Trojan.Java.Selace.k /.n/ .o infection + no access to own ethernet modem

View previous topic View next topic Go down

Trojan.Java.Selace.k /.n/ .o infection + no access to own ethernet modem

Post by Taylz on Fri Feb 26, 2010 5:36 am

I've discovered that I have trojans - namely the Selace variety. (.k / .n / .o)

Norton and everyone else couldnt detect it, but the miscosoft scan did - but did not remove it or quarantine it.
I've added the maladware removal program finding and removing 26 other nasties that Selace utilise.

Selace located in folowing area:
c:\documentsandsettings\scottjones\applicationdata\sun\java\deployment\cache\6.0\19\9687253-3625c4c6 (I hope this helpful).

Also my internet access has blinked on and off - worm??? or selace hijacking my access.

I'm not sure if anyone has emplaced any arbitrary code exploiting microsoft easy backdoor access. But when the Selace programs are dealt with I'd like to close those doors to prevent this from happening. My router, I've disabled due to freqent dropouts and am accessing other means to send this. Any hints and tips there to rectify that too?

Let me know the prognosis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:43 PM, on 2/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\WLan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Scott Jones\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FraudEliminator - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Program Files\FraudEliminator\2.3.4\FETB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [WLAN] C:\WINDOWS\system32\WLan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - [You must be registered and logged in to see this link.] Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [You must be registered and logged in to see this link.]
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - C:\WINDOWS\system32\svxmhpz.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13176 bytes

Taylz
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-02-22
OS OS : Windows XP
Points Points : 24827
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Java.Selace.k /.n/ .o infection + no access to own ethernet modem

Post by Dr Jay on Fri Feb 26, 2010 2:19 pm

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay and save it to your Desktop.
  • Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  • Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  • Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan.Java.Selace.k /.n/ .o infection + no access to own ethernet modem

Post by Taylz on Sat Feb 27, 2010 10:10 am

Dragonmaster here is the log as asked.

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C is HDD
Volume Serial Number is 5894-BBC4

