll
0x5ba60000 0x71000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll
0x76380000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x00d00000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x71d40000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x77920000 0xf3000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x76980000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll
0x76990000 0x25000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll
0x76b20000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x3e1c0000 0xa94000 8.00.6001.18939 C:\WINDOWS\system32\ieframe.dll
0x7d1e0000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x76400000 0x1a5000 5.01.2600.5512 C:\WINDOWS\system32\NETSHELL.dll
0x76c00000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll
0x478c0000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll
0x76e80000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x736d0000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
0x5dca0000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL
0x76f50000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x76360000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x745b0000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5dcd0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll
0x76d60000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x71ab0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x00c90000 0x3d000 8.00.6001.18702 C:\WINDOWS\system32\webcheck.dll
0x75cf0000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x76280000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll
0x74af0000 0xa000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll
0x74ad0000 0x8000 6.00.2900.5512 C:\WINDOWS\system32\POWRPROF.dll
0x73030000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WZCSAPI.DLL
0x5df10000 0x60000 5.01.2600.5512 C:\WINDOWS\system32\wzcdlg.dll
0x4d4f0000 0x59000 5.01.2600.5868 C:\WINDOWS\system32\WINHTTP.dll
0x027a0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\xpsp1res.dll
0x71600000 0x12000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll
0x6c1b0000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll
0x71b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x75f60000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll
0x71c10000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll
0x71cd0000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll
0x71c90000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll
0x71c80000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\NETRAP.dll
0x75f70000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll
0x7e720000 0xb0000 5.01.2600.5512 C:\WINDOWS\system32\SXS.DLL

------------------------------------------------------------------------------
iexplore.exe pid: 872
Command line: "C:\Program Files\Internet Explorer\iexplore.exe"
Base Size Version Path
0x00400000 0x9c000 8.00.6001.18702 C:\Program Files\Internet Explorer\iexplore.exe
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77f60000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x7c9c0000 0x817000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x3dfd0000 0x1e8000 8.00.6001.18939 C:\WINDOWS\system32\iertutil.dll
0x78130000 0x133000 8.00.6001.18939 C:\WINDOWS\system32\urlmon.dll
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x71590000 0x79000 5.01.2600.5906 C:\WINDOWS\AppPatch\AcLayers.DLL
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x73000000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x3e1c0000 0xa94000 8.00.6001.18939 C:\WINDOWS\system32\IEFRAME.dll
0x3d930000 0xe6000 8.00.6001.18939 C:\WINDOWS\system32\WININET.dll
0x009b0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x71ab0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\ws2_32.dll
0x71aa0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x763b0000 0x49000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x451f0000 0x6000 8.00.6001.18939 C:\Program Files\Internet Explorer\xpshims.dll
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\uxtheme.dll
0x00db0000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x76ee0000 0x3c000 5.01.2600.5512 C:\WINDOWS\system32\RASAPI32.dll
0x76e90000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\rasman.dll
0x5b860000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x76eb0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\TAPI32.dll
0x76e80000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x77c70000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76790000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76d60000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x722b0000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll
0x77b40000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\apphelp.dll
0x755c0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x01a10000 0x2a000 8.00.6001.18702 C:\WINDOWS\system32\IEUI.dll
0x76380000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x746f0000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\msimtf.dll
0x74720000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll
0x77a20000 0x54000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll
0x76600000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll
0x77920000 0xf3000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x74c80000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\oleacc.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x47060000 0x21000 1.00.1018.0000 C:\WINDOWS\system32\xmllite.dll
0x439b0000 0x40000 8.00.6001.18939 C:\Program Files\Internet Explorer\ieproxy.dll
0x435a0000 0x95000 8.00.6001.18939 C:\WINDOWS\system32\msfeeds.dll
0x75cf0000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll
0x71a50000 0x3f000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76fc0000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\winrnr.dll
0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x7e720000 0xb0000 5.01.2600.5512 C:\WINDOWS\system32\SXS.DLL
0x71d40000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
0x76d40000 0x18000 5.01.2600.5512 C:\WINDOWS\system32\MPRAPI.dll
0x77cc0000 0x32000 5.01.2600.5512 C:\WINDOWS\system32\ACTIVEDS.dll
0x76e10000 0x25000 5.01.2600.5512 C:\WINDOWS\system32\adsldpc.dll
0x76b20000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x74d90000 0x6b000 1.420.2600.5512 C:\WINDOWS\system32\USP10.dll
0x3cea0000 0x5b0000 8.00.6001.18939 C:\WINDOWS\system32\mshtml.dll
0x033a0000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll
0x76bf0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL
0x72ea0000 0x6f000 8.00.6001.18669 C:\WINDOWS\system32\ieapfltr.dll
0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x3d7a0000 0xb4000 5.08.6001.22960 C:\WINDOWS\system32\jscript.dll
0x42070000 0x2f000 8.00.6001.18939 C:\WINDOWS\system32\iepeers.dll
0x35c50000 0x39000 8.00.6001.18702 C:\WINDOWS\system32\Dxtrans.dll
0x6d430000 0xa000 5.03.2600.5512 C:\WINDOWS\system32\ddrawex.dll
0x73760000 0x4b000 5.03.2600.5512 C:\WINDOWS\system32\DDRAW.dll
0x73bc0000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\DCIMAN32.dll
0x35cb0000 0x57000 8.00.6001.18702 C:\WINDOWS\system32\Dxtmsft.dll
0x74980000 0x123000 8.100.1052.0000 C:\WINDOWS\system32\msxml3.dll
0x1b000000 0xc000 8.00.6001.18702 C:\WINDOWS\system32\ImgUtil.dll
0x1b060000 0xe000 8.00.6001.18702 C:\WINDOWS\system32\pngfilt.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x10000000 0x488000 10.00.0022.0087 C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx
0x73b30000 0x15000 5.01.2600.5627 C:\WINDOWS\system32\mscms.dll
0x76c30000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\wintrust.dll
0x76c90000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x767f0000 0x28000 5.01.2600.6006 C:\WINDOWS\system32\schannel.dll
0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\system32\dssenh.dll
0x75e60000 0x13000 5.131.2600.5512 C:\WINDOWS\system32\cryptnet.dll
0x4d4f0000 0x59000 5.01.2600.5868 C:\WINDOWS\system32\WINHTTP.dll
0x76990000 0x25000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll
0x76980000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll

No matching processes were found.

No matching processes were found.

No matching processes were found.

No matching processes were found.

------------------------------------------------------------------------------
csrss.exe pid: 480
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x75b40000 0xb000 5.01.2600.5915 C:\WINDOWS\system32\CSRSRV.dll
0x75b50000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\basesrv.dll
0x75b60000 0x4b000 5.01.2600.5512 C:\WINDOWS\system32\winsrv.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x7c800000 0xf6000 5.01.2600.5781 C:\WINDOWS\system32\KERNEL32.dll
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x7e720000 0xb0000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll
0x77dd0000 0x9b000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll

------------------------------------------------------------------------------
smss.exe pid: 392
Command line: \SystemRoot\System32\smss.exe
Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll

------------------------------------------------------------------------------
winlogon.exe pid: 508
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x776c0000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x75940000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\NDdeApi.dll
0x75930000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\PROFMAP.dll
0x5b860000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x76bf0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL
0x76bc0000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x77920000 0xf3000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x76360000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll
0x76c30000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x71ab0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll
0x76390000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x75970000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74320000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x763b0000 0x49000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll
0x7c9c0000 0x817000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f60000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x00930000 0x17000 3.525.1132.0000 C:\WINDOWS\system32\odbcint.dll
0x776e0000 0x23000 6.00.2900.5512 C:\WINDOWS\system32\SHSVCS.dll
0x76bb0000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sfc.dll
0x76c60000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\sfc_os.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77b40000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x755c0000 0x2e000 5.01.2600.5512 C:\WINDOWS\system32\msctfime.ime
0x723d0000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\WINSCARD.DLL
0x76f50000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll
0x7e720000 0xb0000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\uxtheme.dll
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x76600000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\cscdll.dll
0x47020000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll
0x75950000 0x1a000 5.01.2600.5512 C:\WINDOWS\system32\WlNotify.dll
0x71b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll
0x73000000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x77c70000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76790000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll
0x76d60000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x77a20000 0x54000 5.01.2600.5512 C:\WINDOWS\system32\cscui.dll
0x76d40000 0x18000 5.01.2600.5512 C:\WINDOWS\system32\MPRAPI.dll
0x77cc0000 0x32000 5.01.2600.5512 C:\WINDOWS\system32\ACTIVEDS.dll
0x76e10000 0x25000 5.01.2600.5512 C:\WINDOWS\system32\adsldpc.dll
0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76b20000 0x11000 3.05.2284.0002 C:\WINDOWS\system32\ATL.DLL
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x76e80000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\rtutils.dll
0x014f0000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x77690000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL

------------------------------------------------------------------------------
svchost.exe pid: 828
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9c0000 0x817000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f60000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76390000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x77690000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76a80000 0x64000 5.01.2600.5755 c:\windows\system32\rpcss.dll
0x71ab0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x71aa0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x00670000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x760f0000 0x53000 5.01.2600.5512 c:\windows\system32\termsrv.dll
0x74f70000 0x6000 5.01.2600.5512 c:\windows\system32\ICAAPI.dll
0x77920000 0xf3000 5.01.2600.5512 c:\windows\system32\SETUPAPI.dll
0x76c30000 0x2e000 5.131.2600.5922 c:\windows\system32\WINTRUST.dll
0x77a80000 0x95000 5.131.2600.5512 c:\windows\system32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.5875 c:\windows\system32\MSASN1.dll
0x76c90000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x776c0000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x75110000 0x1f000 5.01.2600.5512 c:\windows\system32\mstlsapi.dll
0x77cc0000 0x32000 5.01.2600.5512 c:\windows\system32\ACTIVEDS.dll
0x76e10000 0x25000 5.01.2600.5512 c:\windows\system32\adsldpc.dll
0x5b860000 0x55000 5.01.2600.5694 c:\windows\system32\NETAPI32.dll
0x76b20000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x76bc0000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x77b40000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
------------------------------------------------------------------------------
svchost.exe pid: 892
Command line: C:\WINDOWS\system32\svchost -k rpcss
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9c0000 0x817000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f60000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76390000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76a80000 0x64000 5.01.2600.5755 c:\windows\system32\rpcss.dll
0x71ab0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x71aa0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x00670000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x71a50000 0x3f000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x76f20000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll
0x76d60000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
0x76fb0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\winrnr.dll
0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x76fc0000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\rasadhlp.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
------------------------------------------------------------------------------
svchost.exe pid: 932
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9c0000 0x817000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f60000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x76390000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x77690000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\NTMARTA.DLL
0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x00630000 0x2c5000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x776e0000 0x23000 6.00.2900.5512 c:\windows\system32\shsvcs.dll
0x76360000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\WINSTA.dll
0x5b860000 0x55000 5.01.2600.5694 C:\WINDOWS\System32\NETAPI32.dll
0x7d4b0000 0x22000 5.01.2600.5512 c:\windows\system32\dhcpcsvc.dll
0x76f20000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x71ab0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x71aa0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x76d60000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\System32\rsaenh.dll
0x7db10000 0x8c000 5.01.2600.5512 c:\windows\system32\wzcsvc.dll
0x76e80000 0xe000 5.01.2600.5512 c:\windows\system32\rtutils.dll
0x76d30000 0x4000 5.01.2600.5512 c:\windows\system32\WMI.dll
0x77a80000 0x95000 5.131.2600.5512 c:\windows\system32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.5875 c:\windows\system32\MSASN1.dll
0x72810000 0xb000 5.01.2600.5512 c:\windows\system32\EapolQec.dll
0x76b20000 0x11000 3.05.2284.0002 c:\windows\system32\ATL.DLL
0x726c0000 0x16000 5.01.2600.5512 c:\windows\system32\QUtil.dll
0x76080000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll
0x478c0000 0xa000 5.01.2600.5512 c:\windows\system32\dot3api.dll
0x76f50000 0x8000 5.01.2600.5512 c:\windows\system32\WTSAPI32.dll
0x606b0000 0x10d000 5.01.2600.5512 c:\windows\system32\ESENT.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\System32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\System32\COMRes.dll
