Inactive [InActive] Computer detected several virus task manager disabled

Hi,

My computer has detected several viruses and the task manager disabled. I've run DDS and forward herewith the DDS log.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Acer at 18:33:01.10 on Mon 02/23/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1978.1362 [GMT 8:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\Acer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [NWEReboot]
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [pdfFactory Pro Dispatcher v2] "c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe" /source=HKLM
mRun: [SYS1] c:\windows\system32\system.exe
mRun: [SYS2] c:\windows\system32\bad1.exe
mRun: [SYS3] c:\windows\system32\bad2.exe
mRun: [SYS4] c:\windows\system32\bad3.exe
mRun: [Msmsgs] c:\windows\system32\Msmsgs.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
StartupFolder: c:\docume~1\acer\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\acer\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoFind = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\acer\applic~1\mozilla\firefox\profiles\dof5nkqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-27 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-27 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-27 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-27 107272]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-27 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-1-5 1339600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-27 84240]
S2 qimaw;Update Server;c:\windows\system32\svchost.exe -k netsvcs [2004-9-1 14336]
S2 ynrhyerny;Image Network;c:\windows\system32\svchost.exe -k netsvcs [2004-9-1 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-24 33752]

=============== Created Last 30 ================

2009-02-22 22:42 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-22 22:42 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-22 18:15 <DIR> --d----- C:\Deckard
2009-01-29 07:09 0 a------- c:\windows\system32\bad3.exe
2009-01-29 07:09 0 a------- c:\windows\system32\bad2.exe
2009-01-29 07:09 0 a------- c:\windows\system32\bad1.exe
2009-01-29 07:09 131 a--shr-- c:\windows\autorun.inf
2009-01-24 19:21 286,720 -------- c:\windows\system32\fppmon2.dll
2009-01-24 19:21 114,688 -------- c:\windows\system32\fppr232.dll
2009-01-24 19:18 <DIR> --d----- c:\windows\system32\appmgmt

==================== Find3M ====================

2009-01-20 22:51 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-08 11:47 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-08 11:47 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 11:47 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-05 09:34 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-01-05 09:34 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-01-03 01:00 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-27 16:16 505,392 a------- c:\windows\system32\msvcp71.dll
2008-12-27 14:48 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 18:33:15.84 ===============

Regards,
Kisna

 

Hi and welcome


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
  
  
  Please only run the tool once, ty.
  
  Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
  Don't select to run the Recovery Console as we don't need it.
  By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.
  
  
  
  NEXT**
  Please open DDS
• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

---------------------------------------------------



In your next reply post:
ComboFix.txt
new DDS log

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Combofix

ComboFix 09-02-24.02 - Acer 2009-02-25 13:32:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1978.1421 [GMT 8:00]
Running from: c:\documents and settings\Acer\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\autorun.inf
c:\windows\system32\bad1.exe
c:\windows\system32\bad2.exe
c:\windows\system32\bad3.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.

2009-02-24 17:49 . 2009-02-24 17:49 <DIR> d-------- c:\windows\Sun
2009-02-22 22:42 . 2009-02-22 22:42 <DIR> d-------- c:\program files\Java
2009-02-22 22:42 . 2009-02-22 22:42 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 22:42 . 2009-02-22 22:42 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-22 18:15 . 2009-02-22 18:15 <DIR> d-------- C:\Deckard
2009-02-21 05:31 . 2009-02-21 05:31 <DIR> d-------- c:\documents and settings\Acer\Application Data\dvdcss
2009-02-20 23:11 . 2009-02-20 23:11 <DIR> d-------- c:\documents and settings\Acer\Application Data\CyberLink
2009-02-04 23:08 . 2009-02-04 23:08 <DIR> d-------- c:\program files\Google
2009-01-28 00:10 . 2009-01-28 00:10 <DIR> d-------- c:\documents and settings\Acer\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 15:36 --------- d-----w c:\documents and settings\Acer\Application Data\AdobeUM
2009-02-20 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-30 14:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-26 09:49 --------- d-----w c:\documents and settings\Acer\Application Data\DivX
2009-01-24 11:17 --------- d-----w c:\program files\Common Files\Adobe
2009-01-24 10:49 --------- d-----w c:\program files\NOS
2009-01-24 10:49 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-01-20 14:51 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-16 15:13 --------- d-----w c:\program files\Yahoo!
2009-01-16 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-10 09:08 --------- d-----w c:\documents and settings\Acer\Application Data\Media Player Classic
2009-01-08 03:47 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 03:47 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-08 03:47 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-07 12:35 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2009-01-05 01:34 50,968 ----a-w c:\windows\system32\avgfwdx.dll
2009-01-05 01:34 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2009-01-04 08:10 --------- d-----w c:\program files\DivX
2009-01-04 08:09 --------- d-----w c:\program files\VideoLAN
2009-01-03 15:33 --------- d-----w c:\documents and settings\Acer\Application Data\vlc
2008-12-28 06:23 --------- d-----w c:\program files\Winamp
2008-12-27 08:21 --------- d-----w c:\program files\AVG
2008-12-27 08:18 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-27 08:17 --------- d-----w c:\program files\InstallShield Installation Information
2008-12-27 08:17 --------- d-----w c:\program files\CyberLink
2008-12-27 08:16 505,392 ----a-w c:\windows\system32\msvcp71.dll
2008-12-27 08:13 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-27 08:11 --------- d-----w c:\program files\Microsoft Works
2008-12-27 08:10 --------- d-----w c:\program files\MSBuild
2008-12-27 08:01 --------- d-----w c:\program files\Common Files\Ahead
2008-12-27 07:58 --------- d-----w c:\program files\Nero
2008-12-27 07:56 --------- d-----w c:\program files\MSN Messenger
2008-12-27 07:54 --------- d-----w c:\program files\QuickTime
2008-12-27 07:54 --------- d-----w c:\program files\iTunes
2008-12-27 07:54 --------- d-----w c:\program files\iPod
2008-12-27 07:54 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-27 07:54 --------- d-----w c:\documents and settings\Acer\Application Data\Apple Computer
2008-12-27 07:53 --------- d-----w c:\program files\Apple Software Update
2008-12-27 07:52 --------- d-----w c:\program files\Common Files\xing shared
2008-12-27 07:52 --------- d-----w c:\program files\Common Files\Real
2008-12-27 07:51 --------- d-----w c:\program files\Real
2008-12-27 06:52 --------- d-----w c:\program files\microsoft frontpage
.

------- Sigcheck -------

2004-09-01 08:00 359040 7b11118b078b88f87183fe69eda43137 c:\windows\system32\drivers\tcpip.sys

2004-09-01 08:00 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-09-01 15360]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-05-20 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-05-20 170520]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-05-20 141848]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-27 180269]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304]
"pdfFactory Pro Dispatcher v2 "= "c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-05-31 483328]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 148888]
"RTHDCPL "= "RTHDCPL.EXE" [2007-05-28 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Acer\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OneNote Table Of Contents.onetoc2 [2009-02-07 3656]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-27 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-08 11:47 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"9741:TCP "= 9741:TCP:roqgqlzx

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-27 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-27 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-27 107272]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-27 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-05 1339600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-27 84240]
S2 qimaw;Update Server;c:\windows\system32\svchost.exe -k netsvcs [2004-09-01 14336]
S2 ynrhyerny;Image Network;c:\windows\system32\svchost.exe -k netsvcs [2004-09-01 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-24 33752]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qimaw
ynrhyerny

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{065a6b4e-f3ea-11dd-920d-001eecd51a69}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{253d3660-f4a6-11dd-9211-001eecd51a69}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2da29cce-e75a-11dd-91dd-001eecd51a69}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53ede5da-ed90-11dd-91f7-001eecd51a69}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e85d90ee-f5a1-11dd-9216-001eecd51a69}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4a321b8-ee1a-11dd-91f9-001eecd51a69}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\dof5nkqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-25 13:33:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qimaw]
"ServiceDll "= "c:\windows\system32\ujvte.dll "
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ynrhyerny]
"ServiceDll "= "c:\windows\system32\ujvte.dll "
.
Completion time: 2009-02-25 13:34:16
ComboFix-quarantined-files.txt 2009-02-25 05:34:14

Pre-Run: 70,348,455,936 bytes free
Post-Run: 70,497,984,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

212

 

DDS (Ver_09-02-01.01) - NTFSx86
Run by Acer at 13:38:44.98 on Wed 02/25/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1978.1501 [GMT 8:00]

AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Acer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [pdfFactory Pro Dispatcher v2] "c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe" /source=HKLM
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
StartupFolder: c:\docume~1\acer\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\acer\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\acer\applic~1\mozilla\firefox\profiles\dof5nkqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-27 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-27 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-27 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-27 107272]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-27 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-1-5 1339600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-27 84240]
S2 qimaw;Update Server;c:\windows\system32\svchost.exe -k netsvcs [2004-9-1 14336]
S2 ynrhyerny;Image Network;c:\windows\system32\svchost.exe -k netsvcs [2004-9-1 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-24 33752]

=============== Created Last 30 ================

2009-02-25 13:32 <DIR> a-dshr-- C:\cmdcons
2009-02-25 13:27 161,792 a------- c:\windows\SWREG.exe
2009-02-25 13:27 98,816 a------- c:\windows\sed.exe
2009-02-25 13:27 <DIR> --d----- C:\ComboFix
2009-02-22 22:42 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-22 22:42 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-22 18:15 <DIR> --d----- C:\Deckard

==================== Find3M ====================

2009-01-20 22:51 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-08 11:47 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-08 11:47 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 11:47 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-05 09:34 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-01-05 09:34 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-01-03 01:00 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-27 16:16 505,392 a------- c:\windows\system32\msvcp71.dll
2008-12-27 14:48 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 13:38:57.98 ===============

 

Welcome back

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.