Directory of C:\Windows\System32\Drivers

02/24/2010 01:43 PM .
02/24/2010 01:43 PM ..
04/14/2008 05:16 AM 53,376 1394bus.sys
08/17/2001 02:22 PM 23,552 ABP480N5.SYS
04/14/2008 05:06 AM 187,776 acpi.sys
08/04/2004 08:30 PM 11,648 acpiec.sys
08/17/2001 02:37 PM 101,888 adpu160m.sys
04/14/2008 10:41 AM 4,255 adv01nt5.dll
04/14/2008 10:41 AM 3,967 adv02nt5.dll
04/14/2008 10:41 AM 3,615 adv05nt5.dll
04/14/2008 10:41 AM 3,647 adv07nt5.dll
04/14/2008 10:41 AM 3,135 adv08nt5.dll
04/14/2008 10:41 AM 3,711 adv09nt5.dll
04/14/2008 10:41 AM 3,775 adv11nt5.dll
04/14/2008 03:09 AM 142,592 aec.sys
08/14/2008 08:34 PM 138,496 afd.sys
10/08/2004 11:46 AM 35,840 AFS2K.SYS
04/14/2008 05:06 AM 42,368 agp440.sys
04/14/2008 05:06 AM 44,928 agpcpq.sys
08/17/2001 02:22 PM 12,800 aha154x.sys
08/17/2001 02:37 PM 55,168 aic78u2.sys
08/17/2001 02:37 PM 56,960 aic78xx.sys
08/17/2001 02:21 PM 5,248 aliide.sys
04/14/2008 05:06 AM 42,752 alim1541.sys
04/14/2008 05:06 AM 43,008 amdagp.sys
04/14/2008 05:01 AM 37,376 amdk6.sys
04/14/2008 05:01 AM 37,760 amdk7.sys
08/17/2001 02:22 PM 12,032 amsint.sys
04/14/2008 05:21 AM 60,800 arp1394.sys
08/17/2001 02:22 PM 26,496 asc.sys
08/17/2001 02:22 PM 22,400 asc3350p.sys
08/17/2001 02:21 PM 14,848 asc3550.sys
04/14/2008 05:27 AM 14,336 asyncmac.sys
04/14/2008 05:10 AM 96,512 atapi.sys
08/03/2004 11:29 PM 56,623 ati1btxx.sys
08/03/2004 11:29 PM 11,615 ati1mdxx.sys
08/03/2004 11:29 PM 12,047 ati1pdxx.sys
08/03/2004 11:29 PM 30,671 ati1raxx.sys
08/03/2004 11:29 PM 63,663 ati1rvxx.sys
08/03/2004 11:29 PM 26,367 ati1snxx.sys
08/03/2004 11:29 PM 21,343 ati1ttxx.sys
08/03/2004 11:29 PM 36,463 ati1tuxx.sys
08/03/2004 11:29 PM 29,455 ati1xbxx.sys
08/03/2004 11:29 PM 34,735 ati1xsxx.sys
08/03/2004 11:29 PM 327,040 ati2mtaa.sys
08/03/2004 11:29 PM 701,440 ati2mtag.sys
08/03/2004 11:29 PM 57,856 atinbtxx.sys
08/03/2004 11:29 PM 13,824 atinmdxx.sys
08/03/2004 11:29 PM 14,336 atinpdxx.sys
08/03/2004 11:29 PM 52,224 atinraxx.sys
08/03/2004 11:29 PM 104,960 atinrvxx.sys
08/03/2004 11:29 PM 28,672 atinsnxx.sys
08/03/2004 11:29 PM 13,824 atinttxx.sys
08/03/2004 11:29 PM 73,216 atintuxx.sys
08/03/2004 11:29 PM 31,744 atinxbxx.sys
08/03/2004 11:29 PM 63,488 atinxsxx.sys
07/17/2004 12:36 PM 64,352 ativmc20.cod
04/14/2008 05:21 AM 59,904 atmarpc.sys
08/04/2004 08:30 PM 31,360 atmepvc.sys
04/14/2008 05:21 AM 55,808 atmlane.sys
08/04/2004 08:30 PM 352,256 atmuni.sys
04/14/2008 10:41 AM 21,183 atv01nt5.dll
04/14/2008 10:41 AM 11,359 atv02nt5.dll
04/14/2008 10:41 AM 25,471 atv04nt5.dll
04/14/2008 10:41 AM 14,143 atv06nt5.dll
04/14/2008 10:41 AM 17,279 atv10nt5.dll
08/17/2001 02:29 PM 3,072 audstub.sys
04/14/2008 05:06 AM 14,208 battc.sys
08/04/2004 08:30 PM 4,224 beep.sys
04/14/2008 05:23 AM 71,552 bridge.sys
04/14/2008 05:16 AM 17,024 bthenum.sys
04/14/2008 05:16 AM 37,888 bthmodem.sys
04/14/2008 05:21 AM 101,120 bthpan.sys
06/13/2008 09:35 PM 272,128 bthport.sys
04/14/2008 05:16 AM 36,480 bthprint.sys
04/14/2008 05:16 AM 18,944 bthusb.sys
08/17/2001 02:22 PM 13,952 cbidf2k.sys
02/09/2009 09:37 AM 17,664 ccdcmb.sys
02/09/2009 09:37 AM 22,016 ccdcmbo.sys
08/17/2001 02:22 PM 7,680 cd20xrnt.sys
08/04/2004 08:30 PM 18,688 cdaudio.sys
04/14/2008 05:44 AM 63,744 cdfs.sys
07/04/2008 12:22 PM 9,072 cdr4_xp.sys
07/04/2008 12:22 PM 9,200 cdralw2k.sys
04/14/2008 05:10 AM 62,976 cdrom.sys
04/14/2008 10:41 AM 15,423 ch7xxnt5.dll
08/04/2004 08:30 PM 262,528 cinemst2.sys
09/30/2005 12:07 PM 5,120 CIR.sys
04/14/2008 05:46 AM 49,536 classpnp.sys
04/14/2008 05:06 AM 13,952 cmbatt.sys
08/17/2001 02:21 PM 6,656 cmdide.sys
04/14/2008 05:06 AM 10,240 compbatt.sys