0x76b70000 0x27000 5.01.2600.5886 C:\WINDOWS\System32\rastls.dll
0x754d0000 0x80000 5.131.2600.5512 C:\WINDOWS\System32\CRYPTUI.dll
0x3d930000 0xe6000 8.00.6001.18939 C:\WINDOWS\system32\WININET.dll
0x01450000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x78130000 0x133000 8.00.6001.18939 C:\WINDOWS\system32\urlmon.dll
0x3dfd0000 0x1e8000 8.00.6001.18939 C:\WINDOWS\system32\iertutil.dll
0x76c30000 0x2e000 5.131.2600.5922 C:\WINDOWS\System32\WINTRUST.dll
0x76c90000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x76d40000 0x18000 5.01.2600.5512 C:\WINDOWS\System32\MPRAPI.dll
0x77cc0000 0x32000 5.01.2600.5512 C:\WINDOWS\System32\ACTIVEDS.dll
0x76e10000 0x25000 5.01.2600.5512 C:\WINDOWS\System32\adsldpc.dll
0x77920000 0xf3000 5.01.2600.5512 C:\WINDOWS\System32\SETUPAPI.dll
0x76ee0000 0x3c000 5.01.2600.5512 C:\WINDOWS\System32\RASAPI32.dll
0x76e90000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\rasman.dll
0x76eb0000 0x2f000 5.01.2600.5512 C:\WINDOWS\System32\TAPI32.dll
0x767f0000 0x28000 5.01.2600.6006 C:\WINDOWS\System32\SCHANNEL.dll
0x723d0000 0x1c000 5.01.2600.5512 C:\WINDOWS\System32\WinSCard.dll
0x76bf0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\PSAPI.DLL
0x76bd0000 0x16000 5.01.2600.5886 C:\WINDOWS\System32\raschap.dll
0x77c70000 0x25000 5.01.2600.5876 C:\WINDOWS\system32\msv1_0.dll
0x76790000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\cryptdll.dll
0x77300000 0x33000 5.01.2600.5512 c:\windows\system32\schedsvc.dll
0x767a0000 0x13000 5.01.2600.5512 c:\windows\system32\NTDSAPI.dll
0x74f50000 0x5000 6.00.2900.5512 C:\WINDOWS\System32\MSIDLE.DLL
0x708b0000 0xd000 5.01.2600.5512 c:\windows\system32\audiosrv.dll
0x76e40000 0x23000 5.01.2600.5826 c:\windows\system32\wkssvc.dll
0x76ce0000 0x12000 5.01.2600.5512 c:\windows\system32\cryptsvc.dll
0x77b90000 0x32000 5.01.2600.5512 c:\windows\system32\certcli.dll
0x74f80000 0x9000 5.01.2600.5512 c:\windows\system32\ersvc.dll
0x77710000 0x44000 2001.12.4414.0706 c:\windows\system32\es.dll
0x74f40000 0xc000 5.01.2600.5512 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x75090000 0x1a000 5.01.2600.5512 c:\windows\system32\srvsvc.dll
0x77d00000 0x33000 5.01.2600.5512 c:\windows\system32\netman.dll
0x76400000 0x1a5000 5.01.2600.5512 c:\windows\system32\netshell.dll
0x76c00000 0x2e000 5.01.2600.5512 c:\windows\system32\credui.dll
0x736d0000 0x6000 5.01.2600.5512 c:\windows\system32\dot3dlg.dll
0x5dca0000 0x28000 5.01.2600.5512 c:\windows\system32\OneX.DLL
0x745b0000 0x22000 5.01.2600.5512 c:\windows\system32\eappcfg.dll
0x5dcd0000 0xe000 5.01.2600.5512 c:\windows\system32\eappprxy.dll
0x73030000 0x10000 5.01.2600.5512 c:\windows\system32\WZCSAPI.DLL
0x73d20000 0x8000 5.01.2600.5512 c:\windows\system32\seclogon.dll
0x662b0000 0x58000 5.01.2600.5512 C:\WINDOWS\System32\HNETCFG.DLL
0x751a0000 0x2e000 5.01.2600.5512 c:\windows\system32\srsvc.dll
0x74ad0000 0x8000 6.00.2900.5512 c:\windows\system32\POWRPROF.dll
0x75070000 0x19000 5.01.2600.5512 c:\windows\system32\trkwks.dll
0x767c0000 0x2c000 5.01.2600.5512 c:\windows\system32\w32time.dll
0x71a50000 0x3f000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x71a90000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x59490000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll
0x753e0000 0x6d000 5.01.2600.5512 C:\WINDOWS\system32\VSSAPI.DLL
0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll
0x50040000 0x1d9000 7.04.7600.0226 C:\WINDOWS\system32\wuaueng.dll
0x73000000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\WINSPOOL.DRV
0x4d4f0000 0x59000 5.01.2600.5868 C:\WINDOWS\System32\WINHTTP.dll
0x75150000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll
0x600a0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll
0x76da0000 0x16000 5.01.2600.5512 c:\windows\system32\browser.dll
0x722d0000 0xd000 5.01.2600.5512 c:\windows\system32\sens.dll
0x4c0a0000 0x17000 5.01.2600.5512 c:\windows\system32\wscsvc.dll
0x7d1e0000 0x2bc000 3.01.4001.5512 c:\windows\system32\msi.dll
0x75290000 0x37000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemcomn.dll
0x762c0000 0x85000 5.01.2600.5512 C:\WINDOWS\System32\Wbem\wbemcore.dll
0x75310000 0x3f000 5.01.2600.5512 C:\WINDOWS\System32\Wbem\esscli.dll
0x75690000 0x76000 5.01.2600.5755 C:\WINDOWS\System32\Wbem\FastProx.dll
0x74ed0000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
0x75020000 0x1b000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wmiutils.dll
0x75200000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\wbem\repdrvfs.dll
0x3f1e0000 0x72000 5.01.2600.5755 C:\WINDOWS\system32\wbem\wmiprvsd.dll