You have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

• Plug in your USB flash drive.
• Double-click Flash_Disinfector.exe to run it.
• Follow any prompts that may appear.
• Your desktop will vanish for a while, and then reappear. This is normal.
• Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Please leave the flash drive plugged in while completing the following.



Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qimaw]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ynrhyerny]

Rootkit::
c:\windows\system32\ujvte.dll

Driver::
qimaw
ynrhyerny

Folder:: 
C:\Deckard

File::
F:\system.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
 "9741:TCP "=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{065a6b4e-f3ea-11dd-920d-001eecd51a69}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{253d3660-f4a6-11dd-9211-001eecd51a69}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2da29cce-e75a-11dd-91dd-001eecd51a69}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53ede5da-ed90-11dd-91f7-001eecd51a69}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e85d90ee-f5a1-11dd-9216-001eecd51a69}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4a321b8-ee1a-11dd-91f9-001eecd51a69}]

NetSvc::
qimaw
ynrhyerny

DDS::
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045}- No File

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



NEXT**
Please download [color= "blue"]JavaRa[/color] to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


NEXT**
Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================


NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
ComboFix.txt
Kaspersky log
New DDS log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.


Please give me an update on how the computer is at the moment.

 

Hi,
I've followed your instruction until stage ATF-Cleaner.exe, but when i try to click on the kapersky online scanner the page load error sign appear. so i cannot complete the given stage.Please advice.
herewith I forward to you combofix.txt


DDS (Ver_09-02-01.01) - NTFSx86
Run by Acer at 13:38:44.98 on Wed 02/25/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1978.1501 [GMT 8:00]

AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Acer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [pdfFactory Pro Dispatcher v2] "c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe" /source=HKLM
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
StartupFolder: c:\docume~1\acer\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\acer\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\acer\applic~1\mozilla\firefox\profiles\dof5nkqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-27 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-27 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-27 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-27 107272]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2006-11-2 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-27 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-1-5 1339600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-27 84240]
S2 qimaw;Update Server;c:\windows\system32\svchost.exe -k netsvcs [2004-9-1 14336]
S2 ynrhyerny;Image Network;c:\windows\system32\svchost.exe -k netsvcs [2004-9-1 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-24 33752]

=============== Created Last 30 ================

2009-02-25 13:32 <DIR> a-dshr-- C:\cmdcons
2009-02-25 13:27 161,792 a------- c:\windows\SWREG.exe
2009-02-25 13:27 98,816 a------- c:\windows\sed.exe
2009-02-25 13:27 <DIR> --d----- C:\ComboFix
2009-02-22 22:42 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-22 22:42 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-22 18:15 <DIR> --d----- C:\Deckard

==================== Find3M ====================

2009-01-20 22:51 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-08 11:47 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-08 11:47 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 11:47 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-05 09:34 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-01-05 09:34 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-01-03 01:00 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-27 16:16 505,392 a------- c:\windows\system32\msvcp71.dll
2008-12-27 14:48 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 13:38:57.98 ===============

 

sorry, i've post the wrong log file..
please ignore post #6

ComboFix 09-02-24.02 - Acer 2009-02-26 0:11:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1978.1417 [GMT 8:00]
Running from: c:\documents and settings\Acer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Acer\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*
* Created a new restore point

FILE ::
F:\system.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Deckard
c:\windows\system32\ujvte.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_QIMAW
-------\Legacy_YNRHYERNY


((((((((((((((((((((((((( Files Created from 2009-01-25 to 2009-02-25 )))))))))))))))))))))))))))))))
.

2009-02-24 17:49 . 2009-02-24 17:49 <DIR> d-------- c:\windows\Sun
2009-02-22 22:42 . 2009-02-22 22:42 <DIR> d-------- c:\program files\Java
2009-02-22 22:42 . 2009-02-22 22:42 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 22:42 . 2009-02-22 22:42 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-21 05:31 . 2009-02-21 05:31 <DIR> d-------- c:\documents and settings\Acer\Application Data\dvdcss
2009-02-20 23:11 . 2009-02-20 23:11 <DIR> d-------- c:\documents and settings\Acer\Application Data\CyberLink
2009-02-04 23:08 . 2009-02-04 23:08 <DIR> d-------- c:\program files\Google
2009-01-28 00:10 . 2009-01-28 00:10 <DIR> d-------- c:\documents and settings\Acer\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 06:40 --------- d-----w c:\documents and settings\Acer\Application Data\AdobeUM
2009-02-20 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-30 14:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-26 09:49 --------- d-----w c:\documents and settings\Acer\Application Data\DivX
2009-01-24 11:17 --------- d-----w c:\program files\Common Files\Adobe
2009-01-24 10:49 --------- d-----w c:\program files\NOS
2009-01-24 10:49 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-01-20 14:51 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-16 15:13 --------- d-----w c:\program files\Yahoo!
2009-01-16 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-10 09:08 --------- d-----w c:\documents and settings\Acer\Application Data\Media Player Classic
2009-01-08 03:47 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 03:47 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-08 03:47 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-07 12:35 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2009-01-05 01:34 50,968 ----a-w c:\windows\system32\avgfwdx.dll
2009-01-05 01:34 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2009-01-04 08:10 --------- d-----w c:\program files\DivX
2009-01-04 08:09 --------- d-----w c:\program files\VideoLAN
2009-01-03 15:33 --------- d-----w c:\documents and settings\Acer\Application Data\vlc
2008-12-28 06:23 --------- d-----w c:\program files\Winamp
2008-12-27 08:21 --------- d-----w c:\program files\AVG
2008-12-27 08:18 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-27 08:17 --------- d-----w c:\program files\InstallShield Installation Information
2008-12-27 08:17 --------- d-----w c:\program files\CyberLink
2008-12-27 08:16 505,392 ----a-w c:\windows\system32\msvcp71.dll
2008-12-27 08:13 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-27 08:11 --------- d-----w c:\program files\Microsoft Works
2008-12-27 08:10 --------- d-----w c:\program files\MSBuild
2008-12-27 08:01 --------- d-----w c:\program files\Common Files\Ahead
2008-12-27 07:58 --------- d-----w c:\program files\Nero
2008-12-27 07:56 --------- d-----w c:\program files\MSN Messenger
2008-12-27 07:54 --------- d-----w c:\program files\QuickTime
2008-12-27 07:54 --------- d-----w c:\program files\iTunes
2008-12-27 07:54 --------- d-----w c:\program files\iPod
2008-12-27 07:54 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-27 07:54 --------- d-----w c:\documents and settings\Acer\Application Data\Apple Computer
2008-12-27 07:53 --------- d-----w c:\program files\Apple Software Update
2008-12-27 07:52 --------- d-----w c:\program files\Common Files\xing shared
2008-12-27 07:52 --------- d-----w c:\program files\Common Files\Real
2008-12-27 07:51 --------- d-----w c:\program files\Real
2008-12-27 06:52 --------- d-----w c:\program files\microsoft frontpage
.

------- Sigcheck -------

2004-09-01 08:00 359040 7b11118b078b88f87183fe69eda43137 c:\windows\system32\drivers\tcpip.sys

2004-09-01 08:00 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-25_13.33.44.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-02-25 05:22:58 41,238 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-25 15:54:35 41,238 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-25 05:22:58 315,076 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-25 15:54:35 315,076 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-25 16:17:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_580.dat
+ 2009-02-25 16:17:39 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_b74.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-09-01 15360]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-05-20 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-05-20 170520]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-05-20 141848]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-27 180269]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304]
"pdfFactory Pro Dispatcher v2 "= "c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-05-31 483328]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 148888]
"RTHDCPL "= "RTHDCPL.EXE" [2007-05-28 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Acer\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OneNote Table Of Contents.onetoc2 [2009-02-07 3656]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-27 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-08 11:47 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-27 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-27 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-27 107272]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-27 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-05 1339600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-27 84240]
S2 rzotxc;sahhmrje;c:\windows\system32\svchost.exe -k netsvcs [2004-09-01 14336]
S2 wpnypd;Installer Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-09-01 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-24 33752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - RZOTXC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wpnypd
rzotxc
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\dof5nkqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 00:17:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rzotxc]
"ServiceDll "= "c:\windows\system32\ujvte.dll "
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wpnypd]
"ServiceDll "= "c:\windows\system32\ujvte.dll "
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-26 0:19:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-25 16:19:15
ComboFix2.txt 2009-02-25 05:34:17

Pre-Run: 70,525,857,792 bytes free
Post-Run: 70,295,142,400 bytes free

211

 

Welcome back


Save these instructions to wordpad/notepad or print them out, while some of the fix will have all windows closed and will help you complete all the necessary steps.


You may have a couple of patched system files the infection caused.

Go to My Computer->Tools->Folder Options->View tab:

[*]Under the Hidden files and folders heading:

[*]Select - Show hidden files and folders.

[*]Uncheck- Hide protected operating system files (recommended) option.

[*]Also, make sure there is no checkmark beside Hide file extensions for known file types.

[*] Click OK. (Remember to Hide files and folders once done)

Please go to: VirusTotal

• 
  
  
  
  
  
  
• Click the Browse button and search for the following file: c:\windows\system32\drivers\tcpip.sys
• Click Open
• Then click Send File
• Please be patient while the file is scanned.
• Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now "

Also please have the next files scanned.
c:\windows\system32\termsrv.dll




Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

Rootkit::
c:\windows\system32\ujvte.dll

RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rzotxc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wpnypd]

Driver::
wpnypd
rzotxc

NetSvc::
wpnypd
rzotxc

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.