08/17/2001 02:22 PM 14,976 cpqarray.sys
08/04/2004 08:30 PM 11,776 cpqdap01.sys
04/14/2008 05:01 AM 36,736 crusoe.sys
07/17/2004 11:55 PM 129,045 cxthsfs2.cty
08/17/2001 02:22 PM 179,584 dac2w2k.sys
08/17/2001 02:22 PM 14,720 dac960nt.sys
03/31/2005 06:21 PM disdn
04/14/2008 05:10 AM 36,352 disk.sys
04/14/2008 05:10 AM 14,208 diskdump.sys
04/14/2008 05:14 AM 799,744 dmboot.sys
04/14/2008 05:14 AM 153,344 dmio.sys
08/04/2004 08:30 PM 5,888 dmload.sys
04/14/2008 05:15 AM 52,864 dmusic.sys
08/17/2001 02:37 PM 20,192 dpti2o.sys
04/14/2008 05:15 AM 60,160 drmk.sys
04/14/2008 05:15 AM 2,944 drmkaud.sys
08/04/2004 08:30 PM 10,496 dxapi.sys
04/14/2008 05:08 AM 71,168 dxg.sys
08/04/2004 08:30 PM 3,328 dxgthk.sys
06/13/2005 05:28 AM 162,816 e100b325.sys
04/01/2005 12:43 PM 66,048 EAPPkt.sys
08/17/2001 02:16 PM 6,400 enum1394.sys
08/24/2008 10:01 PM etc
04/14/2008 05:44 AM 143,744 fastfat.sys
04/14/2008 05:10 AM 27,392 fdc.sys
04/14/2008 05:03 AM 44,544 fips.sys
04/14/2008 05:10 AM 20,480 flpydisk.sys
04/14/2008 05:02 AM 129,792 fltmgr.sys
08/04/2004 08:30 PM 12,160 fsvga.sys
08/04/2004 08:30 PM 7,936 fs_rec.sys
08/17/2001 02:22 PM 125,056 ftdisk.sys
04/14/2008 05:06 AM 46,464 gagp30kx.sys
08/04/2004 08:30 PM 3,440,660 gm.dls
08/04/2004 08:30 PM 646 gmreadme.txt
04/14/2008 03:06 AM 144,384 hdaudbus.sys
01/07/2005 05:37 PM 145,920 Hdaudio.sys
04/14/2008 05:16 AM 25,600 hidbth.sys
04/14/2008 05:15 AM 36,864 hidclass.sys
04/14/2008 05:15 AM 19,200 hidir.sys
04/14/2008 05:15 AM 24,960 hidparse.sys
04/14/2008 05:15 AM 10,368 hidusb.sys
08/17/2001 02:37 PM 25,952 hpn.sys
10/21/2005 07:58 PM 49,920 HPZid412.sys
10/21/2005 07:58 PM 16,496 HPZipr12.sys
10/22/2005 07:22 AM 21,568 HPZius12.sys
08/03/2004 11:41 PM 220,032 hsfbs2s2.sys
08/03/2004 11:41 PM 685,056 hsfcxts2.sys
08/03/2004 11:41 PM 1,041,536 hsfdpsp2.sys
03/25/2008 08:22 AM 210,560 HSFHWAZL.sys
03/24/2008 07:31 AM 146,036 HSFProf.cty
03/25/2008 08:22 AM 731,264 HSF_CNXT.sys
03/25/2008 08:22 AM 985,472 HSF_DPV.sys
02/08/2006 12:57 PM 196,608 HSXHWAZL.sys
02/08/2006 12:57 PM 672,256 HSX_CNXT.sys
02/08/2006 12:58 PM 935,424 HSX_DPV.sys
10/21/2009 02:50 AM 265,728 http.sys
04/14/2008 05:11 AM 8,576 i2omgmt.sys
04/14/2008 05:11 AM 18,560 i2omp.sys
04/14/2008 05:48 AM 52,480 i8042prt.sys
03/23/2006 01:17 PM 1,166,972 ialmnt5.sys
04/14/2008 05:10 AM 42,112 imapi.sys
08/17/2001 02:22 PM 16,000 ini910u.sys
04/14/2008 05:10 AM 5,504 intelide.sys
04/14/2008 05:01 AM 36,352 intelppm.sys
04/14/2008 05:23 AM 36,608 ip6fw.sys
08/04/2004 08:30 PM 32,896 ipfltdrv.sys
04/14/2008 05:27 AM 20,864 ipinip.sys
04/14/2008 05:27 AM 152,832 ipnat.sys
04/14/2008 05:49 AM 75,264 ipsec.sys
04/14/2008 05:24 AM 11,264 irenum.sys
04/14/2008 05:06 AM 37,248 isapnp.sys
09/30/2005 12:06 PM 21,504 kbd.sys
04/14/2008 05:09 AM 24,576 kbdclass.sys
04/29/2005 02:32 PM 3,968 kioport.sys
04/14/2008 05:15 AM 172,416 kmixer.sys
04/14/2008 05:46 AM 141,056 ks.sys
06/24/2009 09:48 PM 92,928 ksecdd.sys
01/07/2010 04:07 PM 19,160 mbam.sys
01/07/2010 04:07 PM 38,224 mbamswissarmy.sys
08/04/2004 08:30 PM 7,680 mcd.sys
06/18/2006 03:26 PM 12,672 mdmxsdk.sys
04/14/2008 05:06 AM 63,744 mf.sys
08/04/2004 08:30 PM 4,224 mnmdd.sys
04/14/2008 05:30 AM 30,080 modem.sys
04/14/2008 05:09 AM 23,040 mouclass.sys
08/17/2001 01:18 PM 12,160 mouhid.sys
04/14/2008 05:09 AM 42,368 mountmgr.sys
08/17/2001 02:22 PM 17,280 mraid35x.sys
04/14/2008 05:02 AM 180,608 mrxdav.sys
12/05/2009 04:52 AM 455,424 mrxsmb.sys
04/14/2008 05:02 AM 19,072 msfs.sys
04/14/2008 05:26 AM 35,072 msgpc.sys
04/14/2008 05:09 AM 7,552 mskssrv.sys
04/14/2008 05:09 AM 5,376 mspclock.sys