0x5f770000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\NCObjAPI.DLL
0x75390000 0x46000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemess.dll
0x76bb0000 0x5000 5.01.2600.5512 C:\WINDOWS\System32\sfc.dll
0x76c60000 0x2a000 5.01.2600.5512 C:\WINDOWS\System32\sfc_os.dll
0x77b40000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll
0x7e720000 0xb0000 5.01.2600.5512 C:\WINDOWS\System32\SXS.DLL
0x76620000 0x13c000 2001.12.4414.0702 C:\WINDOWS\system32\comsvcs.dll
0x75130000 0x14000 2001.12.4414.0700 C:\WINDOWS\system32\colbact.DLL
0x750f0000 0x13000 2001.12.4414.0706 C:\WINDOWS\system32\MTXCLU.DLL
0x71ad0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\WSOCK32.dll
0x76d10000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\CLUSAPI.DLL
0x750b0000 0x12000 5.01.2600.5512 C:\WINDOWS\System32\RESUTILS.DLL
0x5f740000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\ncprov.dll
0x66460000 0x55000 5.01.2600.5512 c:\windows\system32\ipnathlp.dll
0x776c0000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll
0x76de0000 0x24000 5.01.2600.5512 C:\WINDOWS\system32\upnp.dll
0x74f00000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\SSDPAPI.dll
0x755f0000 0x9a000 5.01.2600.5512 C:\WINDOWS\system32\netcfgx.dll
0x7df30000 0x32000 5.01.2600.5512 C:\WINDOWS\System32\rasmans.dll
0x74370000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\WINIPSEC.DLL
0x733e0000 0x40000 5.01.2600.5512 c:\windows\system32\tapisrv.dll
0x75880000 0x11000 5.01.2600.5512 C:\WINDOWS\System32\rastapi.dll
0x57cc0000 0x36000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp
0x72000000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\uniplat.dll
0x76fc0000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\rasadhlp.dll
0x5b070000 0x14000 5.01.2600.5512 C:\WINDOWS\System32\unimdmat.dll
0x61650000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\modemui.dll
0x57d40000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp
0x57d20000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp
0x57d50000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp
0x57d70000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp
0x57d60000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp
0x688f0000 0x9000 5.01.2600.5512 C:\WINDOWS\System32\HID.DLL
0x72240000 0x37000 5.01.2600.5512 C:\WINDOWS\System32\rasppp.dll
0x724b0000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\ntlsapi.dll
0x71cf0000 0x4c000 5.01.2600.5834 C:\WINDOWS\system32\kerberos.dll
0x72ae0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL
0x768d0000 0xa4000 5.01.2600.5512 C:\WINDOWS\System32\RASDLG.dll
0x74980000 0x123000 8.100.1052.0000 C:\WINDOWS\system32\msxml3.dll
0x75cf0000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\mlang.dll
0x4cb90000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\xmlprovi.dll
------------------------------------------------------------------------------
svchost.exe pid: 984
Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9c0000 0x817000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f60000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76390000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76770000 0xd000 5.01.2600.5512 c:\windows\system32\dnsrslvr.dll
0x76f20000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll
0x71ab0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x71aa0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x76d60000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x71a50000 0x3f000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x662b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
svchost.exe pid: 1028
Command line: C:\WINDOWS\system32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9c0000 0x817000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f60000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76390000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x77690000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x00630000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x74c40000 0x6000 5.01.2600.5512 c:\windows\system32\lmhsvc.dll
0x76d60000 0x19000 5.01.2600.5512 c:\windows\system32\iphlpapi.dll
0x71ab0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x71aa0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
0x765e0000 0x14000 5.01.2600.5512 c:\windows\system32\ssdpsrv.dll
0x662b0000 0x58000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x71a50000 0x3f000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll
0x71a90000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll
0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll
0x67570000 0xa000 5.01.2600.5891 C:\WINDOWS\system32\httpapi.dll