Let's try a different online scanner.


Perform an online scan with Panda ActiveScan
* Click on Scan Your PC Now
* A "pop up" window will appear, or a new tab will open.
* Click on Register
* Choose the option you like most, but we recommend the Free Registration.

Click on Register
# Enter your e-mail address, and create a password.
# Select "I do not want to receive any type of information ". (unless you want to receive such information)
# Click on Send
# Confirm registration, and continue by entering your user name and password, then click on Enter
# Select Full Scan, then Click on Scan Now
# Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
# If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
# Please ignore the offer to buy the program. Click on Export To


* Export the log and save it to your desktop.
* Please attach the contents of that log in your next reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan





Download GMER Rootkit Scanner from here.

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in ark.txt

Save it where you can easily find it, such as your desktop then post the contents here.

**Caution**
Rootkit scans often produce false positives. Do NOT take action on any <---- ROOKIT entries






In your next reply post:
Requested file scanned information
ComboFix.txt
Panda log
Gmer log
new HJT log

You may need several replies to post the requested logs, otherwise they might get cut off.


How's your computer now?

 

Hi,
I've run VirusTotal and this is the scan result for c:\windows\system32\drivers\tcpip.sys:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.02.28 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.02.27 -
Authentium 5.1.0.4 2009.02.28 -
Avast 4.8.1335.0 2009.02.27 -
AVG 8.0.0.237 2009.02.27 -
BitDefender 7.2 2009.02.28 -
CAT-QuickHeal 10.00 2009.02.28 -
ClamAV 0.94.1 2009.02.28 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.28 -
eSafe 7.0.17.0 2009.02.26 -
eTrust-Vet 31.6.6376 2009.02.27 -
F-Prot 4.4.4.56 2009.02.26 -
F-Secure 8.0.14470.0 2009.02.27 -
Fortinet 3.117.0.0 2009.02.28 -
GData 19 2009.02.28 -
Ikarus T3.1.1.45.0 2009.02.28 -
K7AntiVirus 7.10.649 2009.02.27 -
Kaspersky 7.0.0.125 2009.02.28 -
McAfee 5538 2009.02.27 -
McAfee+Artemis 5538 2009.02.27 -
Microsoft 1.4306 2009.02.28 -
NOD32 3895 2009.02.27 -
Norman 6.00.06 2009.02.27 -
nProtect 2009.1.8.0 2009.02.28 -
Panda 10.0.0.10 2009.02.27 -
PCTools 4.4.2.0 2009.02.27 -
Prevx1 V2 2009.02.28 -
Rising 21.18.50.00 2009.02.28 -
SecureWeb-Gateway 6.7.6 2009.02.27 -
Sophos 4.39.0 2009.02.28 -
Sunbelt 3.2.1858.2 2009.02.28 -
Symantec 10 2009.02.28 -
TheHacker 6.3.2.6.267 2009.02.28 -
TrendMicro 8.700.0.1004 2009.02.27 -
VBA32 3.12.10.1 2009.02.26 -
ViRobot 2009.2.28.1628 2009.02.28 -
VirusBuster 4.5.11.0 2009.02.27 -
Additional information
File size: 359040 bytes
MD5...: 7b11118b078b88f87183fe69eda43137
SHA1..: 5a0920a5594244b1156af1f0abf705bfc69227ca
SHA256: 0995518c6d0fc431aee4f3a5e1fe59de549fbdea392d01e734cc35b0f13c20ff
SHA512: 2149a53a0c09426015b95b3c5e951b12e83984266ea20364e93e04f0579cf639
088fdf83b2395ea2e3d5f6ab6315a19bd594742e31c71d94fef063545b119a73
ssdeep: 6144:FNsoh3xEJoYL4WjO8Pe8F7EHkunkKr/DvsI9021VuhuVRPTeiN2d/LWNba3
oA:AoNGqYL4ooHtfvLn2u/E/7
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x51196
timedatestamp.....: 0x41107ecf (Wed Aug 04 06:14:39 2004)
machinetype.......: 0x14c (I386)
( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x3e946 0x3e980 6.60 643853ade61026df88ede2edb9ec7c33
.rdata 0x3ed00 0x57c 0x580 4.42 f8464eba6b02d00de9e773b0204cee78
.data 0x3f280 0xa4a4 0xa500 0.06 b3fc32b281b47111d104f80e77996f6c
PAGE 0x49780 0x1f27 0x1f80 6.39 ea783b68f5cf42f310a6c23aa5236d34
PAGEIPMc 0x4b700 0x2783 0x2800 6.41 b9863a636b93f57fa3f39bc70defcb54
PAGELK 0x4df00 0x6f2 0x700 6.17 98b56ac9253dac973c411a2217b1124b
.edata 0x4e600 0x2eb 0x300 5.30 bf33e66921dae71729e1c48f47faaf0b
INIT 0x4e900 0x57f2 0x5800 6.21 9f6fca1fc287745e3ccda1b899422a4e
.rsrc 0x54100 0x3f0 0x400 3.40 3ce484e663e0c007ee6a8661022ec6f2
.reloc 0x54500 0x3548 0x3580 6.80 242690837b0b00c1aa768245bd09bb33
( 4 imports )
> ntoskrnl.exe: MmLockPagableSectionByHandle, _wcsicmp, wcscpy, wcsncpy,
wcschr, RtlAppendUnicodeToString, RtlExtendedMagicDivide,
ExLocalTimeToSystemTime, RtlTimeToTimeFields, RtlIpv4StringToAddressW,
RtlUnicodeStringToInteger, ZwEnumerateValueKey, KeReadStateEvent,
KeReleaseMutex, MmIsThisAnNtAsSystem, KeInitializeMutex,
IoRaiseInformationalHardError, RtlAnsiStringToUnicodeString,
RtlUnicodeStringToAnsiString, InterlockedPopEntrySList,
InterlockedPushEntrySList, ZwQueryValueKey, ZwSetValueKey,
ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl,
RtlLengthSid, SeExports, RtlMapGenericMask,
IoGetFileObjectGenericMapping, ObReleaseObjectSecurity,
SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor,
RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor,
ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest,
IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce,
MmLockPagableDataSection, RtlInitializeSid, RtlLengthRequiredSid,
ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD,
RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor,
RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor,
RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl,
IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply,
KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc,
RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext,
ObDereferenceSecurityDescriptor, PsGetCurrentProcessId,
RtlWalkFrameChain, _aulldvrm, ExNotifyCallback, ExCreateCallback,
ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges,
SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity,
IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3,
ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess,
RtlPrefetchMemoryNonTemporal, ExInitializeNPagedLookasideList,
KeInitializeDpc, KeInitializeTimer, KeSetTimerEx, ZwClose,
IoCreateDevice, IoDeleteDevice, ZwOpenKey, KeDelayExecutionThread,
KeWaitForSingleObject, ExDeleteNPagedLookasideList,
MmUnlockPagableImageSection, RtlInitUnicodeString, IoCreateSymbolicLink,
IoDeleteSymbolicLink, KeSetEvent, KeQueryTimeIncrement,
KeEnterCriticalRegion, KeLeaveCriticalRegion, ZwSetInformationThread,
KeQuerySystemTime, _allmul, _alldiv, MmQuerySystemSize,
ExfInterlockedInsertTailList, RtlCompareUnicodeString,
RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen,
RtlCompareMemory, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet,
RtlFindClearRuns, KeCancelTimer, KeClearEvent, DbgPrint, memmove,
RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver,
KeResetEvent, MmMapLockedPages, KeInitializeSpinLock,
IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest,
KeInitializeEvent, ExfInterlockedAddUlong, ExAllocatePoolWithTag,
MmMapLockedPagesSpecifyCache, IoFreeMdl, KefAcquireSpinLockAtDpcLevel,
KefReleaseSpinLockFromDpcLevel, KeNumberProcessors, ExFreePoolWithTag,
ExAllocatePoolWithTagPriority, KeBugCheckEx, RtlSubAuthoritySid,
KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile,
ZwCreateFile
> HAL.dll: KfLowerIrql, KfRaiseIrql, KfReleaseSpinLock,
KfAcquireSpinLock, KeGetCurrentIrql, KeRaiseIrqlToDpcLevel,
KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex
> NDIS.SYS: NdisUnchainBufferAtFront, NdisAllocateBuffer, NdisFreePacket,
NdisAllocatePacket, NdisSetPacketPoolProtocolId,
NdisAllocatePacketPoolEx, NdisReturnPackets, NdisCompleteBindAdapter,
NdisReEnumerateProtocolBindings, NdisFreeBufferPool, NdisFreePacketPool,
NdisAllocateBufferPool, NdisCompletePnPEvent, NdisCloseAdapter,
NdisCancelSendPackets, NdisRequest, NdisFreeMemory,
NdisQueryAdapterInstanceName, NdisCopyBuffer, NdisRegisterProtocol,
NdisGetReceivedPacket, NdisOpenAdapter, NdisGetDriverHandle
> TDI.SYS: CTESignal, CTESystemUpTime, CTEScheduleDelayedEvent,
CTEInitEvent, CTEStartTimer, CTEInitTimer, CTEBlock, TdiProviderReady,
CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress,
TdiDeregisterDeviceObject, CTEBlockWithTracker, CTELogEvent,
TdiRegisterDeviceObject, TdiCopyMdlChainToMdlChain, TdiPnPPowerRequest,
TdiDeregisterProvider, TdiRegisterProvider, TdiInitialize,
TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent,
TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker,
TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel
( 27 exports )
FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface,
IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer,
IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface,
IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRegisterARP,
IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute,
LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr,
SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum

 

Forward to you the scan result for c:\windows\system32\termsrv.dll

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.02.28 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.02.27 -
Authentium 5.1.0.4 2009.02.28 -
Avast 4.8.1335.0 2009.02.27 -
AVG 8.0.0.237 2009.02.27 -
BitDefender 7.2 2009.02.28 -
CAT-QuickHeal 10.00 2009.02.28 -
ClamAV 0.94.1 2009.02.28 -
Comodo 986 2009.02.20 Unclassified Malware
DrWeb 4.44.0.09170 2009.02.28 -
eSafe 7.0.17.0 2009.02.26 -
eTrust-Vet 31.6.6376 2009.02.27 -
F-Prot 4.4.4.56 2009.02.26 -
F-Secure 8.0.14470.0 2009.02.27 -
Fortinet 3.117.0.0 2009.02.28 -
GData 19 2009.02.28 -
Ikarus T3.1.1.45.0 2009.02.28 -
K7AntiVirus 7.10.649 2009.02.27 -
Kaspersky 7.0.0.125 2009.02.28 -
McAfee 5538 2009.02.27 -
McAfee+Artemis 5538 2009.02.27 -
Microsoft 1.4306 2009.02.28 -
NOD32 3895 2009.02.27 -
Norman 6.00.06 2009.02.27 -
nProtect 2009.1.8.0 2009.02.28 -
Panda 10.0.0.10 2009.02.27 -
PCTools 4.4.2.0 2009.02.27 -
Prevx1 V2 2009.02.28 -
Rising 21.18.50.00 2009.02.28 -
SecureWeb-Gateway 6.7.6 2009.02.27 -
Sophos 4.39.0 2009.02.28 -
Sunbelt 3.2.1858.2 2009.02.28 -
Symantec 10 2009.02.28 -
TheHacker 6.3.2.6.267 2009.02.28 -
TrendMicro 8.700.0.1004 2009.02.27 -
VBA32 3.12.10.1 2009.02.26 -
ViRobot 2009.2.28.1628 2009.02.28 -
VirusBuster 4.5.11.0 2009.02.27 -
Additional information
File size: 215552 bytes
MD5...: a77219a971029dc2fb683e8513713803
SHA1..: 1c456520a7b7faf71900c71167038185f5a7d312
SHA256: 1eba9a909641e64e935090956b03182335d298cad78052cef3b3f75691eb3f50
SHA512: 06c8a1ce76f1600e2c791f9e634f9559c82948d0f7cc93648981476191e4c9f3
6cb5ee4148ee1fe94960e7275fc9d61550cab6ea0a43e783a0b7819764fd6215
ssdeep: 3072tNuBp/YIDqobOlqVLBBjAg79G1T65ZF8p5LGvPEDRRQLUMPZU2GdH8CN9u
iecdtNuBSID4AVdVAWF8p5L2ECPZzCN1
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x6648
timedatestamp.....: 0x3fdfda9a (Wed Dec 17 04:24:58 2003)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2cc8a 0x2ce00 6.56 b626bccaad78857433a671be7353bee0
.data 0x2e000 0x99d8 0xc00 4.43 8242f339c32cd3226503a5e25712d30e
.rsrc 0x38000 0x3e68 0x4000 3.25 4ca44ce0719eae9a18d22e84f51bf714
.reloc 0x3c000 0x2a6e 0x2c00 6.27 c857ed44146f9d2d52508e4c41014875
( 13 imports )
> KERNEL32.dll: InitializeCriticalSection, FileTimeToSystemTime,
GetDateFormatW, GetDiskFreeSpaceA, GlobalMemoryStatus, GetLocalTime,
SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess,
GetCurrentThreadId, QueryPerformanceCounter, LoadLibraryA,
InterlockedCompareExchange, lstrcpynW, GetACP, MultiByteToWideChar,
InitializeCriticalSectionAndSpinCount, DeleteCriticalSection,
EnterCriticalSection, LeaveCriticalSection, WideCharToMultiByte,
GetComputerNameExW, PulseEvent, GetCurrentProcess, LocalSize,
GetCurrentThread, SetThreadPriority, GetWindowsDirectoryW,
GetProfileIntW, lstrcmpiW, lstrcatW, GetTickCount, GetProfileStringW,
LoadLibraryW, GetProcAddress, FreeLibrary, GetComputerNameW, OpenProcess,
IsBadWritePtr, IsBadReadPtr, ExitThread, lstrcpyW, InterlockedIncrement,
WaitForSingleObject, GetSystemTimeAsFileTime, GetComputerNameA,
GetSystemTime, GetSystemDirectoryW, CreateFileW, CreateThread,
InterlockedDecrement, OpenMutexW, OpenEventW, WaitForMultipleObjects,
OpenFileMappingW, MapViewOfFile, UnmapViewOfFile, CreateMutexW,
CompareFileTime, CreateWaitableTimerW, SetWaitableTimer, FormatMessageW,
GetSystemDefaultLCID, SystemTimeToFileTime, LoadLibraryExW,
DelayLoadFailureHook, ReleaseMutex, GetLastError, CreateEventW,
VerSetConditionMask, VerifyVersionInfoW, SetEvent, ResetEvent,
GetVersionExW, IsDebuggerPresent, GetCurrentProcessId, CreateProcessW,
CloseHandle, Sleep, DebugBreak, DisableThreadLibraryCalls,
GetProcessHeap, LocalAlloc, SetLastError, LocalFree, lstrlenW, GetVersion
> msvcrt.dll: qsort, strncpy, gmtime, time, mktime, _mbslen, mbstowcs,
wcscpy, _wcsicmp, wcscmp, _except_handler3, _wcsnicmp, wcscat, swscanf,
wcslen, wcsncpy, swprintf, memmove, _snwprintf, wcschr, sprintf,
__3@YAXPAX@Z, __2@YAPAXI@Z, _vsnwprintf, _purecall
> ntdll.dll: RtlInitializeResource, NtCreateEvent,
RtlAnsiStringToUnicodeString, NtQuerySystemTime, RtlEqualSid,
RtlAdjustPrivilege, RtlInitializeCriticalSection, NtTerminateProcess,
NtQueryMutant, NtReleaseMutant, NtWaitForSingleObject, NtCreateMutant,
NtQueryInformationProcess, NtDuplicateToken, NtSetInformationThread,
RtlpNtEnumerateSubKey, NtRequestPort, NtConnectPort, RtlInitAnsiString,
RtlQueryRegistryValues, NtDeviceIoControlFile,
RtlExtendedLargeIntegerDivide, NtSetTimer, NtCreateTimer,
RtlCopySecurityDescriptor, RtlNtStatusToDosError, RtlDeleteAce,
RtlDeleteElementGenericTable, RtlQueryInformationAcl, NtSetEvent,
RtlEnterCriticalSection, RtlAllocateHeap, RtlFreeHeap,
RtlLeaveCriticalSection, RtlAcquireResourceExclusive, RtlReleaseResource,
RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, NtClose,
RtlInsertElementGenericTable, RtlCompareMemory,
RtlConvertExclusiveToShared, RtlConvertSharedToExclusive,
RtlDeleteResource, NtRequestWaitReplyPort, RtlGetDaclSecurityDescriptor,
RtlMapGenericMask, RtlSubAuthoritySid, RtlInitializeSid,
RtlCreateUserSecurityObject, RtlSetDaclSecurityDescriptor,
RtlAddAccessAllowedAce, RtlCreateEnvironment, RtlSetProcessIsCritical,
DbgPrint, NtQuerySystemInformation, RtlLookupElementGenericTable,
RtlDeleteCriticalSection, RtlInitializeGenericTable, RtlCreateAcl,
RtlCreateSecurityDescriptor, NtWaitForMultipleObjects, NtResetEvent,
NtOpenProcess, RtlPrefixUnicodeString, DbgBreakPoint, NtDelayExecution,
RtlAcquireResourceShared, NtFreeVirtualMemory, NtAllocateVirtualMemory,
RtlCopySid, RtlLengthSid, NtQueryInformationToken, NtOpenProcessToken,
RtlLengthRequiredSid, NtOpenThreadToken, NtReplyPort,
NtCompleteConnectPort, NtAcceptConnectPort, NtCreateSection,
NtReplyWaitReceivePort, RtlFreeUnicodeString, RtlGetAce, NtCreatePort,
RtlWriteRegistryValue, RtlCreateRegistryKey, RtlLengthSecurityDescriptor,
RtlSetGroupSecurityDescriptor, RtlGetGroupSecurityDescriptor,
RtlGetOwnerSecurityDescriptor, NtSetSecurityObject,
NtQuerySecurityObject, NtOpenSymbolicLinkObject, NtQueryDirectoryObject,
NtCreateDirectoryObject, RtlFreeSid, RtlAllocateAndInitializeSid,
RtlIntegerToUnicodeString, RtlAppendUnicodeToString, NtDuplicateObject
> ICAAPI.dll: IcaStackCallback, IcaStackClose, IcaStackDisconnect,
IcaStackOpen, _IcaStackIoControl, IcaOpen, IcaIoControl,
IcaStackConnectionClose, IcaChannelIoControl, IcaChannelOpen,
IcaPushConsoleStack, IcaStackIoControl, IcaChannelClose,
IcaStackTerminate, IcaStackReconnect, IcaStackUnlock,
IcaStackConnectionAccept, IcaStackConnectionRequest, IcaClose,
IcaStackConnectionWait
> RPCRT4.dll: RpcServerListen, RpcServerUseProtseqEpW, RpcRaiseException,
RpcServerInqDefaultPrincNameW, NdrServerCall2, RpcServerRegisterIf,
RpcServerRegisterAuthInfoW, RpcServerRegisterIfEx,
RpcBindingToStringBindingW, RpcStringBindingParseW, RpcStringFreeW,
RpcImpersonateClient, I_RpcBindingIsClientLocal, RpcRevertToSelf,
RpcSsContextLockExclusive
> USER32.dll: LoadStringW, MessageBeep, ExitWindowsEx, wsprintfW,
GetMessageTime, GetCursorPos
> Secur32.dll: GetUserNameExW
> WS2_32.dll: -, -, -, -, -, getaddrinfo
> ADVAPI32.dll: OpenThreadToken, I_ScSendTSMessage, RegCreateKeyExW,
LsaStorePrivateData, LsaNtStatusToWinError, LsaRetrievePrivateData,
RegDeleteValueW, RegDeleteKeyW, ElfReportEventW,
LsaQueryInformationPolicy, GetEventLogInformation, LsaQuerySecret,
LsaFreeMemory, LsaOpenPolicy, LsaCreateSecret, LsaOpenSecret,
RegCloseKey, RegQueryValueExW, RegOpenKeyExW, SetServiceStatus,
GetUserNameW, RegOpenKeyW, SetServiceBits, ReportEventW,
RegisterEventSourceW, RegisterServiceCtrlHandlerW, CryptHashData,
CryptReleaseContext, CryptDestroyHash, CryptDestroyKey,
CryptVerifySignatureW, CryptImportKey, CryptCreateHash,
CryptAcquireContextW, DeregisterEventSource, RegEnumKeyW,
SetSecurityDescriptorDacl, InitializeSecurityDescriptor,
SetEntriesInAclW, AllocateAndInitializeSid, AccessCheckAndAuditAlarmW,
GetSidSubAuthority, GetSidSubAuthorityCount, GetSidIdentifierAuthority,
IsValidSid, GetTokenInformation, EqualSid, LookupAccountSidW,
RegSetValueExW, CryptGenRandom, LogonUserW, AddAccessAllowedAce,
InitializeAcl, GetLengthSid, ElfRegisterEventSourceW,
CheckTokenMembership, MakeSelfRelativeSD, MakeAbsoluteSD,
IsValidSecurityDescriptor, OpenProcessToken, AddAce, GetAce,
GetAclInformation, GetSecurityDescriptorDacl, LsaDelete, LsaSetSecret,
LsaClose, GetUserNameA
> CRYPT32.dll: CertGetIssuerCertificateFromStore, CryptBinaryToStringW,
CryptVerifyCertificateSignature, CertFreeCertificateContext,
CryptDecodeObject, CertDuplicateCertificateContext, CertCloseStore,
CertOpenStore, CertEnumCertificatesInStore
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -
> AUTHZ.dll: AuthziInitializeAuditEvent, AuthziInitializeAuditEventType,
AuthzInitializeResourceManager, AuthziFreeAuditParams,
AuthzFreeAuditEvent, AuthziLogAuditEvent, AuthziFreeAuditEventType,
AuthziInitializeAuditParamsWithRM, AuthziAllocateAuditParams,
AuthzFreeResourceManager
> mstlsapi.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -,
( 1 exports )
ServiceMain
ThreatExpert info: <a href='http://www.threatexpert.com
/report.aspx?md5=a77219a971029dc2fb683e8513713803'
target='_blank'>http://www.threatexpert.com
/report.aspx?md5=a77219a971029dc2fb683e8513713803</a>
CWSandbox info: <a href='http://research.sunbelt-software.com
/partnerresource/MD5.aspx?md5=a77219a971029dc2fb683e8513713803'
target='_blank'>http://research.sunbelt-software.com/partnerresource
/MD5.aspx?md5=a77219a971029dc2fb683e8513713803</a>