04/14/2008 05:09 AM 4,992 mspqm.sys
04/14/2008 05:06 AM 15,488 mssmbios.sys
08/03/2004 11:41 PM 126,686 mtlmnt5.sys
08/03/2004 11:41 PM 1,309,184 mtlstrm.sys
08/03/2004 11:29 PM 452,736 mtxparhm.sys
04/14/2008 05:47 AM 105,344 mup.sys
04/14/2008 05:13 AM 12,672 mutohpen.sys
04/14/2008 05:50 AM 182,656 ndis.sys
04/14/2008 05:27 AM 10,112 ndistapi.sys
04/14/2008 05:25 AM 14,592 ndisuio.sys
04/14/2008 05:50 AM 91,520 ndiswan.sys
04/14/2008 05:27 AM 40,576 ndproxy.sys
04/14/2008 05:26 AM 34,688 netbios.sys
04/14/2008 05:51 AM 162,816 netbt.sys
07/17/2004 12:35 PM 67,866 netwlan5.img
04/14/2008 05:21 AM 61,824 nic1394.sys
08/04/2004 08:30 PM 12,032 nikedrv.sys
02/05/2010 07:09 AM NIS
04/14/2008 05:23 AM 40,320 nmnt.sys
03/19/2009 03:48 PM 136,704 nmwcdnsu.sys
03/19/2009 03:48 PM 8,320 nmwcdnsuc.sys
04/14/2008 05:02 AM 30,848 npfs.sys
04/14/2008 05:45 AM 574,976 ntfs.sys
08/03/2004 11:41 PM 180,360 ntmtlfax.sys
08/04/2004 08:30 PM 2,944 null.sys
08/03/2004 11:29 PM 1,897,408 nv4_mini.sys
08/04/2004 08:30 PM 12,416 nwlnkflt.sys
08/04/2004 08:30 PM 32,512 nwlnkfwd.sys
04/14/2008 05:26 AM 88,320 nwlnkipx.sys
08/04/2004 08:30 PM 63,232 nwlnknb.sys
08/04/2004 08:30 PM 55,936 nwlnkspx.sys
03/01/2006 02:46 AM 7,537 O2MDDISK.CAT
03/15/2005 01:30 PM 886 O2MDDISK.INF
03/01/2006 02:46 AM 7,960 O2MEDIA.CAT
02/27/2006 03:42 PM 1,705 O2MEDIA.INF
02/27/2006 03:30 PM 34,880 o2media.sys
02/11/2005 05:32 AM 8,655 O2MWXP.CAT
02/09/2005 03:03 PM 4,286 O2MWXP.INF
02/24/2006 08:17 AM 7,948 O2SD.CAT
02/22/2006 08:42 AM 1,683 O2SD.INF
02/20/2006 04:31 PM 29,056 o2sd.sys
02/24/2006 08:17 AM 7,537 O2SDDISK.CAT
03/15/2005 02:32 PM 874 O2SDDISK.INF
04/14/2008 05:16 AM 61,696 ohci1394.sys
08/04/2004 08:30 PM 3,456 oprghdlr.sys
04/14/2008 05:01 AM 42,752 p3.sys
04/14/2008 05:10 AM 80,128 parport.sys
04/14/2008 05:10 AM 19,712 partmgr.sys
08/04/2004 08:30 PM 6,784 parvdm.sys
08/26/2008 11:26 AM 18,816 pccsmcfd.sys
04/14/2008 05:06 AM 68,224 pci.sys
08/17/2001 02:21 PM 3,328 pciide.sys
04/14/2008 05:10 AM 24,960 pciidex.sys
04/14/2008 05:06 AM 120,192 pcmcia.sys
02/15/2008 02:11 PM 55,904 pctfw.sys
02/15/2008 02:11 PM 100,448 pctfw1.sys
08/17/2001 02:37 PM 27,296 perc2.sys
08/17/2001 02:37 PM 5,504 perc2hib.sys
04/14/2008 05:49 AM 146,048 portcls.sys
04/14/2008 05:01 AM 35,840 processr.sys
04/14/2008 05:26 AM 69,120 psched.sys
08/04/2004 08:30 PM 17,792 ptilink.sys
07/04/2008 12:22 PM 44,944 pxhelp20.sys
08/17/2001 02:22 PM 40,320 ql1080.sys
08/17/2001 02:22 PM 33,152 ql10wnt.sys
08/17/2001 02:22 PM 45,312 ql12160.sys
08/17/2001 02:22 PM 40,448 ql1240.sys
08/17/2001 02:22 PM 49,024 ql1280.sys
08/04/2004 08:30 PM 8,832 rasacd.sys
04/14/2008 05:49 AM 51,328 rasl2tp.sys
04/14/2008 05:27 AM 41,472 raspppoe.sys
04/14/2008 05:49 AM 48,384 raspptp.sys
08/04/2004 08:30 PM 16,512 raspti.sys
08/04/2004 08:30 PM 34,432 rawwan.sys
04/14/2008 05:58 AM 175,744 rdbss.sys
08/04/2004 08:30 PM 4,224 rdpcdd.sys
04/14/2008 05:02 AM 196,224 rdpdr.sys
04/14/2008 10:43 AM 139,656 rdpwd.sys
08/03/2004 11:41 PM 13,776 recagent.sys
04/14/2008 05:10 AM 57,600 redbook.sys
04/14/2008 05:16 AM 59,136 rfcomm.sys
08/04/2004 08:30 PM 12,032 rio8drv.sys
08/04/2004 08:30 PM 12,032 riodrv.sys
05/09/2008 12:32 AM 203,136 rmcast.sys
04/14/2008 05:26 AM 30,592 rndismp.sys
04/14/2008 05:26 AM 30,592 rndismpx.sys
08/04/2004 08:30 PM 5,888 rootmdm.sys
02/16/2006 03:46 PM 40 RtkHDAud.dat
12/19/2005 06:07 PM 4,127,232 RtkHDAud.Sys
08/03/2004 11:29 PM 166,912 s3gnbm.sys
04/14/2008 05:10 AM 96,384 scsiport.sys
04/14/2008 05:06 AM 79,232 sdbus.sys
11/13/2007 08:55 PM 20,480 secdrv.sys
04/14/2008 05:10 AM 15,744 serenum.sys