0x4d4f0000 0x59000 5.01.2600.5868 C:\WINDOWS\system32\WINHTTP.dll
------------------------------------------------------------------------------
svchost.exe pid: 1560
Command line: C:\WINDOWS\system32\svchost.exe -k LocalService
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9c0000 0x817000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f60000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76390000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x77690000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL
0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll
0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x00630000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x5a6e0000 0x15000 5.01.2600.5512 c:\windows\system32\webclnt.dll
0x3d930000 0xe6000 8.00.6001.18939 C:\WINDOWS\system32\WININET.dll
0x00940000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x78130000 0x133000 8.00.6001.18939 C:\WINDOWS\system32\urlmon.dll
0x3dfd0000 0x1e8000 8.00.6001.18939 C:\WINDOWS\system32\iertutil.dll
0x71ab0000 0x17000 5.01.2600.5512 c:\windows\system32\WS2_32.dll
0x71aa0000 0x8000 5.01.2600.5512 c:\windows\system32\WS2HELP.dll
------------------------------------------------------------------------------
svchost.exe pid: 1696
Command line: C:\WINDOWS\system32\svchost.exe -k imgsvc
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9c0000 0x817000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f60000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll
0x76390000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x75aa0000 0x55000 5.01.2600.5512 c:\windows\system32\wiaservc.dll
0x74ae0000 0x7000 5.01.2600.5512 c:\windows\system32\CFGMGR32.dll
0x77920000 0xf3000 5.01.2600.5512 c:\windows\system32\setupapi.DLL
0x73b30000 0x15000 5.01.2600.5627 c:\windows\system32\mscms.dll
0x73000000 0x26000 5.01.2600.5512 c:\windows\system32\WINSPOOL.DRV
0x76360000 0x10000 5.01.2600.5512 c:\windows\system32\WINSTA.dll
0x5b860000 0x55000 5.01.2600.5694 c:\windows\system32\NETAPI32.dll
0x00680000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll
0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76c30000 0x2e000 5.131.2600.5922 C:\WINDOWS\system32\WINTRUST.dll
0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.5875 C:\WINDOWS\system32\MSASN1.dll
0x76c90000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll
0x71d40000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll
------------------------------------------------------------------------------
svchost.exe pid: 1736
Command line: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Base Size Version Path
0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe
0x7c900000 0xb2000 5.01.2600.5755 C:\WINDOWS\system32\ntdll.dll
0x7c800000 0xf6000 5.01.2600.5781 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 0x9b000 5.01.2600.5755 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 0x92000 5.01.2600.5795 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 0x11000 5.01.2600.5834 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll
0x6f880000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL
0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll
0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll
0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\System32\WINMM.dll
0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll
0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll
0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\System32\MSACM32.dll
0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll
0x7c9c0000 0x817000 6.00.2900.6018 C:\WINDOWS\system32\SHELL32.dll
0x77f60000 0x76000 6.00.2900.5912 C:\WINDOWS\system32\SHLWAPI.dll
0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll
0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\System32\UxTheme.dll
0x76390000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x77690000 0x21000 5.01.2600.5512 C:\WINDOWS\System32\NTMARTA.DLL
0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll
0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll
0x00630000 0x2c5000 5.01.2600.5512 C:\WINDOWS\System32\xpsp2res.dll
0x5aa90000 0x7000 6.00.2600.5512 c:\windows\system32\w3ssl.dll
0x6f290000 0x16000 6.00.2600.5891 C:\WINDOWS\System32\strmfilt.dll
0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\System32\CRYPT32.dll
0x77b20000 0x12000 5.01.2600.5875 C:\WINDOWS\System32\MSASN1.dll
0x67570000 0xa000 5.01.2600.5891 C:\WINDOWS\System32\HTTPAPI.dll
0x71ab0000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\WS2_32.dll
0x71aa0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\WS2HELP.dll