 

ComboFix 09-02-24.02 - Acer 2009-02-28 19:41:01.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1978.1196 [GMT 8:00]
Running from: c:\documents and settings\Acer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Acer\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ujvte.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-02-28 18:38 . 2009-02-28 19:15 250 --a------ c:\windows\gmer.ini
2009-02-28 13:56 . 2009-02-28 13:56 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-02-28 12:42 . 2009-02-28 12:42 <DIR> d-------- c:\program files\Norton Security Scan
2009-02-28 12:42 . 2009-02-28 12:42 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-02-28 07:20 . 2009-02-28 13:44 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-28 07:20 . 2005-02-25 11:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-02-28 00:54 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-02-28 00:50 . 2009-02-28 00:50 <DIR> d-------- c:\program files\Panda Security
2009-02-28 00:49 . 2009-02-28 00:49 <DIR> d-------- c:\windows\system32\Adobe
2009-02-24 17:49 . 2009-02-24 17:49 <DIR> d-------- c:\windows\Sun
2009-02-22 22:42 . 2009-02-22 22:42 <DIR> d-------- c:\program files\Java
2009-02-22 22:42 . 2009-02-22 22:42 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-22 22:42 . 2009-02-22 22:42 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-21 05:31 . 2009-02-21 05:31 <DIR> d-------- c:\documents and settings\Acer\Application Data\dvdcss
2009-02-20 23:11 . 2009-02-20 23:11 <DIR> d-------- c:\documents and settings\Acer\Application Data\CyberLink
2009-02-04 23:08 . 2009-02-28 00:49 <DIR> d-------- c:\program files\Google
2009-01-28 00:10 . 2009-01-28 00:10 <DIR> d-------- c:\documents and settings\Acer\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-25 23:05 --------- d-----w c:\documents and settings\Acer\Application Data\AdobeUM
2009-02-20 15:07 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-30 14:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-26 09:49 --------- d-----w c:\documents and settings\Acer\Application Data\DivX
2009-01-24 11:17 --------- d-----w c:\program files\Common Files\Adobe
2009-01-24 10:49 --------- d-----w c:\program files\NOS
2009-01-24 10:49 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-01-20 14:51 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-16 15:13 --------- d-----w c:\program files\Yahoo!
2009-01-16 15:13 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-10 09:08 --------- d-----w c:\documents and settings\Acer\Application Data\Media Player Classic
2009-01-08 03:47 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-08 03:47 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-07 12:35 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2009-01-05 01:34 29,208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2009-01-04 08:10 --------- d-----w c:\program files\DivX
2009-01-04 08:09 --------- d-----w c:\program files\VideoLAN
2009-01-03 15:33 --------- d-----w c:\documents and settings\Acer\Application Data\vlc
2008-12-28 06:23 --------- d-----w c:\program files\Winamp
.

------- Sigcheck -------

2008-06-20 18:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
2008-06-20 18:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
2008-06-20 19:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
2008-06-20 19:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
2004-09-01 08:00 359040 7b11118b078b88f87183fe69eda43137 c:\windows\system32\drivers\tcpip.sys

2004-09-01 08:00 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-02-25_13.33.44.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-02-28 10:38:05 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 13:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2009-02-28 04:42:16 29,184 ----a-r c:\windows\Installer\{3FADAA19-E595-44CA-A072-58B6B0851768}\Icon3FADAA191.exe
+ 2009-01-16 11:17:04 114,688 ----a-w c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2009-01-16 11:25:34 202,168 ----a-w c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-01-16 11:17:42 499,712 ----a-w c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-01-16 10:58:24 1,798,144 ----a-w c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2009-01-16 11:17:46 9,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-01-16 10:45:12 703,488 ----a-w c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-01-16 10:45:12 1,145,896 ----a-w c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-01-16 10:45:12 52,288 ----a-w c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-01-16 10:54:42 892,928 ----a-w c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-01-16 11:16:22 266,240 ----a-w c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-01-16 11:18:16 446,464 ----a-w c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-01-16 11:25:14 460,216 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwHelper_1103472.exe
+ 2009-01-16 11:16:08 114,688 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-01-16 11:16:06 94,208 ----a-w c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-01-16 10:45:12 58,736 ----a-w c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 02:55:30 149,504 ----a-w c:\windows\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2004-09-01 00:00:00 66,560 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 06:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2004-09-01 00:00:00 66,560 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 06:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2004-09-01 00:00:00 430,592 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 06:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2004-09-01 00:00:00 111,104 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 06:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2004-09-01 00:00:00 1,134,592 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 06:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2004-09-01 00:00:00 112,640 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 06:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2004-09-01 00:00:00 36,864 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 06:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2004-09-01 00:00:00 120,320 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 06:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2009-02-28 10:38:05 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2009-02-25 05:22:58 41,238 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-28 06:59:26 41,238 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-25 05:22:58 315,076 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-28 06:59:26 315,076 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-16 06:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2005-02-25 03:35:05 14,048 ------w c:\windows\system32\spmsg.dll
- 2004-09-01 00:00:00 430,592 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 06:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2004-09-01 00:00:00 111,104 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 06:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2004-09-01 00:00:00 1,134,592 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 06:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2004-09-01 00:00:00 112,640 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 06:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2004-09-01 00:00:00 36,864 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 06:08:58 34,328 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 06:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2004-09-01 00:00:00 120,320 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 06:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2009-02-28 11:43:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_634.dat
+ 2009-02-28 11:43:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_c2c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-09-01 15360]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-28 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-05-20 150040]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-05-20 170520]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-05-20 141848]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-27 180269]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304]
"pdfFactory Pro Dispatcher v2 "= "c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-05-31 483328]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-02 3739648]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 148888]
"RTHDCPL "= "RTHDCPL.EXE" [2007-05-28 c:\windows\RTHDCPL.EXE]

c:\documents and settings\Acer\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OneNote Table Of Contents.onetoc2 [2009-02-07 3656]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-27 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-08 11:47 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009
"9741:TCP "= 9741:TCP:roqgqlzx