04/14/2008 05:45 AM 64,512 serial.sys
04/14/2008 05:10 AM 11,904 sffdisk.sys
04/14/2008 05:10 AM 10,240 sffp_mmc.sys
04/14/2008 05:10 AM 11,008 sffp_sd.sys
04/14/2008 05:10 AM 11,392 sfloppy.sys
04/14/2008 10:42 AM 3,901 siint5.dll
04/14/2008 05:06 AM 40,960 sisagp.sys
10/02/2002 09:57 AM 13,532 SjyPkt.sys
08/03/2004 11:41 PM 129,535 slnt7554.sys
08/03/2004 11:41 PM 404,990 slntamr.sys
08/03/2004 11:41 PM 95,424 slnthal.sys
08/03/2004 11:41 PM 13,240 slwdmsup.sys
04/14/2008 05:06 AM 5,888 smbali.sys
08/04/2004 08:30 PM 14,592 smclib.sys
04/14/2008 05:16 AM 25,344 sonydcam.sys
08/17/2001 01:26 PM 7,552 SONYPVU1.SYS
08/17/2001 02:37 PM 19,072 sparrow.sys
04/14/2008 05:15 AM 6,272 splitter.sys
04/14/2008 05:06 AM 73,472 sr.sys
01/01/2010 03:20 AM 353,792 srv.sys
04/14/2008 05:15 AM 49,408 stream.sys
04/14/2008 05:09 AM 4,352 swenum.sys
04/14/2008 05:15 AM 56,576 swmidi.sys
08/17/2001 02:37 PM 16,256 symc810.sys
08/17/2001 02:37 PM 32,640 symc8xx.sys
09/09/2009 08:54 AM 7,456 SYMEVENT.CAT
09/09/2009 08:54 AM 806 SYMEVENT.INF
09/09/2009 08:54 AM 124,976 SYMEVENT.SYS
08/22/2009 05:51 PM 36,400 SymIM.sys
08/17/2001 02:37 PM 28,384 sym_hi.sys
08/17/2001 02:37 PM 30,688 sym_u3.sys
03/10/2005 07:01 PM 189,408 SynTP.sys
04/14/2008 05:45 AM 60,800 sysaudio.sys
04/14/2008 05:10 AM 14,976 tape.sys
06/20/2008 10:21 PM 361,600 tcpip.sys
06/20/2008 09:38 PM 225,856 tcpip6.sys
04/14/2008 05:30 AM 19,072 tdi.sys
04/14/2008 10:43 AM 12,040 tdpipe.sys
04/14/2008 10:43 AM 21,896 tdtcp.sys
04/14/2008 10:43 AM 40,840 termdd.sys
08/04/2004 08:30 PM 51,712 tosdvd.sys
08/17/2001 02:21 PM 4,992 toside.sys
08/04/2004 08:30 PM 21,376 tsbvcap.sys
04/14/2008 05:26 AM 12,288 tunmp.sys
05/05/2004 02:25 AM 23,296 U2S2KXP.sys
04/14/2008 05:06 AM 44,672 uagp35.sys
04/14/2008 05:02 AM 66,048 udfs.sys
08/17/2001 02:22 PM 36,736 ultra.sys
09/01/2009 12:30 PM UMDF
04/14/2008 05:09 AM 384,768 update.sys
04/14/2008 05:26 AM 12,800 usb8023.sys
04/14/2008 05:26 AM 12,800 usb8023x.sys
04/14/2008 05:15 AM 25,600 usbcamd.sys
04/14/2008 05:15 AM 25,728 usbcamd2.sys
04/14/2008 05:15 AM 32,128 usbccgp.sys
08/17/2001 02:33 PM 4,736 usbd.sys
04/14/2008 05:15 AM 30,208 usbehci.sys
04/14/2008 05:15 AM 59,520 usbhub.sys
04/14/2008 05:15 AM 15,872 usbintel.sys
04/14/2008 05:15 AM 143,872 usbport.sys
04/14/2008 05:17 AM 25,856 usbprint.sys
04/14/2008 05:15 AM 15,104 usbscan.sys
04/14/2008 05:15 AM 26,112 usbser.sys
02/09/2009 09:37 AM 7,808 usbser_lowerflt.sys
02/09/2009 09:37 AM 7,808 usbser_lowerfltj.sys
04/14/2008 05:15 AM 26,368 usbstor.sys
04/14/2008 05:15 AM 20,608 usbuhci.sys
04/14/2008 05:16 AM 121,984 usbvideo.sys
04/14/2008 10:42 AM 11,325 vchnt5.dll
08/04/2004 08:30 PM 58,112 vdmindvd.sys
04/14/2008 05:14 AM 20,992 vga.sys
04/14/2008 05:06 AM 42,240 viaagp.sys
04/14/2008 05:10 AM 5,376 viaide.sys
04/14/2008 05:14 AM 81,664 videoprt.sys
04/14/2008 05:11 AM 52,352 volsnap.sys
12/05/2005 01:25 AM 1,428,096 w39n51.sys
04/14/2008 05:13 AM 14,208 wacompen.sys
08/03/2004 11:29 PM 11,807 wadv07nt.sys
08/03/2004 11:29 PM 11,295 wadv08nt.sys
08/03/2004 11:29 PM 11,871 wadv09nt.sys
08/03/2004 11:29 PM 11,935 wadv11nt.sys
04/14/2008 05:27 AM 34,560 wanarp.sys
08/03/2004 11:29 PM 22,271 watv06nt.sys
08/03/2004 11:29 PM 25,471 watv10nt.sys
03/27/2008 04:27 PM 503,008 wdf01000.sys
03/27/2008 04:27 PM 35,040 wdfldr.sys
04/14/2008 05:47 AM 83,072 wdmaud.sys
03/27/2006 06:53 PM 167,808 wg111v2.sys
08/04/2004 08:30 PM 4,352 wmilib.sys
10/18/2006 08:00 PM 38,528 wpdusb.sys
08/04/2004 08:30 PM 12,032 ws2ifsl.sys
01/18/2008 11:52 PM 77,696 WudfPf.sys
01/18/2008 11:53 PM 83,328 WudfRd.sys
367 File(s) 40,089,650 bytes