No matching processes were found.

¤¤¤¤¤¤¤¤¤¤¤ Ports ¤¤¤¤¤¤¤¤¤¤

Pid Process Port Proto Path
648 -> 1027 TCP
892 -> 135 TCP
1028 -> 2869 TCP
4 System -> 139 TCP
0 System -> 2869 TCP
4 System -> 445 TCP
648 -> 123 UDP
892 -> 445 UDP
1028 -> 4500 UDP
4 System -> 1067 UDP
0 System -> 123 UDP
0 System -> 137 UDP
0 System -> 138 UDP
0 System -> 1900 UDP
4 System -> 500 UDP

¤¤¤¤¤¤¤¤¤¤ Boot Execute ¤¤¤¤¤¤¤¤¤¤


HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
autocheck autochk *
Auto Check Utility
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\autochk.exe
23043c91a0f9dfb4b9e9f87b680863b4 (MD5)
2d339527dc985be5ad163be8263e8e18892e8de5 (SHA-1)
318a6f6db4a1ede7d3758e324350ea852449abd2a7bb77004fbc403cf9ffb08b (SHA-256)

¤¤¤¤¤¤¤¤¤¤ LSA | Security Providers ¤¤¤¤¤¤¤¤¤¤


HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
msapsspc.dll
msapsspc.dll
DPA Client for 32 bit platforms
Microsoft Corporation
6.00.0000.7755
c:\windows\system32\msapsspc.dll
f24b12786d60a17008319e3f2aee7799 (MD5)
6ae0e3be35e8101001344cc216761c8a05ed4058 (SHA-1)
bf916f65d770c61612678171cc184a0bf259992cec0bf607d26834ce2a234fb3 (SHA-256)
schannel.dll
schannel.dll
TLS / SSL Security Provider
Microsoft Corporation
5.01.2600.6006
c:\windows\system32\schannel.dll
30ace70b3c0242f0d1ac3b4fa708710f (MD5)
eeffe7ca576150637a240c658f89bd526d51e894 (SHA-1)
252cd590ee9168635c21ac78718868abd5036731ebe9aa210c2055ca6f7c7be7 (SHA-256)
digest.dll
digest.dll
Digest SSPI Authentication Package
Microsoft Corporation
6.00.2900.5512
c:\windows\system32\digest.dll
3d76dd0cbc536e0f8c45d23ed230beb2 (MD5)
57c470b423ac9d8db9ad8e3a28c45cf8f86f329e (SHA-1)
f74f94525ab7ce1e269452c9e1dd08411a668cfdd94f069c90fc2ee33cb35a12 (SHA-256)
msnsspc.dll
msnsspc.dll
MSN Internet Access
Microsoft Corporation
6.01.1825.0000
c:\windows\system32\msnsspc.dll
a4388df80e52695ae92ee5f3f61f1619 (MD5)
0f40373b80077964654f1cc826106fdd2ede0e58 (SHA-1)
a4b7c6e10b92b5022ca6e8fd9094098614fd63178ea86a7b035eb89b373bf033 (SHA-256)

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
msv1_0
msv1_0
Microsoft Authentication Package v1.0
Microsoft Corporation
5.01.2600.5876
c:\windows\system32\msv1_0.dll
517561a1113b04e51d936cd018de1c1f (MD5)
fb79958937f4574ea217321d1a869c02edbd9ebe (SHA-1)
a5f572c3557705f28f7a465970f0432f55b616efd208ba0cbdffbf7a41f07c04 (SHA-256)

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
scecli
scecli
Windows Security Configuration Editor Client Engine
Microsoft Corporation
5.01.2600.5512
c:\windows\system32\scecli.dll
a86bb5e61bf3e39b62ab4c7e7085a084 (MD5)
3a3535122da168a549d2007123e9ae06146f2002 (SHA-1)
b88446e007153bb58c5ae867ac3fb4c46618bbaa5a152687201e0e81f881465a (SHA-256)