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-12-27 12552]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-28 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-27 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-27 107272]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-27 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-05 1339600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-12-27 84240]
S2 gwlvpfj;spwacmtek;c:\windows\system32\svchost.exe -k netsvcs [2004-09-01 14336]
S2 jtdume;Windows System;c:\windows\system32\svchost.exe -k netsvcs [2004-09-01 14336]
S2 qxaottmhv;Microsoft Server;c:\windows\system32\svchost.exe -k netsvcs [2004-09-01 14336]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-12-27 29208]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-24 33752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GWLVPFJ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jtdume
qxaottmhv
gwlvpfj

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{253d3660-f4a6-11dd-9211-001eecd51a69}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - F:\system.exe
\Shell\Open\command - F:\system.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2009-02-28 c:\windows\Tasks\Norton Security Scan for Acer.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\dof5nkqd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 19:43:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD\000.fcl "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gwlvpfj]
"ServiceDll "= "c:\windows\system32\ujvte.dll "
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jtdume]
"ServiceDll "= "c:\windows\system32\ujvte.dll "
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qxaottmhv]
"ServiceDll "= "c:\windows\system32\ujvte.dll "
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-28 19:46:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-28 11:45:59
ComboFix2.txt 2009-02-27 15:31:03
ComboFix3.txt 2009-02-25 16:19:19
ComboFix4.txt 2009-02-25 05:34:17

Pre-Run: 69,192,896,512 bytes free
Post-Run: 69,211,897,856 bytes free

266 --- E O F --- 2009-02-27 23:20:30

 

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-02-28 16:41:46
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Internet Security 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00366244 Application/NirCmd.A HackTools No 0 No No D:\Antivirus Tool\Flash_Disinfector.exe[D:\Antivirus Tool\Flash_Disinfector.exe][nircmd.exe]
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\bgkmxj[1].gif
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\lhzq[1].bmp
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\pbhhbab[1].bmp
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\ysobck[1].png
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\huwuw[1].bmp
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\mzrfv[1].jpg
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\yvtt[1].gif
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\zqywh[1].gif
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CP4963Y1\qlhx[1].gif
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CP4963Y1\uvukulbc[1].gif
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VRBZ9E80\azohmh[1].png
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VRBZ9E80\dcxjz[1].jpg
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VRBZ9E80\lzmh[1].jpg
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\Documents and Settings\Acer\Desktop\ComboFix.exe[32788R22FWJFW\List.bat]
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{E1C3C70C-6F0E-486F-8118-760B460DC0FE}\RP2\A0000142.bat
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{E1C3C70C-6F0E-486F-8118-760B460DC0FE}\RP2\A0000183.EXE
04658173 Generic Trojan Virus/Trojan No 0 Yes No D:\Antivirus Tool\ComboFix.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No D:\PDF\FinePrint.PdfFactory.v2.42\ac-fpp.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182048 HIGH MS07-069
182046 HIGH MS07-067
182043 HIGH MS07-064
179553 HIGH MS07-061
176382 HIGH MS07-057
176383 HIGH MS07-058
170911 HIGH MS07-050
170907 HIGH MS07-046
170906 HIGH MS07-045
170904 HIGH MS07-043
164915 HIGH MS07-035
164913 HIGH MS07-033
164911 HIGH MS07-031
160623 HIGH MS07-027
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150253 HIGH MS07-016
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141034 HIGH MS06-076
141033 MEDIUM MS06-075
141030 HIGH MS06-072
137571 HIGH MS06-070
137568 HIGH MS06-067
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
131654 HIGH MS06-055
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126083 HIGH MS06-042
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
120814 HIGH MS06-021
117384 MEDIUM MS06-018
114666 HIGH MS06-015
114664 HIGH MS06-013
108744 MEDIUM MS06-008
108743 MEDIUM MS06-007
108742 MEDIUM MS06-006
104567 HIGH MS06-002
104237 HIGH MS06-001
96574 HIGH MS05-053
93395 HIGH MS05-051
93394 HIGH MS05-050
93454 MEDIUM MS05-049
;===================================================================================================================================================================================

 

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-02-28 16:41:46
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Internet Security 8.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00366244 Application/NirCmd.A HackTools No 0 No No D:\Antivirus Tool\Flash_Disinfector.exe[D:\Antivirus Tool\Flash_Disinfector.exe][nircmd.exe]
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\bgkmxj[1].gif
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\lhzq[1].bmp
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\pbhhbab[1].bmp
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2PMZLZCA\ysobck[1].png
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\huwuw[1].bmp
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\mzrfv[1].jpg
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\yvtt[1].gif
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9W9V76BS\zqywh[1].gif
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CP4963Y1\qlhx[1].gif
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CP4963Y1\uvukulbc[1].gif
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VRBZ9E80\azohmh[1].png
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VRBZ9E80\dcxjz[1].jpg
00534496 W32/Conficker.C.worm Virus/Worm No 1 Yes No C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VRBZ9E80\lzmh[1].jpg
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 No No C:\Documents and Settings\Acer\Desktop\ComboFix.exe[32788R22FWJFW\List.bat]
00593436 W32/Autorun.AQG.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{E1C3C70C-6F0E-486F-8118-760B460DC0FE}\RP2\A0000142.bat
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{E1C3C70C-6F0E-486F-8118-760B460DC0FE}\RP2\A0000183.EXE
04658173 Generic Trojan Virus/Trojan No 0 Yes No D:\Antivirus Tool\ComboFix.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No D:\PDF\FinePrint.PdfFactory.v2.42\ac-fpp.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182048 HIGH MS07-069
182046 HIGH MS07-067
182043 HIGH MS07-064
179553 HIGH MS07-061
176382 HIGH MS07-057
176383 HIGH MS07-058
170911 HIGH MS07-050
170907 HIGH MS07-046
170906 HIGH MS07-045
170904 HIGH MS07-043
164915 HIGH MS07-035
164913 HIGH MS07-033
164911 HIGH MS07-031
160623 HIGH MS07-027
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150253 HIGH MS07-016
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141034 HIGH MS06-076
141033 MEDIUM MS06-075
141030 HIGH MS06-072
137571 HIGH MS06-070
137568 HIGH MS06-067
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
131654 HIGH MS06-055
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126083 HIGH MS06-042
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
120814 HIGH MS06-021
117384 MEDIUM MS06-018
114666 HIGH MS06-015
114664 HIGH MS06-013
108744 MEDIUM MS06-008
108743 MEDIUM MS06-007
108742 MEDIUM MS06-006
104567 HIGH MS06-002
104237 HIGH MS06-001
96574 HIGH MS05-053
93395 HIGH MS05-051
93394 HIGH MS05-050
93454 MEDIUM MS05-049
;===================================================================================================================================================================================

 