Directory of C:\Windows\System32\Drivers\disdn

03/31/2005 06:21 PM .
03/31/2005 06:21 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

08/24/2008 10:01 PM .
08/24/2008 10:01 PM ..
08/04/2004 08:30 PM 734 hosts
08/04/2004 08:30 PM 734 hosts.msn
08/04/2004 08:30 PM 3,683 lmhosts.sam
08/04/2004 08:30 PM 407 networks
08/04/2004 08:30 PM 799 protocol
08/04/2004 08:30 PM 7,116 services
6 File(s) 13,473 bytes

Directory of C:\Windows\System32\Drivers\NIS

02/05/2010 07:09 AM .
02/05/2010 07:09 AM ..
02/04/2010 05:05 PM 1008000.029
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\NIS\1008000.029

02/04/2010 05:05 PM .
02/04/2010 05:05 PM ..
08/22/2009 05:51 PM 7,400 BHDrvx86.CAT
08/22/2009 05:51 PM 640 BHDrvx86.inf
08/22/2009 05:51 PM 259,632 BHDrvx86.sys
02/24/2010 02:02 PM 707,586 Cat.DB
08/22/2009 05:51 PM 7,383 ccHPx86.cat
08/22/2009 05:51 PM 1,752 ccHPx86.inf
02/03/2010 02:12 PM 482,432 cchpx86.sys
02/03/2010 02:12 PM 172 isolate.ini
08/22/2009 05:51 PM 7,425 srtsp.cat
08/22/2009 05:51 PM 1,382 srtsp.inf
08/22/2009 05:51 PM 308,272 srtsp.sys
08/22/2009 05:51 PM 7,429 srtspx.cat
08/22/2009 05:51 PM 1,388 srtspx.inf
08/22/2009 05:51 PM 43,696 srtspx.sys
08/22/2009 05:51 PM 7,431 SymEFA.cat
08/22/2009 05:51 PM 3,373 SymEFA.inf
08/22/2009 05:51 PM 310,320 SymEFA.sys
08/22/2009 05:51 PM 89,904 symfw.sys
08/22/2009 05:51 PM 33,072 symids.sys
08/22/2009 05:51 PM 36,400 symndis.sys
08/22/2009 05:51 PM 48,688 symndisv.sys
08/22/2009 05:51 PM 9,402 SymNet.cat
08/22/2009 05:51 PM 1,561 SymNet.inf
09/09/2009 08:52 AM 9,412 symnetv.cat
09/09/2009 08:52 AM 1,562 SymNetV.inf
08/22/2009 05:51 PM 217,136 symtdi.sys
26 File(s) 2,604,850 bytes

Directory of C:\Windows\System32\Drivers\UMDF

09/01/2009 12:30 PM .
09/01/2009 12:30 PM ..
05/11/2009 02:30 PM 547,840 PCCSWpdDriver.dll
10/18/2006 09:47 PM 671,232 wpdmtpdr.dll
2 File(s) 1,219,072 bytes

Total Files Listed:
401 File(s) 43,927,045 bytes
17 Dir(s) 23,242,293,248 bytes free


***********************Hidden Drivers********************
Volume in drive C is HDD
Volume Serial Number is 5894-BBC4

Directory of C:\Windows\System32\Drivers

09/16/2008 12:53 AM 0 MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
01/19/2009 11:07 AM 0 MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
09/01/2009 12:35 PM 0 MsftWdf_user_01_07_00.Wdf
09/16/2008 12:53 AM 0 Msft_Kernel_ccdcmb_01005.Wdf
01/19/2009 11:07 AM 0 Msft_Kernel_ccdcmb_01007.Wdf
09/01/2009 12:35 PM 0 Msft_User_PCCSWpdDriver_01_07_00.Wdf
6 File(s) 0 bytes
0 Dir(s) 23,242,301,440 bytes free