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
kerberos
kerberos
Kerberos Security Package
Microsoft Corporation
5.01.2600.5834
c:\windows\system32\kerberos.dll
99ea6ac9b3fee42e0438a3a24720ee3f (MD5)
c92bc7c31cfbcc5376ea655d4fad5054e214535d (SHA-1)
ef29e2cd4b24521ed103cfe68e5414ce411acd0e1139d316225ee52e80c40e5c (SHA-256)
msv1_0
msv1_0
Microsoft Authentication Package v1.0
Microsoft Corporation
5.01.2600.5876
c:\windows\system32\msv1_0.dll
517561a1113b04e51d936cd018de1c1f (MD5)
fb79958937f4574ea217321d1a869c02edbd9ebe (SHA-1)
a5f572c3557705f28f7a465970f0432f55b616efd208ba0cbdffbf7a41f07c04 (SHA-256)
schannel
schannel
TLS / SSL Security Provider
Microsoft Corporation
5.01.2600.6006
c:\windows\system32\schannel.dll
30ace70b3c0242f0d1ac3b4fa708710f (MD5)
eeffe7ca576150637a240c658f89bd526d51e894 (SHA-1)
252cd590ee9168635c21ac78718868abd5036731ebe9aa210c2055ca6f7c7be7 (SHA-256)
wdigest
wdigest
Microsoft Digest Access
Microsoft Corporation
5.01.2600.5834
c:\windows\system32\wdigest.dll
3aaf9b35939ff9e58ccd18d41655c2fc (MD5)
7c117e3a5d78d0deebb0be67d80ac8c9a25f6915 (SHA-1)
af7358ab0a507d77569a8d38d2392c224bfbefd1264c069bbc6c677bc20c6b8b (SHA-256)

¤¤¤¤¤¤¤¤¤¤ Scheduled tasks ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Programs ¤¤¤¤¤¤¤¤¤¤

Adobe Flash Player 10 ActiveX 10.0.22.87
Adobe Flash Player 10 Plugin 10.0.12.36
Agere Systems AC'97 Modem v2136D
C-Media WDM Audio Driver
CCleaner 2.35
Hazard Perception 2005/6
HiJackThis 1.0.0
Hotfix for Windows XP (KB952287) 1
Hotfix for Windows XP (KB976002-v5) 5
Hotfix for Windows XP (KB981793) 1
Huawei modem
List_Kill'em
MSN
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2005 Redistributable 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729
QuickTime
Security Update for Windows Internet Explorer 8 (KB2183461) 1
Security Update for Windows Internet Explorer 8 (KB971961) 1
Security Update for Windows Internet Explorer 8 (KB981332) 1
Security Update for Windows Internet Explorer 8 (KB982381) 1
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403) 1
Security Update for Windows XP (KB2115168) 1
Security Update for Windows XP (KB2160329) 1
Security Update for Windows XP (KB2183461) 1
Security Update for Windows XP (KB2229593)
0
Hope this is ok now sorry for getting it wrong
0
Anonymous User
Sep 13, 2010 at 03:43 PM
ok

if you have XP => double click
if you have Vista or Windows 7 => right click "execute as ...."


? Recovery List_Kill'em, with the shortcut on your desktop.

but this time:

? select the option Clean

let the tool work.

end of the scan window closes, and you have a report called Kill'em. txt file on your desktop,

? paste the contents into your reply

after that :

* Download here: UsbFix on your desktop



/! Temporarily disable and only time to use UsbFix, the real-time protection in your antivirus and antispyware thy, which can affect strongly the process of finding and cleaning tool.

if you have XP => double click
if you have Vista or Windows 7 => right click "execute as ...."


UsbFix icon located on your desktop.
On the page, click the button:

"Supress"

/! Branch your external data sources to your PC (USB keys, external hard drive, etc. ...) that may have been infected without opening

- Then click on OK
- Let the tool work.
- Post the report appears at the end.
The report is on C: \ UsbFix.txt



Note: "process.exe", a component of the tool is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus, but a utility to terminate processes.
Put into the wrong hands, this utility could adopt security software (antivirus, firewall ...) where the alert issued by the virus.
0
I am running the kill'em tool - clean as you asked, but i do not know what you mean by Branch your external data sources to your PC (USB keys, external hard drive, etc. ...) that may have been infected without opening
, sorry but i am not sure what you mean by that
0
also i dont have any antivirus on here except the security master av , which is not a real antivirus and i cannot disable it
0