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-28 19:23:27
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x805A3054]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x805EF2D8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x805F2B0E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x805EF30A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x805F2B48]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x805EF340]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x805F2B8C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x805F2BD0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x80613ADC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x8061481E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x805EA67A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x805EA2D2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlertResumeThread [0x805D330C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAlertThread [0x805D32BC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x80614102]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x805B493A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x8061371E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateVirtualMemory [0x805A74DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x805AEF5E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x805D4DD0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x80500C00]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x80614810]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x80575900]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x80537BBC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x8060CD26]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x805BAEB4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x805F3048]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x80621C18]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x805F753A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x805A3742]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x80621E6C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwConnectPort [0x805A2FF4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x80543E5C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x8063FE5A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x805BCD68]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x8060CD76]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x80615094]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x80577E5E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x805766F0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x805D3D94]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x805D3ACC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x80622048]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x80577F6C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMutant [0x8061548C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x80577E98]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x805AA414]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x805A3B10]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcess [0x805CFA1C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProcessEx [0x805CF966]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x806158AC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x805A9DEE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x80612E3C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x805C35E0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThread [0x805CF804]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x80614D5C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x805F78E2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x805A3B34]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDebugActiveProcess [0x80640F36]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x80641086]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x80614760]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x80613F92]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x80575A46]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x806224D8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x805F3154]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x806226A8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x80578024]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x80610DBA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateObject [0x805BC890]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x805EB518]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x80622888]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x80614802]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x80622AF2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwExtendSection [0x805B2666]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFilterToken [0x805EB6C4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFindAtom [0x80613D46]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushBuffersFile [0x80575B12]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstructionCache [0x805B51CE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushKey [0x80622D5C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushVirtualMemory [0x805AB128]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFlushWriteBuffer [0x805B5170]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x805B4CDC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFreeVirtualMemory [0x805B1946]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwFsControlFile [0x80578058]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetContextThread [0x805CFD16]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetDevicePowerState [0x805C6F00]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetPlugPlayEvent [0x80597DCE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwGetWriteWatch [0x8052028E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x805F722E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateClientOfPort [0x805A3B9E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateThread [0x805D5F90]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeRegistry [0x80620020]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwInitiatePowerAction [0x805C6CE6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwIsProcessInJob [0x805D3990]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x805C6EEC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwListenPort [0x805A3DAA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadDriver [0x80582DFE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey [0x80623D78]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey2 [0x806239C2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockFile [0x8057808C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockProductActivationKeys [0x806113AC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockRegistryKey [0x80621F18]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwLockVirtualMemory [0x805B52D6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMakePermanentObject [0x805BCB5E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMakeTemporaryObject [0x805BAF58]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPages [0x805B3D9A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x805B42EA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwMapViewOfSection [0x805B09CE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x80578CA4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeKey [0x80623D42]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x80622E5E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenDirectoryObject [0x805BCE3A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEvent [0x8060CE76]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEventPair [0x8061516C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenFile [0x80578F5C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenIoCompletion [0x805767C8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenJobObject [0x805D3F1A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x806233DE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenMutant [0x80615564]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x805F2C16]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcess [0x805C9C46]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessToken [0x805EBF10]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessTokenEx [0x805EBB16]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSection [0x805A8E12]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSemaphore [0x80612F36]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x805C37C6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThread [0x805C9ED2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadToken [0x805EBF2E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadTokenEx [0x805EBC86]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTimer [0x80614E7E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPlugPlayControl [0x80643128]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPowerInformation [0x805C7D34]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeCheck [0x805F62E0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x805F1F28]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x805F2114]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwProtectVirtualMemory [0x805B6DA2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwPulseEvent [0x8060CF2E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryAttributesFile [0x80575CF0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDebugFilterState [0x8053EBA6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultLocale [0x8060EB00]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x8060F760]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryFile [0x80578C3E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryObject [0x805BCEDA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEaFile [0x80578F8C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEvent [0x8060CFF6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryFullAttributesFile [0x80575E28]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationAtom [0x80613FBA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationFile [0x805797F8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationJobObject [0x805D43EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationPort [0x805A3E08]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationProcess [0x805CB79A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationThread [0x805CA3C8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationToken [0x805EC00E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInstallUILanguage [0x8060EEFE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIntervalProfile [0x80615D2E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIoCompletion [0x80576870]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x80623702]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMultipleValueKey [0x80621216]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMutant [0x8061560C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryObject [0x805C2D08]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeys [0x8062187C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPerformanceCounter [0x80615DBC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x8057A590]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySection [0x805B6F64]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityObject [0x805BE9C6]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySemaphore [0x80612FEE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x805C3866]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x8061483A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x806147F4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformation [0x8060F7E0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemTime [0x80610F86]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimer [0x80614F36]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimerResolution [0x80611018]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x80620102]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVirtualMemory [0x805B75F2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x8057AA7A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThread [0x805CFA62]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseException [0x80543EA4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseHardError [0x80612C60]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadFile [0x8057B21A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadFileScatter [0x8057B784]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadRequestData [0x805A4890]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReadVirtualMemory [0x805B2C52]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x805D0F26]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

 

SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseSemaphore [0x8061311E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletion [0x80576B68]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveProcessDebug [0x80641006]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRenameKey [0x80621A6E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplaceKey [0x80623C28]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyPort [0x805A3F10]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePort [0x805A4ED8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x805A48E0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReplyPort [0x805A41FA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestDeviceWakeup [0x805C6E7E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestPort [0x805A146E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWaitReplyPort [0x805A179A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWakeupLatency [0x805C6C8C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResetEvent [0x8060D108]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x80520776]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwRestoreKey [0x80620450]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResumeProcess [0x805D3266]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwResumeThread [0x805D3148]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKey [0x806204F2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKeyEx [0x80620582]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSaveMergedKeys [0x8062064E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSecureConnectPort [0x805A2788]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetContextThread [0x805CFF26]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDebugFilterState [0x80643CBE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x80612B0A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultLocale [0x8060EC50]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultUILanguage [0x8060F4C2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEaFile [0x805794A0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEvent [0x8060D1C8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetEventBoostPriority [0x8060D292]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighEventPair [0x80615428]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x80615358]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationDebugObject [0x806409D0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationFile [0x80579DC4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationJobObject [0x805D50FA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationKey [0x80620DE2]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationObject [0x805C227E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationProcess [0x805CC690]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationThread [0x805CA914]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationToken [0x805F865C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetIntervalProfile [0x80615890]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletion [0x80576B06]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLdtEntries [0x805D2092]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowEventPair [0x806153C4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x806152EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetQuotaInformationFile [0x8057A56E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSecurityObject [0x805BE8FA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x80614ABE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemInformation [0x8060DB2E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemPowerState [0x80650E26]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemTime [0x8061228E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetThreadExecutionState [0x805C6BA0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimer [0x80537D4C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerResolution [0x80611760]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetUuidSeed [0x806135D4]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetValueKey [0x80620708]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetVolumeInformationFile [0x8057AE84]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownSystem [0x80610D7E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x80525846]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStartProfile [0x80615ADA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwStopProfile [0x80615C84]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendProcess [0x805D3210]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendThread [0x805D3082]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSystemDebugControl [0x80615EA8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateJobObject [0x805D5C8E]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateProcess [0x805D1170]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateThread [0x805D136A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTestAlert [0x805D33D0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTraceEvent [0x805340EC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwTranslateFilePath [0x8061482C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadDriver [0x80582F92]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey [0x806209D0]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKeyEx [0x80620BBE]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockFile [0x80578430]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockVirtualMemory [0x805B5864]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwUnmapViewOfSection [0x805B17DC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwVdmControl [0x805F9A14]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForDebugEvent [0x80640738]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects [0x805BF01C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForSingleObject [0x805BEF32]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitHighEventPair [0x80615288]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitLowEventPair [0x80615224]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFile [0x8057BC82]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFileGather [0x8057C266]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteRequestData [0x805A48B8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWriteVirtualMemory [0x805B2D5C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwYieldExecution [0x80503DBC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyedEvent [0x80616300]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyedEvent [0x806163EA]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseKeyedEvent [0x8061649C]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForKeyedEvent [0x806166F8]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPortInformationProcess [0x805CA148]

 

INT 0x00 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80541190
INT 0x01 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054130C
INT 0x03 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80541720
INT 0x04 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805418A0
INT 0x05 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80541A00
INT 0x06 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80541B74
INT 0x07 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805421EC
INT 0x09 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805425F0
INT 0x0A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80542710
INT 0x0B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80542850
INT 0x0C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80542AB0
INT 0x0D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80542D9C
INT 0x0E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543498
INT 0x0F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x10 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805438F0
INT 0x11 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A2C
INT 0x12 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x13 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543B94
INT 0x14 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x15 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x16 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x17 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x18 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x19 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x1A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x1B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x1C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x1D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x1E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x1F \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E410C
INT 0x2A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805409BE
INT 0x2B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540AC0
INT 0x2C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540C70
INT 0x2D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805415FC
INT 0x2E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540441
INT 0x2F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x30 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB00
INT 0x31 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB0A
INT 0x32 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB14
INT 0x33 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB1E
INT 0x34 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB28
INT 0x35 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB32
INT 0x36 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

 

INT 0x37 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E3864
INT 0x38 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB50
INT 0x39 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB5A
INT 0x3A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB64
INT 0x3B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB6E
INT 0x3C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB78
INT 0x3D \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E4E2C
INT 0x3E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB8C
INT 0x3F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB96
INT 0x40 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA0
INT 0x41 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E4C88
INT 0x42 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBB4
INT 0x43 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBBE
INT 0x44 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBC8
INT 0x45 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBD2
INT 0x46 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBDC
INT 0x47 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBE6
INT 0x48 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBF0
INT 0x49 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBFA
INT 0x4A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC04
INT 0x4B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC0E
INT 0x4C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC18
INT 0x4D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC22
INT 0x4E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC2C
INT 0x4F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC36
INT 0x50 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E393C
INT 0x51 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC4A
INT 0x52 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC54
INT 0x53 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC5E
INT 0x54 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC68
INT 0x55 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC72
INT 0x56 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC7C
INT 0x57 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC86
INT 0x58 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC90
INT 0x59 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC9A
INT 0x5A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCA4
INT 0x5B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCAE
INT 0x5C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCB8
INT 0x5D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCC2
INT 0x5E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCCC
INT 0x5F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCD6
INT 0x60 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCE0
INT 0x61 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCEA
INT 0x62 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCF4
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0x64 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD08
INT 0x65 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD12
INT 0x66 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD1C
INT 0x67 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD26
INT 0x68 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD30
INT 0x69 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD3A
INT 0x6A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD44
INT 0x6B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD4E
INT 0x6C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD58
INT 0x6D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD62
INT 0x6E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD6C
INT 0x6F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD76
INT 0x70 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD80
INT 0x71 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD8A
INT 0x72 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD94
INT 0x73 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B935BB78
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B935BB78
INT 0x74 \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) B9314BD8
INT 0x75 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDB2
INT 0x76 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDBC
INT 0x77 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDC6
INT 0x78 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDD0
INT 0x79 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDDA
INT 0x7A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDE4
INT 0x7B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDEE
INT 0x7C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDF8
INT 0x7D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE02
INT 0x7E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE0C
INT 0x7F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE16
INT 0x80 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE20
INT 0x81 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE2A
INT 0x82 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE34
INT 0x83 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) B9E21E80
INT 0x84 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0x85 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE52
INT 0x86 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE5C
INT 0x87 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE66
INT 0x88 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE70
INT 0x89 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE7A
INT 0x8A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE84
INT 0x8B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE8E
INT 0x8C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE98
INT 0x8D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEA2
INT 0x8E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEAC
INT 0x8F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEB6
INT 0x90 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEC0
INT 0x91 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FECA
INT 0x92 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FED4
INT 0x93 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) BA1F8495
INT 0x94 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0x95 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEF2
INT 0x96 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEFC
INT 0x97 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF06
INT 0x98 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF10
INT 0x99 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF1A
INT 0x9A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF24
INT 0x9B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF2E
INT 0x9C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF38
INT 0x9D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF42
INT 0x9E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF4C
INT 0x9F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF56
INT 0xA0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF60
INT 0xA1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF6A
INT 0xA2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

 

INT 0xA3 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) BA1FFD80
INT 0xA4 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0xA5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF92
INT 0xA6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF9C
INT 0xA7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFA6
INT 0xA8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFB0
INT 0xA9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFBA
INT 0xAA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFC4
INT 0xAB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFCE
INT 0xAC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFD8
INT 0xAD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFE2
INT 0xAE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFEC
INT 0xAF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFF6
INT 0xB0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540000
INT 0xB1 ACPI.sys (ACPI Driver for NT/Microsoft Corporation) B9F8431E
INT 0xB2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540014
INT 0xB3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054001E
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540032
INT 0xB6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054003C
INT 0xB7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540046
INT 0xB8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540050
INT 0xB9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054005A
INT 0xBA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540064
INT 0xBB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054006E
INT 0xBC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540078
INT 0xBD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540082
INT 0xBE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054008C
INT 0xBF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540096
INT 0xC0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400A0
INT 0xC1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E3AC0
INT 0xC2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400B4
INT 0xC3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400BE
INT 0xC4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400C8
INT 0xC5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400D2
INT 0xC6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400DC
INT 0xC7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400E6
INT 0xC8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400F0
INT 0xC9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400FA
INT 0xCA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540104
INT 0xCB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054010E
INT 0xCC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540118
INT 0xCD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540122
INT 0xCE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054012C
INT 0xCF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540136
INT 0xD0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540140
INT 0xD1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E32A0
INT 0xD2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540154
INT 0xD3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054015E
INT 0xD4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540168
INT 0xD5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540172
INT 0xD6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054017C
INT 0xD7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540186
INT 0xD8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540190
INT 0xD9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054019A
INT 0xDA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401A4
INT 0xDB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401AE
INT 0xDC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401B8
INT 0xDD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401C2
INT 0xDE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401CC
INT 0xDF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401D6
INT 0xE0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401E0
INT 0xE1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E4048
INT 0xE2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401F4
INT 0xE3 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E3DAC
INT 0xE4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540208
INT 0xE5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540212
INT 0xE6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054021C
INT 0xE7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540226
INT 0xE8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540230
INT 0xE9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054023A
INT 0xEA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540244
INT 0xEB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054024E
INT 0xEC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540258
INT 0xED \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540262
INT 0xEE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540269
INT 0xEF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540270
INT 0xF0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540277
INT 0xF1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054027E
INT 0xF2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540285
INT 0xF3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054028C
INT 0xF4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540293
INT 0xF5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054029A
INT 0xF6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402A1
INT 0xF7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402A8
INT 0xF8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402AF
INT 0xF9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402B6
INT 0xFA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402BD
INT 0xFB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402C4
INT 0xFC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402CB
INT 0xFD \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E45A8
INT 0xFE \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E4748
INT 0xFF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805402E0

 

INT 0x00 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80541190
INT 0x01 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054130C
INT 0x03 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80541720
INT 0x04 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805418A0
INT 0x05 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80541A00
INT 0x06 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80541B74
INT 0x07 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805421EC
INT 0x09 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805425F0
INT 0x0A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80542710
INT 0x0B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80542850
INT 0x0C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80542AB0
INT 0x0D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80542D9C
INT 0x0E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543498
INT 0x0F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x10 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805438F0
INT 0x11 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543A2C
INT 0x12 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x13 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80543B94
INT 0x14 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x15 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x16 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x17 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x18 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x19 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x1A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x1B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x1C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x1D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x1E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x1F \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E410C
INT 0x2A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805409BE
INT 0x2B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540AC0
INT 0x2C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540C70
INT 0x2D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805415FC
INT 0x2E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540441
INT 0x2F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805437D0
INT 0x30 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB00
INT 0x31 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB0A
INT 0x32 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB14
INT 0x33 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB1E
INT 0x34 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB28
INT 0x35 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB32
INT 0x36 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB3C
INT 0x37 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E3864
INT 0x38 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB50
INT 0x39 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB5A
INT 0x3A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB64
INT 0x3B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB6E
INT 0x3C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB78
INT 0x3D \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E4E2C
INT 0x3E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB8C
INT 0x3F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FB96
INT 0x40 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBA0
INT 0x41 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E4C88
INT 0x42 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBB4
INT 0x43 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBBE
INT 0x44 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBC8
INT 0x45 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBD2
INT 0x46 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBDC
INT 0x47 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBE6
INT 0x48 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBF0
INT 0x49 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FBFA
INT 0x4A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC04
INT 0x4B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC0E
INT 0x4C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC18
INT 0x4D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC22
INT 0x4E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC2C
INT 0x4F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC36
INT 0x50 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E393C
INT 0x51 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC4A
INT 0x52 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC54
INT 0x53 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC5E
INT 0x54 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC68
INT 0x55 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC72
INT 0x56 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC7C
INT 0x57 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC86
INT 0x58 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC90
INT 0x59 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FC9A
INT 0x5A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCA4
INT 0x5B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCAE
INT 0x5C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCB8
INT 0x5D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCC2
INT 0x5E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCCC
INT 0x5F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCD6
INT 0x60 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCE0
INT 0x61 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCEA
INT 0x62 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FCF4
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0x64 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD08
INT 0x65 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD12
INT 0x66 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD1C
INT 0x67 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD26
INT 0x68 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD30
INT 0x69 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD3A
INT 0x6A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD44
INT 0x6B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD4E
INT 0x6C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD58
INT 0x6D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD62
INT 0x6E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD6C
INT 0x6F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD76
INT 0x70 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD80
INT 0x71 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD8A
INT 0x72 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FD94

 

INT 0x73 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B935BB78
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS (SCSI Port Driver/Microsoft Corporation) B918ADA8
INT 0x73 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) B935BB78
INT 0x74 \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows (R) Server 2003 DDK provider) B9314BD8
INT 0x75 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDB2
INT 0x76 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDBC
INT 0x77 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDC6
INT 0x78 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDD0
INT 0x79 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDDA
INT 0x7A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDE4
INT 0x7B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDEE
INT 0x7C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FDF8
INT 0x7D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE02
INT 0x7E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE0C
INT 0x7F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE16
INT 0x80 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE20
INT 0x81 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE2A
INT 0x82 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE34
INT 0x83 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) B9E21E80
INT 0x84 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0x85 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE52
INT 0x86 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE5C
INT 0x87 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE66
INT 0x88 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE70
INT 0x89 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE7A
INT 0x8A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE84
INT 0x8B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE8E
INT 0x8C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FE98
INT 0x8D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEA2
INT 0x8E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEAC
INT 0x8F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEB6
INT 0x90 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEC0
INT 0x91 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FECA
INT 0x92 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FED4
INT 0x93 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) BA1F8495
INT 0x94 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0x95 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEF2
INT 0x96 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FEFC
INT 0x97 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF06
INT 0x98 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF10
INT 0x99 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF1A
INT 0x9A \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF24
INT 0x9B \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF2E
INT 0x9C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF38
INT 0x9D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF42
INT 0x9E \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF4C
INT 0x9F \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF56
INT 0xA0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF60
INT 0xA1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF6A
INT 0xA2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF74
INT 0xA3 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) BA1FFD80
INT 0xA4 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0xA5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF92
INT 0xA6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FF9C
INT 0xA7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFA6
INT 0xA8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFB0
INT 0xA9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFBA
INT 0xAA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFC4
INT 0xAB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFCE
INT 0xAC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFD8
INT 0xAD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFE2
INT 0xAE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFEC
INT 0xAF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8053FFF6
INT 0xB0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540000
INT 0xB1 ACPI.sys (ACPI Driver for NT/Microsoft Corporation) B9F8431E
INT 0xB2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540014
INT 0xB3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054001E
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB4 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) B9351BCA
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) B9F105E0
INT 0xB5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540032
INT 0xB6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054003C
INT 0xB7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540046
INT 0xB8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540050
INT 0xB9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054005A
INT 0xBA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540064
INT 0xBB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054006E
INT 0xBC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540078
INT 0xBD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540082
INT 0xBE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054008C
INT 0xBF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540096
INT 0xC0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400A0
INT 0xC1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E3AC0
INT 0xC2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400B4
INT 0xC3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400BE
INT 0xC4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400C8
INT 0xC5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400D2
INT 0xC6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400DC
INT 0xC7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400E6
INT 0xC8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400F0
INT 0xC9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805400FA
INT 0xCA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540104
INT 0xCB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054010E
INT 0xCC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540118
INT 0xCD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540122
INT 0xCE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054012C
INT 0xCF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540136
INT 0xD0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540140
INT 0xD1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E32A0
INT 0xD2 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540154
INT 0xD3 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054015E
INT 0xD4 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540168
INT 0xD5 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540172
INT 0xD6 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054017C
INT 0xD7 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540186
INT 0xD8 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 80540190
INT 0xD9 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 8054019A
INT 0xDA \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401A4
INT 0xDB \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401AE
INT 0xDC \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401B8
INT 0xDD \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401C2
INT 0xDE \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401CC
INT 0xDF \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401D6
INT 0xE0 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 805401E0
INT 0xE1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806E4048