*********************Processes*******************


PROCESS PID PRIO PATH
smss.exe 1076 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 1172 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 1196 High C:\WINDOWS\system32\winlogon.exe
services.exe 1240 Normal C:\WINDOWS\system32\services.exe
lsass.exe 1252 Normal C:\WINDOWS\system32\lsass.exe
svchost.exe 1416 Normal C:\WINDOWS\system32\svchost.exe
FWService.exe 1476 Normal C:\Program Files\PC Tools Firewall Plus\FWService.exe
svchost.exe 1508 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1548 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 1592 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1676 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1844 Normal C:\WINDOWS\system32\svchost.exe
spoolsv.exe 364 Normal C:\WINDOWS\system32\spoolsv.exe
svchost.exe 476 Normal C:\WINDOWS\system32\svchost.exe
AluSchedulerSvc.exe 648 Normal C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
Explorer.EXE 744 Normal C:\WINDOWS\Explorer.EXE
CLCapSvc.exe 784 Normal c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
CLMLServer.exe 816 Normal C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
HIDSERVICE.exe 844 Normal c:\APPS\HIDSERVICE\HIDSERVICE.exe
CLMLService.exe 852 Normal C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
jqs.exe 996 Idle C:\Program Files\Java\jre6\bin\jqs.exe
PifSvc.exe 1128 Normal C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
MDM.EXE 1352 Normal C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
ccSvcHst.exe 1424 Normal C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
o2flash.exe 1660 Normal C:\WINDOWS\system32\o2flash.exe
svchost.exe 1712 Normal C:\WINDOWS\system32\svchost.exe
CLSched.exe 1836 Normal c:\APPS\Powercinema\Kernel\TV\CLSched.exe
SearchIndexer.exe 472 Normal C:\WINDOWS\system32\SearchIndexer.exe
wscntfy.exe 2172 Normal C:\WINDOWS\system32\wscntfy.exe
SynTPLpr.exe 3192 Normal C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh.exe 3260 Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
igfxtray.exe 3296 Normal C:\WINDOWS\system32\igfxtray.exe
hkcmd.exe 3492 Normal C:\WINDOWS\system32\hkcmd.exe
igfxpers.exe 3508 Normal C:\WINDOWS\system32\igfxpers.exe
RTHDCPL.EXE 3556 Normal C:\WINDOWS\RTHDCPL.EXE
PCMService.exe 3616 Normal C:\Apps\Powercinema\PCMService.exe
WLan.exe 3652 Normal C:\WINDOWS\system32\WLan.exe
realsched.exe 3708 Normal C:\Program Files\Common Files\Real\Update_OB\realsched.exe
FirewallGUI.exe 3936 Normal C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PifSvc.exe 572 Normal C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
jusched.exe 756 Normal C:\Program Files\Common Files\Java\Java Update\jusched.exe
alg.exe 2680 Normal C:\WINDOWS\System32\alg.exe
ctfmon.exe 3000 Normal C:\WINDOWS\system32\ctfmon.exe
GoogleToolbarNotifier.exe 3068 Normal C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PCSuite.exe 3236 Normal C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
ccSvcHst.exe 3356 Normal C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
hpohmr08.exe 3920 Normal C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
RtlWake.exe 2972 Normal C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
WindowsSearch.exe 3064 Normal C:\Program Files\Windows Desktop Search\WindowsSearch.exe
SPUVolumeWatcher.exe 3344 Normal C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
hpoevm08.exe 3804 Normal C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
iexplore.exe 3888 Normal C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 248 Normal C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 2796 Normal C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 2088 Normal C:\Program Files\Internet Explorer\iexplore.exe
hpoSTS08.exe 3404 Normal C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
ServiceLayer.exe 3704 Normal C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
NclRSSrv.exe 588 High C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
NclUSBSrv.exe 4152 High C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
infocard.exe 2100 Normal C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
SearchProtocolHost.exe 3120 Below Normal C:\WINDOWS\system32\SearchProtocolHost.exe
SearchFilterHost.exe 3212 Below Normal C:\WINDOWS\system32\SearchFilterHost.exe
cmd.exe 5908 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 5264 Normal C:\Documents and Settings\Scott Jones\Desktop\SpiderKill\processes.exe


Module information for 'Explorer.EXE'(744)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1511424 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18876 (longhorn_ie8_gdr.091218-1700) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1253376 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18876 (longhorn_ie8_gdr.091218-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18876 (longhorn_ie8_gdr.091218-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
LPK.DLL 629c0000 36864 C:\WINDOWS\system32\LPK.DLL 5.1.2600.5512 (xpsp.080413-2105) Language Pack
USP10.dll 74d90000 438272 C:\WINDOWS\system32\USP10.dll 1.0420.2600.5512 (xpsp.080413-2105) Uniscribe Unicode script processor
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 1150000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
actxprxy.dll 71d40000 110592 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
deskbar.dll 1810000 606208 C:\Program Files\Windows Desktop Search\deskbar.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search Deskbar extension
dbres.dll.mui 10000000 16384 C:\Program Files\Windows Desktop Search\en-us\dbres.dll.mui 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search component
dbres.dll 18c0000 90112 C:\Program Files\Windows Desktop Search\dbres.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search component
wordwheel.dll 1930000 606208 C:\Program Files\Windows Desktop Search\wordwheel.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Windows Search component
WTSAPI32.dll 76f50000 32768 C:\WINDOWS\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
msnlExtRes.dll.mui 19e0000 32768 C:\Program Files\Windows Desktop Search\en-us\msnlExtRes.dll.mui 7.0.6001.16503 (longhorn(wmbla).080526-2159) Search Results View Resources
msnlExtRes.dll 19f0000 618496 C:\Program Files\Windows Desktop Search\msnlExtRes.dll 7.0.6001.16503 (longhorn(wmbla).080526-2159) Search Results View Resources
msxml3.dll 74980000 1191936 C:\WINDOWS\system32\msxml3.dll 8.100.1051.0 MSXML 3.0 SP10
ws2_32.dll 71ab0000 94208 C:\WINDOWS\system32\ws2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
ieframe.dll 3e1c0000 11087872 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18876 (longhorn_ie8_gdr.091218-1700) Internet Explorer
MSNLNamespaceMgr.dll 2f30000 315392 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 7.00.6001.18260 (vistasp1_gdr_oobsvc.090524-1500) Windows Search Namespace Manager
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
webcheck.dll 3100000 249856 C:\WINDOWS\system32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
WPDShServiceObj.dll 164a0000 143360 C:\WINDOWS\system32\WPDShServiceObj.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device Shell Service Object
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.5868 (xpsp_sp3_gdr.090824-1328) Windows HTTP Services
mydocs.dll 72410000 106496 C:\WINDOWS\system32\mydocs.dll 6.00.2900.5512 (xpsp.080413-2105) My Documents Folder UI
PhoneBrowser.dll 33e0000 630784 C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll 7, 1, 108, 0 Phone Browser
NGSCM.DLL 3480000 933888 C:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.DLL 7, 1, 154, 0 Next Gen Suite Common Modules
OLEPRO32.DLL 5edd0000 94208 C:\WINDOWS\system32\OLEPRO32.DLL 5.1.2600.5512 5.1.2600.5512
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.5512 (xpsp.080413-2105) Common Dialogs DLL
gdiplus.dll 4ec50000 1748992 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll 5.2.6001.22319 (vistasp1_ldr.081126-1506) Microsoft GDI+
MSVCP80.dll 7c420000 552960 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCP80.dll 8.00.50727.4053 Microsoft® C++ Runtime Library
MSVCR80.dll 3570000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll 8.00.50727.4053 Microsoft® C Runtime Library
PhoneBrowser_eng.nlr 3730000 36864 C:\Program Files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr 7, 1, 69, 0 Nokia Phone Browser language resources
PhoneBrowser_Nokia.ngr 3740000 581632 C:\Program Files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr 7, 1, 21, 0 Nokia Phone Browser graphics resources
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
PortableDeviceTypes.dll 109c0000 180224 C:\WINDOWS\system32\PortableDeviceTypes.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device (Parameter) Types Component
PortableDeviceApi.dll 10930000 299008 C:\WINDOWS\system32\PortableDeviceApi.dll 5.2.5721.5145 (WMP_11.061018-2006) Windows Portable Device API Components
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
mslbui.dll 605d0000 36864 C:\WINDOWS\system32\mslbui.dll 5.1.2600.5512 (xpsp.080413-2105) LangageBar Add In
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
WinSCard.dll 723d0000 114688 C:\WINDOWS\system32\WinSCard.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft Smart Card API
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration service API
ASOEHOOK.DLL 6e610000 438272 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\16.8.0.41\ASOEHOOK.DLL 4.5.0.46 AntiSpam OE Hook
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
rarext.dll 16e0000 188416 C:\Program Files\WinRAR\rarext.dll
NavShExt.dll 677b0000 278528 C:\Program Files\Norton Internet Security\Engine\16.8.0.41\NavShExt.dll 16.8.0.41 Symantec Shared Component Shell Extension Module
ccVrTrst.dll 6b050000 94208 C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccVrTrst.dll 108.1.1.10 Symantec Trust Validation Engine
ccL80U.dll 6ae10000 532480 C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccL80U.dll 108.1.1.10 Symantec Library
EFACli.dll 69380000 49152 C:\Program Files\Norton Internet Security\Engine\16.8.0.41\EFACli.dll 1.1.0.4 Symantec Extended File Attributes
ccSet.dll 6afb0000 262144 C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSet.dll 108.1.1.10 Symantec Settings Manager Engine
mbamext.dll 2d30000 98304 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1, 3, 0, 0 Malwarebytes' Anti-Malware
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
FETB.dll 2ea0000 147456 C:\Program Files\FraudEliminator\2.3.4\FETB.dll 1, 0, 0, 1 FETB Module
MFC42.DLL 73dd0000 1040384 C:\WINDOWS\system32\MFC42.DLL 6.02.4131.0 MFCDLL Shared Library - Retail Version
FraudEliminatorMod.dll 45f0000 299008 C:\Program Files\FraudEliminator\2.3.4\FraudEliminatorMod.dll 1, 0, 0, 1 FraudEliminatorMod Module
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\system32\WSOCK32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
PDFShell.dll 4640000 372736 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 9.3.0.148 PDF Shell Extension
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
msohev.dll 325c0000 73728 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 11.0.5510 Microsoft Office 2003 component
MSISIP.DLL 605f0000 28672 C:\WINDOWS\system32\MSISIP.DLL 3.1.4001.5512 MSI Signature SIP Provider
wshext.dll 7dfa0000 90112 C:\WINDOWS\system32\wshext.dll 5.7.0.18066 Microsoft (R) Shell Extension for Windows script Host
MCPS.DLL 36d30000 110592 C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL 11.0.8164 Media Catalog Proxy/Stub



******************************************
EOF

Taylz
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-02-22
OS OS : Windows XP
Points Points : 24827
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Java.Selace.k /.n/ .o infection + no access to own ethernet modem

Post by Dr Jay on Sat Feb 27, 2010 3:33 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Trojan.Java.Selace.k /.n/ .o infection + no access to own ethernet modem

Post by Taylz on Sat Feb 27, 2010 9:16 pm

Dragonmaster here is the MBAM log

Malwarebytes' Anti-Malware 1.44
Database version: 3804
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/28/2010 7:35:05 AM
mbam-log-2010-02-28 (07-35-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 168069
Time elapsed: 38 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Scott Jones\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Is the system safe to install Norton 360 2010?

Also how does one close the backdoors that the trojan may have exploited??

Is there any evidence of someone else's arbitrary code installed somewhere here?

Last question. Since I disabled my my encrpyted router suspecting a breach. Should I completely re-install it to make sure it is not corrupted or compromised??

Cheers Taylz

Taylz
Novice
Novice

Posts Posts : 5
Joined Joined : 2010-02-22
OS OS : Windows XP
Points Points : 24827
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan.Java.Selace.k /.n/ .o infection + no access to own ethernet modem

Post by Dr Jay on Sun Feb 28, 2010 4:04 am

Yes it is safe to install Norton 360.

There are no backdoors open on the system.

That result in MBAM was because of the renamed HijackThis on the Desktop.

No arbitrary code, and no breaches. Seems fine. However, for your modem, call your Internet Service Provider so they can get that back on track. That is beyond our expertise.

=========

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum