Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
I need some help with a bad virus
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > I need some help with a bad virus  
Forum Quick Jump
 
New Topic Post reply to : I need some help with a bad virus Printable version of : I need some help with a bad virus
39 posts in this thread.
Viewing Page :  1  2 
[ << Previous Thread | Next Thread >> ]

Shadow22
New Member


Date Joined Feb 2010
Total Posts : 21
  		   Posted 2-9-2010 12:34 (GMT +2)    Quote: I need some help with a bad virusAlert an admin about: I need some help with a bad virus
Could someone please help...
 
Logfile of HijackThis v1.99.1
Scan saved at 6:34:03 AM, on 2/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [tgcmd] "c:\program files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [frawvstj] C:\Documents and Settings\James\Local Settings\Application Data\tltrul\kustsftav.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [frawvstj] C:\Documents and Settings\James\Local Settings\Application Data\tltrul\kustsftav.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199760516625
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: psfus - C:\Program Files\IBM fingerprint software\psfus.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe
 
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1424
  		   Posted 2-10-2010 2:07 (GMT +2)    Quote: I need some help with a bad virusAlert an admin about: I need some help with a bad virus
Welcome to BG forums Shadow22,

Vundo variant malware showing here. Let's get more details and then start some repairs.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Back to Top
 

Shadow22
New Member


Date Joined Feb 2010
Total Posts : 21
  		   Posted 2-13-2010 2:23 (GMT +2)    Quote: I need some help with a bad virusAlert an admin about: I need some help with a bad virus
Receiving error message, looks like I will need to use three sperate posts.
1st file requested:




Logfile of random's system information tool 1.06 (written by random/random)
Run by James at 2010-02-13 06:05:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (80%) free of 72 GB
Total RAM: 510 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:41 AM, on 2/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\program files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSCM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\James\Desktop\RSIT.exe
C:\Program Files\trend micro\James.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [tgcmd] "c:\program files\Support.com\bin\tgcmd.exe" /server /nosystray /deaf
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [frawvstj] C:\Documents and Settings\James\Local Settings\Application Data\tltrul\kustsftav.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [frawvstj] C:\Documents and Settings\James\Local Settings\Application Data\tltrul\kustsftav.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1199760516625
O17 - HKLM\System\CCS\Services\Tcpip\..\{E73F6CCC-B1F9-4D76-912D-4BD995B2BDA0}: NameServer = 68.28.250.92 68.28.242.91
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe
--
End of file - 9008 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\PMTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-28 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-08 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-08 512000]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2004-02-04 897024]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2005-04-05 106496]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2005-04-04 94208]
"ControlCenter"=C:\Program Files\IBM fingerprint software\ctlcntr.exe [2005-04-12 286821]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2004-11-12 40960]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2005-03-23 217088]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-05-11 344064]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-09-02 127035]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe [2004-08-06 442368]
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe [2005-04-27 90112]
"QCTRAY"=C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [2005-03-18 745472]
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [2005-03-18 86016]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"tgcmd"=c:\program files\Support.com\bin\tgcmd.exe [2002-04-12 1564737]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe [2002-07-11 188416]
"frawvstj"=C:\Documents and Settings\James\Local Settings\Application Data\tltrul\kustsftav.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [2004-08-06 442368]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"frawvstj"=C:\Documents and Settings\James\Local Settings\Application Data\tltrul\kustsftav.exe []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-05-11 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\IBM fingerprint software\psfus.dll [2005-04-12 110179]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
C:\WINDOWS\system32\QConGina.dll [2005-03-18 262144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2004-08-12 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
pwdmon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-13 06:05:28 ----D---- C:\Program Files\trend micro
2010-02-13 06:05:27 ----D---- C:\rsit
2010-02-13 05:57:13 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-02-13 05:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-13 05:53:07 ----D---- C:\WINDOWS\LastGood
2010-02-13 05:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-01-28 16:20:01 ----D---- C:\WINDOWS\Sun
2010-01-28 16:03:25 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-28 16:03:22 ----D---- C:\Program Files\Common Files\Java
2010-01-28 16:02:54 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-28 16:02:54 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-28 16:02:54 ----A---- C:\WINDOWS\system32\java.exe
2010-01-28 16:02:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-28 16:02:29 ----D---- C:\Program Files\Java
2010-01-28 15:58:45 ----D---- C:\Documents and Settings\James\Application Data\Sun
2010-01-14 12:37:31 ----D---- C:\Documents and Settings\James\Application Data\Help
2010-01-14 05:24:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-14 05:23:56 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
======List of files/folders modified in the last 1 months======
2010-02-13 06:05:28 ----RD---- C:\Program Files
2010-02-13 06:04:52 ----A---- C:\WINDOWS\ModemLog_Sierra Wireless AirCard 595U Modem Device.txt
2010-02-13 06:00:12 ----D---- C:\WINDOWS\Prefetch
2010-02-13 05:59:55 ----HD---- C:\WINDOWS\inf
2010-02-13 05:57:23 ----AD---- C:\WINDOWS
2010-02-13 05:57:20 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-13 05:57:16 ----D---- C:\WINDOWS\system32
2010-02-13 05:53:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-13 05:53:06 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-13 05:51:55 ----D---- C:\WINDOWS\Temp
2010-02-13 05:39:47 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-10 05:25:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-07 14:04:02 ----D---- C:\Program Files\Mozilla Firefox
2010-02-04 23:00:05 ----SHD---- C:\WINDOWS\Installer
2010-02-04 23:00:05 ----HD---- C:\Config.Msi
2010-02-04 22:55:48 ----RSD---- C:\WINDOWS\assembly
2010-02-04 22:55:48 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-04 22:54:14 ----SD---- C:\Documents and Settings\James\Application Data\Microsoft
2010-02-04 22:53:56 ----RSD---- C:\WINDOWS\Fonts
2010-02-04 22:51:11 ----D---- C:\WINDOWS\WinSxS
2010-02-04 22:45:56 ----D---- C:\Program Files\TurboTax
2010-01-28 16:03:22 ----D---- C:\Program Files\Common Files
2010-01-23 13:44:32 ----D---- C:\Program Files\Internet Explorer
2010-01-23 07:41:52 ----A---- C:\WINDOWS\imsins.BAK
2010-01-23 07:41:34 ----D---- C:\WINDOWS\system32\en-US
2010-01-19 21:57:30 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-01-14 11:12:05 ----D---- C:\WINDOWS\AppPatch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-03-18 11520]
R1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2005-03-18 2432]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ShockMgr;ShockMgr; C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 4608]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2005-01-21 14848]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2005-01-21 9340]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-09-06 16370]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2005-04-14 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2005-05-17 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-10-24 17119]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 PMEM;PMEM; \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R2 SmiHlp;SMI helper driver; \??\C:\Program Files\IBM fingerprint software\smihlp.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-09-02 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-09-02 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-09-02 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-09-02 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-09-02 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-09-02 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-09-02 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-09-02 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-09-02 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-05-11 1133056]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-17 132608]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-11-10 1041664]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-11-10 200448]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2004-11-05 12944]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-10 260224]
R3 swmsflt;swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [2007-08-10 24456]
R3 SWMX00;Sierra Wireless USB MUX Driver (#00); C:\WINDOWS\system32\DRIVERS\swmx00.sys [2007-06-27 73856]
R3 SWNC5E00;Sierra Wireless MUX NDIS Driver (#00); C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys [2007-06-27 101248]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-08 177504]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2005-04-12 26240]
R3 TPInput;TPInput; C:\WINDOWS\System32\DRIVERS\TPInput.sys [2004-12-02 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1; C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 14336]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-02-14 3255168]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-11-10 685184]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\D:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-02-01 12416]
S3 Profos;Profos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys []
S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys []
S3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2005-03-18 12288]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys []
S3 Trufos;Trufos; \??\C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WAM;Wicked Access by Mark; \??\C:\Program Files\IBM\IBM Rapid Restore Ultra\WAM.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-05-11 364544]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-02-18 86016]
R2 IBM Rapid Restore Ultra Service;IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [2005-04-27 385024]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2004-11-05 57344]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-28 153376]
R2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2005-03-18 77824]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-02-18 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-02-18 360521]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SPCSUtilityService;SPCSUtilityService; C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe [2007-08-29 131072]
R2 TPHDEXLGSVC;IBM HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.EXE [2004-05-24 77824]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-11 32768]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vtserver;Protector Suite Virtual Token; C:\Program Files\Common Files\Virtual Token\vtserver.exe [2005-04-12 40554]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-11 28160]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Back to Top
 

Shadow22
New Member


Date Joined Feb 2010
Total Posts : 21
  		   Posted 2-13-2010 2:25 (GMT +2)    Quote: I need some help with a bad virusAlert an admin about: I need some help with a bad virus
2nd File requested:
 
 
 
info.txt logfile of random's system information tool 1.06 2010-02-13 06:05:44
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access IBM Message Center-->MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
Access IBM-->MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9  -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Apple QuickTime Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4302788-101F-11D6-8563-00500494EF5C}\SETUP.EXE"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
BroadJump CorrectConnect Engine-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BellSouth\CorrectConnect Engine\Uninst.isu" -c"C:\Program Files\BellSouth\CorrectConnect Engine\CCDUninstall.dll"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
hp deskjet 5550 series (Remove only)-->C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=5550 -huninstall
hp print screen utility-->C:\WINDOWS\system32\prnunins.exe
IBM 32-bit Runtime Environment for Java 2, v1.4.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
IBM Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x9 anything
IBM Active Protection System-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\SETUP.EXE" -l0x9 anything
IBM DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM Integrated 56K Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IIBM0559K.INF -ISFG
IBM RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IBM Rescue and Recovery with Rapid Restore-->MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
IBM SATA Power Management Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}\SETUP.EXE" -l0x9 anything
IBM Themes-->MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Configuration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
IBM ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad Presentation Director-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
IBM ThinkPad UltraNav Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" UNINSTALL
IBM ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
IBM TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
KODAK Picture CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C23837C-993E-11D4-9DE0-0060085C158A}\SETUP.EXE"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwar\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
PC-Doctor for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8F55B163-7B42-42A3-9307-C7FCB9655225} /l1033
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Software Installer-->_tpiu000.exe /U
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9  -removeonly
Sprint Mobile Broadband (Sierra)-->MsiExec.exe /I{6DCBB845-0FA4-4723-A40A-1F320C221C30}
Support.com Software-->"c:\program files\Support.com\bin\tgfix.exe" /rm /nq
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Basic 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
TurboTax 2009-->C:\Program Files\TurboTax\Basic 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
upapp-->MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Wallpapers-->MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9  -eliminate
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======System event log======
Computer Name: ORION
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.
Record Number: 87687
Source Name: b57w2k
Time Written: 20100124190446.000000-300
Event Type: warning
User:
Computer Name: ORION
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.
Record Number: 87660
Source Name: b57w2k
Time Written: 20100124083159.000000-300
Event Type: warning
User:
Computer Name: ORION
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.
Record Number: 87637
Source Name: b57w2k
Time Written: 20100124005835.000000-300
Event Type: warning
User:
Computer Name: ORION
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.
Record Number: 87614
Source Name: b57w2k
Time Written: 20100123134455.000000-300
Event Type: warning
User:
Computer Name: ORION
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.
Record Number: 87587
Source Name: b57w2k
Time Written: 20100123073657.000000-300
Event Type: warning
User:
=====Application event log=====
Computer Name: ORION
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {A82F0E80-1305-400C-BA56-375AE04264A1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The subscriber returned HRESULT 80004001.
Record Number: 35408
Source Name: EventSystem
Time Written: 20091126162032.000000-300
Event Type: warning
User:
Computer Name: ORION
Event Code: 1517
Message: Windows saved user ORION\Kristen registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 35402
Source Name: Userenv
Time Written: 20091126082007.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: ORION
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionLost method on subscription {45233130-B6C3-44FB-A6AF-487C47CEE611}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The subscriber returned HRESULT 80004001.
Record Number: 35401
Source Name: EventSystem
Time Written: 20091126081922.000000-300
Event Type: warning
User:
Computer Name: ORION
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionMade method on subscription {CD1DCBD6-A14D-4823-A0D2-8473AFDE360F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The subscriber returned HRESULT 80004001.
Record Number: 35400
Source Name: EventSystem
Time Written: 20091126081028.000000-300
Event Type: warning
User:
Computer Name: ORION
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {A82F0E80-1305-400C-BA56-375AE04264A1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The subscriber returned HRESULT 80004001.
Record Number: 35399
Source Name: EventSystem
Time Written: 20091126081028.000000-300
Event Type: warning
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ThinkPad\Utilities;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\PC-Doctor for Windows;C:\WINDOWS\Downloaded Program Files;%SystemDrive%\IBMTOOLS\Python22
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RRU"=C:\Program Files\IBM\IBM Rapid Restore Ultra\
"PYTHONPATH"=%SystemDrive%\IBMTOOLS\utils\support;%SystemDrive%\IBMTOOLS\utils\logger
"IBMSHARE"=%SystemDrive%\IBMSHARE
"TCL_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tcl8.4
"TK_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tk8.4
"PYTHONCASEOK"=1
-----------------EOF-----------------
 
 
Back to Top
 

Shadow22
New Member


Date Joined Feb 2010
Total Posts : 21
  		   Posted 2-13-2010 2:43 (GMT +2)    Quote: I need some help with a bad virusAlert an admin about: I need some help with a bad virus
3rd File requested (section #1):


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-13 06:29:27
Windows 5.1.2600 Service Pack 3
Running: e57fl604.exe; Driver: C:\DOCUME~1\James\LOCALS~1\Temp\pgtdapod.sys

---- System - GMER 1.0.15 ----
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwAddAtom [0x8060BEAA]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwAddBootEntry [0x8060CBFC]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwAllocateLocallyUniqueId [0x8060C4D0]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwAllocateUuids [0x8060BAE8]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCancelDeviceWakeupRequest [0x8060CBEE]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCancelTimer [0x8053501E]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwClearEvent [0x80605180]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCompactKeys [0x80619F02]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCompareTokens [0x805EF0D4]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCompressKey [0x8061A156]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwContinue [0x80540E10]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCreateDebugObject [0x80638A56]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCreateEvent [0x806051D0]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCreateEventPair [0x8060D472]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCreateKey [0x8061A332]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCreateMutant [0x8060D86A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCreateProfile [0x8060DC8A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCreateSemaphore [0x8060B206]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCreateTimer [0x8060D13A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCreateToken [0x805EF47C]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwDebugActiveProcess [0x80639B32]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwDebugContinue [0x80639C82]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwDelayExecution [0x8060CB3E]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwDeleteAtom [0x8060C360]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwDeleteKey [0x8061A7C2]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwDeleteValueKey [0x8061A992]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwDisplayString [0x8060917A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwEnumerateKey [0x8061AB72]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwEnumerateSystemEnvironmentValuesEx [0x8060CBE0]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwEnumerateValueKey [0x8061ADDC]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwFindAtom [0x8060C114]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwFlushKey [0x8061B046]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwGetWriteWatch [0x8051D9B2]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwImpersonateAnonymousToken [0x805EEDC8]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwInitializeRegistry [0x80618488]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwLoadKey [0x8061C52E]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwLoadKey2 [0x8061C13A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwLockProductActivationKeys [0x806096DC]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwLockRegistryKey [0x8061A202]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwNotifyChangeKey [0x8061C4F8]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwNotifyChangeMultipleKeys [0x8061B148]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                Z!!!enEvent [0x806052D0]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                Z!!!enEventPair [0x8060D54A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                Z!!!enKey [0x8061B704]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                Z!!!enMutant [0x8060D942]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                Z!!!enSemaphore [0x8060B300]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                Z!!!enTimer [0x8060D25C]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwPlugPlayControl [0x8063BD24]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwPrivilegeCheck [0x805EDE7A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwPulseEvent [0x80605388]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryDebugFilterState [0x8053C03E]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryDefaultLocale [0x80606F14]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryDefaultUILanguage [0x80607B74]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryEvent [0x80605450]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryInformationAtom [0x8060C388]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryInstallUILanguage [0x80607312]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryIntervalProfile [0x8060E10C]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryKey [0x8061BA2A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryMultipleValueKey [0x80619480]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryMutant [0x8060D9EA]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryOpenSubKeys [0x80619B2C]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryPerformanceCounter [0x8060E19A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQuerySemaphore [0x8060B3B8]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQuerySystemEnvironmentValue [0x8060CC18]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQuerySystemEnvironmentValueEx [0x8060CBD2]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQuerySystemInformation [0x80607BF4]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQuerySystemTime [0x80609A90]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryTimer [0x8060D314]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryTimerResolution [0x80609348]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwQueryValueKey [0x8061856A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwRaiseException [0x80540E58]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwRaiseHardError [0x8060B02A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwReleaseMutant [0x8060DB22]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwReleaseSemaphore [0x8060B4E8]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwRemoveProcessDebug [0x80639C02]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwRenameKey [0x80619D54]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwReplaceKey [0x8061C3DE]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwResetEvent [0x80605562]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwResetWriteWatch [0x8051DE92]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwRestoreKey [0x8061BCEA]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSaveKey [0x8061BDE6]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSaveKeyEx [0x8061BECC]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSaveMergedKeys [0x8061BFF4]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetDebugFilterState [0x8063C8BA]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetDefaultHardErrorPort [0x8060AED4]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetDefaultLocale [0x80607064]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetDefaultUILanguage [0x806078D6]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetEvent [0x80605622]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetEventBoostPriority [0x806056EC]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetHighEventPair [0x8060D806]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetHighWaitLowEventPair [0x8060D736]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetInformationDebugObject [0x806395CC]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetInformationKey [0x8061904C]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetInformationToken [0x805F01F6]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetIntervalProfile [0x8060DC6E]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetLowEventPair [0x8060D7A2]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetLowWaitHighEventPair [0x8060D6CA]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetSystemEnvironmentValue [0x8060CE9C]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetSystemInformation [0x80605F22]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetSystemTime [0x8060A650]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetTimer [0x8053515A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetTimerResolution [0x80609B22]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetUuidSeed [0x8060B99E]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSetValueKey [0x806188B8]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwShutdownSystem [0x8060913E]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSignalAndWaitForSingleObject [0x80522C60]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwStartProfile [0x8060DEB8]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwStopProfile [0x8060E062]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwSystemDebugControl [0x8060E286]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwTraceEvent [0x80531838]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwTranslateFilePath [0x8060CC0A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwUnloadKey [0x80618BE2]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwUnloadKeyEx [0x80618DFC]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwVdmControl [0x805F15AE]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwWaitForDebugEvent [0x80639334]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwWaitHighEventPair [0x8060D666]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwWaitLowEventPair [0x8060D602]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwYieldExecution [0x8050223C]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwCreateKeyedEvent [0x8060E6DE]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                Z!!!enKeyedEvent [0x8060E7C8]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwReleaseKeyedEvent [0x8060E87A]
SSDT            \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                                ZwWaitForKeyedEvent [0x8060EB06]
---- Kernel code sections - GMER 1.0.15 ----
.text           ntkrnlpa.exe!KeFindConfigurationEntry + FFE47314                                                                                                                         804D7764 4 Bytes  [94, 43, 78, 4A] {XCHG ESP, EAX; INC EBX; JS 0x4e}
.text           ntkrnlpa.exe!FsRtlLegalAnsiCharacterArray + 1D0                                                                                                                          804D7C70 2 Bytes  [30, 38] {XOR [EAX], BH}
.text           ntkrnlpa.exe!FsRtlLegalAnsiCharacterArray + 1D3                                                                                                                          804D7C73 1 Byte  [34]
.text           ntkrnlpa.exe!FsRtlLegalAnsiCharacterArray + 1D3                                                                                                                          804D7C73 4 Bytes  [34, 2D, 31, 34]
.text           ntkrnlpa.exe!FsRtlLegalAnsiCharacterArray + 1D8                                                                                                                          804D7C78 1 Byte  [35]
.text           ntkrnlpa.exe!FsRtlLegalAnsiCharacterArray + 15C4                                                                                                                         804D9064 1 Byte  [A5]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!CcCanIWrite + 167                                                                                                                                           804E079F 1 Byte  [AD]
.text           ntkrnlpa.exe!CcCanIWrite + 16E                                                                                                                                           804E07A6 1 Byte  [BE]
.text           ntkrnlpa.exe!CcCopyWrite + 8                                                                                                                                             804E088C 1 Byte  [90]
.text           ntkrnlpa.exe!CcCopyWrite + 61                                                                                                                                            804E08E5 1 Byte  [C7]
.text           ntkrnlpa.exe!CcCopyWrite + 180                                                                                                                                           804E0A04 1 Byte  [38]
.text           ntkrnlpa.exe!CcCopyWrite + 28F                                                                                                                                           804E0B13 1 Byte  [44]
.text           ntkrnlpa.exe!CcFastCopyWrite + 8                                                                                                                                         804E0B28 2 Bytes  CALL 80537F21 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!CcFastCopyWrite + 153                                                                                                                                       804E0C73 1 Byte  [C9]
.text           ntkrnlpa.exe!CcFastCopyWrite + 212                                                                                                                                       804E0D32 1 Byte  [25]
.text           ntkrnlpa.exe!CcDeferWrite + 72                                                                                                                                           804E0DB0 1 Byte  [9C]
.text           ntkrnlpa.exe!CcDeferWrite + 79                                                                                                                                           804E0DB7 1 Byte  [AD]
.text           ntkrnlpa.exe!CcSetReadAheadGranularity + 27                                                                                                                              804E0E11 1 Byte  [0B]
.text           ntkrnlpa.exe!CcSetReadAheadGranularity + 209                                                                                                                             804E0FF3 1 Byte  [25]
.text           ntkrnlpa.exe!CcSetReadAheadGranularity + 27B                                                                                                                             804E1065 2 Bytes  CALL 80537F5C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!CcSetReadAheadGranularity + 312                                                                                                                             804E10FC 1 Byte  [72]
.text           ntkrnlpa.exe!CcGetFlushedValidData + 93                                                                                                                                  804E15AB 1 Byte  [91]
.text           ntkrnlpa.exe!CcGetFlushedValidData + 12D                                                                                                                                 804E1645 1 Byte  [EB]
.text           ntkrnlpa.exe!CcRepinBcb + 162                                                                                                                                            804E180E 1 Byte  [E6]
.text           ntkrnlpa.exe!CcRepinBcb + 1AE                                                                                                                                            804E185A 1 Byte  [EE]
.text           ntkrnlpa.exe!CcRepinBcb + 1D1                                                                                                                                            804E187D 1 Byte  [E9]
.text           ntkrnlpa.exe!CcRepinBcb + 1EC                                                                                                                                            804E1898 1 Byte  [84]
.text           ntkrnlpa.exe!CcRepinBcb + 266                                                                                                                                            804E1912 1 Byte  [06]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!CcScheduleReadAhead + 1B0                                                                                                                                   804E1DBA 1 Byte  [82]
.text           ntkrnlpa.exe!CcScheduleReadAhead + 214                                                                                                                                   804E1E1E 3 Bytes  CALL 80541E1D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!CcScheduleReadAhead + 230                                                                                                                                   804E1E3A 1 Byte  [DE]
.text           ntkrnlpa.exe!CcScheduleReadAhead + 255                                                                                                                                   804E1E5F 2 Bytes  CALL 80522961 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!CcScheduleReadAhead + 2C3                                                                                                                                   804E1ECD 1 Byte  [DF]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!CcUnpinRepinnedBcb + 2B                                                                                                                                     804E2A67 1 Byte  [1D]
.text           ntkrnlpa.exe!CcUnpinRepinnedBcb + 3B                                                                                                                                     804E2A77 1 Byte  [C5]
.text           ntkrnlpa.exe!CcUnpinRepinnedBcb + 5E                                                                                                                                     804E2A9A 2 Bytes  CALL 8050CC99 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!CcUnpinRepinnedBcb + 116                                                                                                                                    804E2B52 1 Byte  [7C]
.text           ntkrnlpa.exe!CcUnpinRepinnedBcb + 194                                                                                                                                    804E2BD0 1 Byte  [4C]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!CcFlushCache + F5                                                                                                                                           804E3621 1 Byte  [8B]
.text           ntkrnlpa.exe!CcFlushCache + 10E                                                                                                                                          804E363A 1 Byte  [72]
.text           ntkrnlpa.exe!CcFlushCache + 12A                                                                                                                                          804E3656 1 Byte  [E6]
.text           ntkrnlpa.exe!CcFlushCache + 1C9                                                                                                                                          804E36F5 1 Byte  [9F]
.text           ntkrnlpa.exe!CcFlushCache + 2FB                                                                                                                                          804E3827 1 Byte  [15]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!CcSetAdditionalCacheAttributes + 11A                                                                                                                        804E3F62 1 Byte  [F0]
.text           ntkrnlpa.exe!CcGetDirtyPages + 8                                                                                                                                         804E3F98 1 Byte  [84]
.text           ntkrnlpa.exe!CcGetDirtyPages + 1B3                                                                                                                                       804E4143 1 Byte  [14]
.text           ntkrnlpa.exe!CcGetDirtyPages + 1BE                                                                                                                                       804E414E 2 Bytes  CALL 8053584C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!CcGetFileObjectFromBcb + D3                                                                                                                                 804E4755 1 Byte  [19]
.text           ntkrnlpa.exe!CcGetFileObjectFromBcb + DB                                                                                                                                 804E475D 1 Byte  [11]
.text           ntkrnlpa.exe!CcInitializeCacheMap + B9                                                                                                                                   804E48A1 1 Byte  [9B]
.text           ntkrnlpa.exe!CcInitializeCacheMap + 100                                                                                                                                  804E48E8 1 Byte  [B4]
.text           ntkrnlpa.exe!CcInitializeCacheMap + 10C                                                                                                                                  804E48F4 1 Byte  [A8]
.text           ntkrnlpa.exe!CcInitializeCacheMap + 19E                                                                                                                                  804E4986 1 Byte  [D6]
.text           ntkrnlpa.exe!CcInitializeCacheMap + 231                                                                                                                                  804E4A19 1 Byte  [83]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!CcUninitializeCacheMap + EB                                                                                                                                 804E4E2F 1 Byte  [67]
.text           ntkrnlpa.exe!CcPurgeCacheSection + D0                                                                                                                                    804E502E 1 Byte  [06]
.text           ntkrnlpa.exe!CcPurgeCacheSection + E7                                                                                                                                    804E5045 1 Byte  [43]
.text           ntkrnlpa.exe!CcPurgeCacheSection + 2C0                                                                                                                                   804E521E 2 Bytes  CALL 80537F21 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!CcPurgeCacheSection + 394                                                                                                                                   804E52F2 1 Byte  [4A]
.text           ntkrnlpa.exe!CcPurgeCacheSection + 3BA                                                                                                                                   804E5318 1 Byte  [7C]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!CcSetFileSizes + 11C                                                                                                                                        804E5458 2 Bytes  CALL 80542B41 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!CcSetFileSizes + 2A3                                                                                                                                        804E55DF 1 Byte  [B5]
.text           ntkrnlpa.exe!CcSetFileSizes + 306                                                                                                                                        804E5642 1 Byte  [D8]
.text           ntkrnlpa.exe!CcSetFileSizes + 321                                                                                                                                        804E565D 1 Byte  [37]
.text           ntkrnlpa.exe!CcSetFileSizes + 3C3                                                                                                                                        804E56FF 1 Byte  [3D]
.text           ntkrnlpa.exe!CcMdlWriteAbort + 2D                                                                                                                                        804E574D 1 Byte  [CD]
.text           ntkrnlpa.exe!CcPrepareMdlWrite + 8                                                                                                                                       804E57D0 1 Byte  [4C]
.text           ntkrnlpa.exe!CcPrepareMdlWrite + 157                                                                                                                                     804E591F 1 Byte  [1D]
.text           ntkrnlpa.exe!CcPrepareMdlWrite + 186                                                                                                                                     804E594E 1 Byte  [68]
.text           ntkrnlpa.exe!CcPrepareMdlWrite + 226                                                                                                                                     804E59EE 1 Byte  [69]
.text           ntkrnlpa.exe!CcPrepareMdlWrite + 237                                                                                                                                     804E59FF 1 Byte  [48]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!CcWaitForCurrentLazyWriterActivity + 1F                                                                                                                     804E5C0B 1 Byte  [0D]
.text           ntkrnlpa.exe!CcWaitForCurrentLazyWriterActivity + 38                                                                                                                     804E5C24 2 Bytes  CALL 80541E1D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!CcWaitForCurrentLazyWriterActivity + DF                                                                                                                     804E5CCB 1 Byte  [51]
.text           ntkrnlpa.exe!CcWaitForCurrentLazyWriterActivity + 13D                                                                                                                    804E5D29 1 Byte  [2E]
.text           ntkrnlpa.exe!CcWaitForCurrentLazyWriterActivity + 359                                                                                                                    804E5F45 1 Byte  [D3]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!ExFreeToPagedLookasideList + 24                                                                                                                             804E7A92 1 Byte  [A6]
.text           ntkrnlpa.exe!ExFreeToPagedLookasideList + BF                                                                                                                             804E7B2D 1 Byte  [CF]
.text           ntkrnlpa.exe!ExFreeToPagedLookasideList + DA                                                                                                                             804E7B48 1 Byte  [32]
.text           ntkrnlpa.exe!FsRtlRegisterFileSystemFilterCallbacks + 1BA                                                                                                                804E7D46 1 Byte  [28]
.text           ntkrnlpa.exe!FsRtlRegisterFileSystemFilterCallbacks + 242                                                                                                                804E7DCE 1 Byte  [B6]
.text           ntkrnlpa.exe!FsRtlRegisterFileSystemFilterCallbacks + 249                                                                                                                804E7DD5 1 Byte  [F5]
.text           ntkrnlpa.exe!FsRtlRegisterFileSystemFilterCallbacks + 284                                                                                                                804E7E10 1 Byte  [50]
.text           ntkrnlpa.exe!FsRtlRegisterFileSystemFilterCallbacks + 29D                                                                                                                804E7E29 1 Byte  [A1]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!ExAllocateFromPagedLookasideList + F                                                                                                                        804E80F9 1 Byte  [1F]
.text           ntkrnlpa.exe!FsRtlLookupLastLargeMcbEntry + 8                                                                                                                            804E8122 2 Bytes  CALL 80537F21 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!FsRtlLookupLastLargeMcbEntry + 83                                                                                                                           804E819D 1 Byte  [BA]
.text           ntkrnlpa.exe!FsRtlLookupLastLargeMcbEntryAndIndex + 8                                                                                                                    804E81BE 1 Byte  [5E]
.text           ntkrnlpa.exe!FsRtlLookupLastLargeMcbEntryAndIndex + A4                                                                                                                   804E825A 2 Bytes  CALL 80537F5C \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!FsRtlGetNextLargeMcbEntry + 8                                                                                                                               804E82A4 1 Byte  [78]
.text           ntkrnlpa.exe!FsRtlGetNextLargeMcbEntry + 9A                                                                                                                              804E8336 1 Byte  [21]
.text           ntkrnlpa.exe!FsRtlGetNextLargeMcbEntry + 1CC                                                                                                                             804E8468 1 Byte  [C4]
.text           ntkrnlpa.exe!FsRtlGetNextLargeMcbEntry + 211                                                                                                                             804E84AD 1 Byte  [7F]
.text           ntkrnlpa.exe!FsRtlInitializeLargeMcb + 8                                                                                                                                 804E8566 1 Byte  [B6]
.text           ntkrnlpa.exe!FsRtlInitializeLargeMcb + 91                                                                                                                                804E85EF 1 Byte  [68]
.text           ntkrnlpa.exe!FsRtlInitializeLargeMcb + 9B                                                                                                                                804E85F9 1 Byte  [4E]
.text           ntkrnlpa.exe!FsRtlTruncateLargeMcb + 8                                                                                                                                   804E8670 1 Byte  [AC]
.text           ntkrnlpa.exe!FsRtlTruncateLargeMcb + 124                                                                                                                                 804E878C 1 Byte  [CB]
.text           ntkrnlpa.exe!FsRtlAddLargeMcbEntry + 8                                                                                                                                   804E87AC 1 Byte  [70]
.text           ntkrnlpa.exe!FsRtlAddLargeMcbEntry + 487                                                                                                                                 804E8C2B 1 Byte  [2C]
.text           ntkrnlpa.exe!FsRtlLookupLargeMcbEntry + 8                                                                                                                                804E8C4C 1 Byte  [D0]
.text           ntkrnlpa.exe!FsRtlLookupLargeMcbEntry + DD                                                                                                                               804E8D21 1 Byte  [36]
.text           ntkrnlpa.exe!FsRtlSplitLargeMcb + 8                                                                                                                                      804E8D42 1 Byte  [DA]
.text           ntkrnlpa.exe!FsRtlSplitLargeMcb + 155                                                                                                                                    804E8E8F 1 Byte  [C8]
.text           ntkrnlpa.exe!FsRtlRemoveMcbEntry + 8                                                                                                                                     804E920A 1 Byte  [12]
.text           ntkrnlpa.exe!FsRtlRemoveMcbEntry + 34                                                                                                                                    804E9236 1 Byte  [21]
.text           ntkrnlpa.exe!FsRtlRemoveLargeMcbEntry + 8                                                                                                                                804E92AE 1 Byte  [6E]
.text           ntkrnlpa.exe!FsRtlRemoveLargeMcbEntry + 34                                                                                                                               804E92DA 1 Byte  [7D]
.text           ntkrnlpa.exe!FsRtlGetNextFileLock + CC                                                                                                                                   804E96A8 1 Byte  [B8]
.text           ntkrnlpa.exe!FsRtlGetNextFileLock + D8                                                                                                                                   804E96B4 1 Byte  [AC]
.text           ntkrnlpa.exe!FsRtlGetNextFileLock + 123                                                                                                                                  804E96FF 1 Byte  [61]
.text           ntkrnlpa.exe!FsRtlGetNextFileLock + 199                                                                                                                                  804E9775 1 Byte  [EB]
.text           ntkrnlpa.exe!FsRtlGetNextFileLock + 24C                                                                                                                                  804E9828 2 Bytes  CALL 80529729 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!FsRtlFastCheckLockForWrite + 137                                                                                                                            804E9B01 1 Byte  [5F]
.text           ntkrnlpa.exe!FsRtlFastCheckLockForWrite + 1C6                                                                                                                            804E9B90 1 Byte  [94]
.text           ntkrnlpa.exe!FsRtlFastCheckLockForWrite + 20B                                                                                                                            804E9BD5 1 Byte  [4F]
.text           ntkrnlpa.exe!FsRtlFastCheckLockForWrite + 28C                                                                                                                            804E9C56 1 Byte  [0A]
.text           ntkrnlpa.exe!FsRtlFastCheckLockForWrite + 2A6                                                                                                                            804E9C70 1 Byte  [B4]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!FsRtlUninitializeFileLock + 49                                                                                                                              804E9E73 1 Byte  [07]
.text           ntkrnlpa.exe!FsRtlUninitializeFileLock + 62                                                                                                                              804E9E8C 1 Byte  [EE]
.text           ntkrnlpa.exe!FsRtlCheckLockForWriteAccess + 1FF                                                                                                                          804EA21F 1 Byte  [41]
.text           ntkrnlpa.exe!FsRtlCheckLockForWriteAccess + 372                                                                                                                          804EA392 1 Byte  [6A]
.text           ntkrnlpa.exe!FsRtlCheckLockForWriteAccess + 4BF                                                                                                                          804EA4DF 1 Byte  [81]
.text           ntkrnlpa.exe!FsRtlCheckLockForWriteAccess + 4EE                                                                                                                          804EA50E 1 Byte  [EE]
.text           ntkrnlpa.exe!FsRtlCheckLockForWriteAccess + 5E1                                                                                                                          804EA601 1 Byte  [23]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!FsRtlFastUnlockSingle + 1F3                                                                                                                                 804EAA29 1 Byte  [33]
.text           ntkrnlpa.exe!FsRtlFastUnlockSingle + 23B                                                                                                                                 804EAA71 2 Bytes  CALL 80522B73 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!FsRtlFastUnlockSingle + 2D7                                                                                                                                 804EAB0D 1 Byte  [53]
.text           ntkrnlpa.exe!FsRtlFastUnlockSingle + 3F3                                                                                                                                 804EAC29 1 Byte  [D3]
.text           ntkrnlpa.exe!FsRtlFastUnlockSingle + 44E                                                                                                                                 804EAC84 1 Byte  [DC]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!FsRtlPrivateLock + 8                                                                                                                                        804EAE4A 1 Byte  [D2]
.text           ntkrnlpa.exe!FsRtlPrivateLock + EC                                                                                                                                       804EAF2E 1 Byte  [0E]
.text           ntkrnlpa.exe!FsRtlPrivateLock + 18E                                                                                                                                      804EAFD0 1 Byte  [6C]
.text           ntkrnlpa.exe!FsRtlPrivateLock + 1AB                                                                                                                                      804EAFED 1 Byte  [6A]
.text           ntkrnlpa.exe!FsRtlPrivateLock + 1C5                                                                                                                                      804EB007 1 Byte  [40]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!FsRtlAllocatePool + 22                                                                                                                                      804EB1CE 1 Byte  [6E]
.text           ntkrnlpa.exe!FsRtlAllocatePoolWithQuota + 12                                                                                                                             804EB1F0 1 Byte  [EA]
.text           ntkrnlpa.exe!FsRtlAllocatePoolWithQuota + 22                                                                                                                             804EB200 1 Byte  [3C]
.text           ntkrnlpa.exe!FsRtlAllocatePoolWithTag + 20                                                                                                                               804EB230 1 Byte  [0C]
.text           ntkrnlpa.exe!FsRtlAllocatePoolWithQuotaTag + 10                                                                                                                          804EB250 1 Byte  [8A]
.text           ntkrnlpa.exe!FsRtlAllocatePoolWithQuotaTag + 20                                                                                                                          804EB260 1 Byte  [DC]
.text           ntkrnlpa.exe!FsRtlNormalizeNtstatus + 35                                                                                                                                 804EB2D1 1 Byte  [9D]
.text           ntkrnlpa.exe!FsRtlNormalizeNtstatus + 9A                                                                                                                                 804EB336 1 Byte  [E6]
.text           ntkrnlpa.exe!FsRtlNormalizeNtstatus + 11B                                                                                                                                804EB3B7 1 Byte  [A0]
.text           ntkrnlpa.exe!FsRtlUninitializeOplock + 8                                                                                                                                 804EB444 1 Byte  [D8]
.text           ntkrnlpa.exe!FsRtlUninitializeOplock + 23                                                                                                                                804EB45F 1 Byte  [A1]
.text           ntkrnlpa.exe!FsRtlUninitializeOplock + D5                                                                                                                                804EB511 1 Byte  [5D]
.text           ntkrnlpa.exe!FsRtlUninitializeOplock + 13A                                                                                                                               804EB576 2 Bytes  CALL 80522B73 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!FsRtlUninitializeOplock + 15A                                                                                                                               804EB596 1 Byte  [C1]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!FsRtlCreateSectionForDataScan + CA                                                                                                                          804EC6F2 1 Byte  [AA]
.text           ntkrnlpa.exe!FsRtlCreateSectionForDataScan + 103                                                                                                                         804EC72B 1 Byte  [71]
.text           ntkrnlpa.exe!FsRtlCreateSectionForDataScan + 150                                                                                                                         804EC778 1 Byte  [E4]
.text           ntkrnlpa.exe!FsRtlCreateSectionForDataScan + 194                                                                                                                         804EC7BC 1 Byte  [B2]
.text           ntkrnlpa.exe!FsRtlIsPagingFile + 7                                                                                                                                       804EC98F 1 Byte  [07]
.text           ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + D4                                                                                                                        804ECB4C 1 Byte  [D0]
.text           ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 123                                                                                                                       804ECB9B 1 Byte  [65]
.text           ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 186                                                                                                                       804ECBFE 1 Byte  [74]
.text           ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 1E3                                                                                                                       804ECC5B 1 Byte  [17]
.text           ntkrnlpa.exe!FsRtlInsertPerFileObjectContext + 21C                                                                                                                       804ECC94 1 Byte  [A2]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!HalExamineMBR + 1BE                                                                                                                                         804ED1BC 1 Byte  [80]
.text           ntkrnlpa.exe!HalExamineMBR + 1CA                                                                                                                                         804ED1C8 1 Byte  [74]
.text           ntkrnlpa.exe!IoReadDiskSignature + 113                                                                                                                                   804ED3A7 1 Byte  [25]
.text           ntkrnlpa.exe!IoReadDiskSignature + 133                                                                                                                                   804ED3C7 1 Byte  [15]
.text           ntkrnlpa.exe!InbvEnableBootDriver + 26                                                                                                                                   804ED406 1 Byte  [12]
.text           ntkrnlpa.exe!InbvResetDisplay + 15                                                                                                                                       804ED471 1 Byte  [B3]
.text           ntkrnlpa.exe!InbvResetDisplay + 3D                                                                                                                                       804ED499 1 Byte  [97]
.text           ntkrnlpa.exe!InbvResetDisplay + 63                                                                                                                                       804ED4BF 1 Byte  [7D]
.text           ntkrnlpa.exe!InbvResetDisplay + 96                                                                                                                                       804ED4F2 1 Byte  [56]
.text           ntkrnlpa.exe!InbvSolidColorFill + 31                                                                                                                                     804ED535 1 Byte  [1F]
.text           ntkrnlpa.exe!InbvSolidColorFill + 66                                                                                                                                     804ED56A 1 Byte  [F2]
.text           ntkrnlpa.exe!InbvSolidColorFill + 71                                                                                                                                     804ED575 1 Byte  [E7]
.text           ntkrnlpa.exe!InbvSetTextColor + 51                                                                                                                                       804ED5DB 1 Byte  [81]
.text           ntkrnlpa.exe!InbvSetTextColor + 57                                                                                                                                       804ED5E1 1 Byte  [7F]
.text           ntkrnlpa.exe!InbvDisplayString + 38                                                                                                                                      804ED63E 1 Byte  [2E]
.text           ntkrnlpa.exe!InbvDisplayString + 57                                                                                                                                      804ED65D 2 Bytes  CALL 80534D61 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!InbvDisplayString + FA                                                                                                                                      804ED700 1 Byte  [54]
.text           ntkrnlpa.exe!InbvNotifyDisplayOwnershipLost + 1D                                                                                                                         804ED78B 1 Byte  [8D]
.text           ntkrnlpa.exe!InbvSetScrollRegion + 7                                                                                                                                     804ED82F 1 Byte  [55]
.text           ntkrnlpa.exe!InbvSetScrollRegion + 360                                                                                                                                   804EDB88 1 Byte  [A8]
.text           ntkrnlpa.exe!InbvSetScrollRegion + 372                                                                                                                                   804EDB9A 1 Byte  [96]
.text           ntkrnlpa.exe!InbvSetScrollRegion + 384                                                                                                                                   804EDBAC 1 Byte  [84]
.text           ntkrnlpa.exe!InbvSetScrollRegion + 390                                                                                                                                   804EDBB8 1 Byte  [9C]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!IoCreateStreamFileObjectEx + 72                                                                                                                             804EE28A 1 Byte  [B2]
.text           ntkrnlpa.exe!IoCreateStreamFileObjectEx + DC                                                                                                                             804EE2F4 1 Byte  [48]
.text           ntkrnlpa.exe!IoCreateStreamFileObjectEx + 114                                                                                                                            804EE32C 1 Byte  [42]
.text           ntkrnlpa.exe!IoFreeIrp + EE                                                                                                                                              804EE4F2 1 Byte  [C8]
.text           ntkrnlpa.exe!IoFreeIrp + F7                                                                                                                                              804EE4FB 1 Byte  [3D]
.text           ntkrnlpa.exe!IoFreeMdl + 14                                                                                                                                              804EE528 1 Byte  [6C]
.text           ntkrnlpa.exe!IoFreeMdl + 60                                                                                                                                              804EE574 1 Byte  [C4]
.text           ntkrnlpa.exe!IoGetAttachedDeviceReference + 1C                                                                                                                           804EE5C4 1 Byte  [98]
.text           ntkrnlpa.exe!IoMakeAssociatedIrp + 61                                                                                                                                    804EE92F 2 Bytes  CALL 80541E1D \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!IoMakeAssociatedIrp + 7E                                                                                                                                    804EE94C 1 Byte  [CC] {INT 3 }
.text           ntkrnlpa.exe!IoMakeAssociatedIrp + 1AF                                                                                                                                   804EEA7D 1 Byte  [19]
.text           ntkrnlpa.exe!IoQueueThreadIrp + 46                                                                                                                                       804EEB86 1 Byte  [96]
.text           ntkrnlpa.exe!IoQueueThreadIrp + C6                                                                                                                                       804EEC06 1 Byte  [51]
.text           ntkrnlpa.exe!IoRaiseHardError + DE                                                                                                                                       804EECF0 1 Byte  [6C]
.text           ntkrnlpa.exe!IoRaiseInformationalHardError + 219                                                                                                                         804EEF19 1 Byte  [43]
.text           ntkrnlpa.exe!IoWriteErrorLogEntry + 1F                                                                                                                                   804EF465 1 Byte  [09]
.text           ntkrnlpa.exe!IoWriteErrorLogEntry + 2B                                                                                                                                   804EF471 2 Bytes  CALL 80522B73 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!IoWriteErrorLogEntry + A4                                                                                                                                   804EF4EA 1 Byte  [72]
.text           ntkrnlpa.exe!IoGetRequestorSessionId + 16                                                                                                                                804EF54C 1 Byte  [46]
.text           ntkrnlpa.exe!IoGetRequestorSessionId + 5C                                                                                                                                804EF592 1 Byte  [A6]
.text           ntkrnlpa.exe!IoGetRequestorSessionId + 8A                                                                                                                                804EF5C0 1 Byte  [78]
.text           ntkrnlpa.exe!IoGetRequestorSessionId + B8                                                                                                                                804EF5EE 1 Byte  [4A]
.text           ntkrnlpa.exe!IoGetRequestorSessionId + D9                                                                                                                                804EF60F 1 Byte  [29]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!IoGetLowerDeviceObject + 2C                                                                                                                                 804EF808 1 Byte  [54]
.text           ntkrnlpa.exe!IoEnumerateDeviceObjectList + 4F                                                                                                                            804EF871 1 Byte  [EB]
.text           ntkrnlpa.exe!IoGetDeviceAttachmentBaseRef + 1C                                                                                                                           804EF8B4 1 Byte  [A8]
.text           ntkrnlpa.exe!IoGetDiskDeviceObject + 51                                                                                                                                  804EF91F 1 Byte  [3D]
.text           ntkrnlpa.exe!IoSetSystemPartition + 20                                                                                                                                   804EF98C 1 Byte  [EC]
.text           ntkrnlpa.exe!IoAllocateController + CA                                                                                                                                   804EFCBC 1 Byte  [A0]
.text           ntkrnlpa.exe!IoAllocateController + D6                                                                                                                                   804EFCC8 1 Byte  [94]
.text           ntkrnlpa.exe!IoFreeErrorLogEntry + 14                                                                                                                                    804EFD16 1 Byte  [58]
.text           ntkrnlpa.exe!IoFreeErrorLogEntry + 20                                                                                                                                    804EFD22 1 Byte  [4C]
.text           ntkrnlpa.exe!IoFreeErrorLogEntry + 52                                                                                                                                    804EFD54 1 Byte  [C8]
.text           ntkrnlpa.exe!IoFreeErrorLogEntry + DC                                                                                                                                    804EFDDE 1 Byte  [3A]
.text           ntkrnlpa.exe!IoFreeErrorLogEntry + F9                                                                                                                                    804EFDFB 1 Byte  [1D]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!IoAllocateMdl + 6D                                                                                                                                          804EFFA3 1 Byte  [75]
.text           ntkrnlpa.exe!IoAllocateMdl + 87                                                                                                                                          804EFFBD 1 Byte  [5B]
.text           ntkrnlpa.exe!IoBuildAsynchronousFsdRequest + 8                                                                                                                           804F01EA 1 Byte  [32]
.text           ntkrnlpa.exe!IoBuildAsynchronousFsdRequest + D5                                                                                                                          804F02B7 1 Byte  [A0]
.text           ntkrnlpa.exe!IoBuildAsynchronousFsdRequest + 10B                                                                                                                         804F02ED 1 Byte  [C9]
.text           ntkrnlpa.exe!IoBuildDeviceIoControlRequest + 8                                                                                                                           804F032A 2 Bytes  CALL 80537F21 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!IoBuildDeviceIoControlRequest + 108                                                                                                                         804F042A 1 Byte  [8C]
.text           ntkrnlpa.exe!IoBuildDeviceIoControlRequest + 1F3                                                                                                                         804F0515 1 Byte  [42]
.text           ntkrnlpa.exe!IoCancelIrp + 26C                                                                                                                                           804F07F0 1 Byte  [2A]
.text           ntkrnlpa.exe!IoGetRequestorProcessId + 6E                                                                                                                                804F09CC 1 Byte  [90]
.text           ntkrnlpa.exe!IoGetRequestorProcessId + DF                                                                                                                                804F0A3D 1 Byte  [31]
.text           ntkrnlpa.exe!IoQueueWorkItem + D                                                                                                                                         804F0B3F 1 Byte  [1D]
.text           ntkrnlpa.exe!IoQueueWorkItem + 22                                                                                                                                        804F0B54 1 Byte  [08]
.text           ntkrnlpa.exe!IoCsqRemoveIrp + B2                                                                                                                                         804F0DF0 1 Byte  [9C]
.text           ntkrnlpa.exe!IoCsqRemoveIrp + FE                                                                                                                                         804F0E3C 1 Byte  [50]
.text           ntkrnlpa.exe!IoCsqRemoveIrp + 24B                                                                                                                                        804F0F89 1 Byte  [B5]
.text           ntkrnlpa.exe!IoCsqRemoveIrp + 287                                                                                                                                        804F0FC5 1 Byte  [1F]
.text           ntkrnlpa.exe!IoCsqRemoveIrp + 2A2                                                                                                                                        804F0FE0 1 Byte  [68]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!KeCapturePersistentThreadState + 47                                                                                                                         804F18C1 1 Byte  [DB]
.text           ntkrnlpa.exe!KeCapturePersistentThreadState + 48C                                                                                                                        804F1D06 1 Byte  [86]
.text           ntkrnlpa.exe!KeCapturePersistentThreadState + 689                                                                                                                        804F1F03 1 Byte  [A5]
.text           ntkrnlpa.exe!KeCapturePersistentThreadState + 713                                                                                                                        804F1F8D 1 Byte  [83]
.text           ntkrnlpa.exe!KeCapturePersistentThreadState + 7B8                                                                                                                        804F2032 1 Byte  [6A]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!IoVolumeDeviceToDosName + BD                                                                                                                                804F2F89 1 Byte  [EF]
.text           ntkrnlpa.exe!IoVolumeDeviceToDosName + 288                                                                                                                               804F3154 1 Byte  [1A]
.text           ntkrnlpa.exe!IoVolumeDeviceToDosName + 540                                                                                                                               804F340C 1 Byte  [62]
.text           ntkrnlpa.exe!IoVolumeDeviceToDosName + 554                                                                                                                               804F3420 1 Byte  [4E]
.text           ntkrnlpa.exe!IoVolumeDeviceToDosName + 61B                                                                                                                               804F34E7 1 Byte  [CF]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!IoInvalidateDeviceState + 74                                                                                                                                804F4AE6 1 Byte  [76]
.text           ntkrnlpa.exe!IoInvalidateDeviceState + 91                                                                                                                                804F4B03 1 Byte  [59]
.text           ntkrnlpa.exe!IoRequestDeviceEject + 5F                                                                                                                                   804F4BE7 1 Byte  [9D]
.text           ntkrnlpa.exe!IoRequestDeviceEject + C4                                                                                                                                   804F4C4C 1 Byte  [14]
.text           ntkrnlpa.exe!IoReportTargetDeviceChangeAsynchronous + 3C                                                                                                                 804F4CBC 2 Bytes  CALL 80541EB1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!IoReportTargetDeviceChangeAsynchronous + 59                                                                                                                 804F4CD9 1 Byte  [D3]
.text           ntkrnlpa.exe!IoReportTargetDeviceChangeAsynchronous + 76                                                                                                                 804F4CF6 1 Byte  [B6]
.text           ntkrnlpa.exe!IoReportTargetDeviceChangeAsynchronous + CD                                                                                                                 804F4D4D 1 Byte  [0F]
.text           ntkrnlpa.exe!IoReportTargetDeviceChangeAsynchronous + 109                                                                                                                804F4D89 1 Byte  [D3]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!KdPowerTransition + 17                                                                                                                                      804F687F 1 Byte  [97]
.text           ntkrnlpa.exe!KdPowerTransition + 25                                                                                                                                      804F688D 1 Byte  [7D]
.text           ntkrnlpa.exe!KdPowerTransition + 3F                                                                                                                                      804F68A7 1 Byte  [4B]
.text           ntkrnlpa.exe!KdPowerTransition + 56                                                                                                                                      804F68BE 1 Byte  [64]
.text           ntkrnlpa.exe!KdPowerTransition + 6C                                                                                                                                      804F68D4 2 Bytes  JMP 8053CAD1 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!KdPollBreakIn + 3E                                                                                                                                          804F692C 1 Byte  [D0]
.text           ntkrnlpa.exe!KdPollBreakIn + 4D                                                                                                                                          804F693B 2 Bytes  CALL 8053AF33 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!KdPollBreakIn + 9D                                                                                                                                          804F698B 1 Byte  [A3]
.text           ntkrnlpa.exe!KdPollBreakIn + EA                                                                                                                                          804F69D8 1 Byte  [24]
.text           ntkrnlpa.exe!KdPollBreakIn + 1CA                                                                                                                                         804F6AB8 1 Byte  [24]
.text           ntkrnlpa.exe!KeSetDmaIoCoherency + 2A                                                                                                                                    804F6E78 1 Byte  [D4]
.text           ntkrnlpa.exe!KeLeaveCriticalRegion + 8E                                                                                                                                  804F6FDC 1 Byte  [8A]
.text           ntkrnlpa.exe!KeLeaveCriticalRegion + 20D                                                                                                                                 804F715B 2 Bytes  CALL 80541749 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!KeAcquireInterruptSpinLock + 19                                                                                                                             804F7339 1 Byte  [73]
.text           ntkrnlpa.exe!KeReleaseInterruptSpinLock + C                                                                                                                              804F7356 1 Byte  [66]
.text           ntkrnlpa.exe!KeReadStateEvent + 4A                                                                                                                                       804F73B6 1 Byte  [06]
.text           ntkrnlpa.exe!KeReadStateEvent + 57                                                                                                                                       804F73C3 1 Byte  [81]
.text           ntkrnlpa.exe!KeReadStateEvent + 10C                                                                                                                                      804F7478 1 Byte  [3E]
.text           ntkrnlpa.exe!KeReadStateEvent + 166                                                                                                                                      804F74D2 1 Byte  [E4]
.text           ntkrnlpa.exe!KeReadStateEvent + 21F                                                                                                                                      804F758B 1 Byte  [DF]
.text           ntkrnlpa.exe!KeDetachProcess + B5                                                                                                                                        804F7655 1 Byte  [33]
.text           ntkrnlpa.exe!KeDetachProcess + BD                                                                                                                                        804F765D 2 Bytes  CALL 80541749 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!KeUnstackDetachProcess + F3                                                                                                                                 804F775F 1 Byte  [29]
.text           ntkrnlpa.exe!KeUnstackDetachProcess + FB                                                                                                                                 804F7767 1 Byte  [DD]
.text           ntkrnlpa.exe!KeUnstackDetachProcess + 13F                                                                                                                                804F77AB 1 Byte  [1D]
.text           ntkrnlpa.exe!KeUnstackDetachProcess + 15B                                                                                                                                804F77C7 1 Byte  [7D]
.text           ntkrnlpa.exe!KeUnstackDetachProcess + 1E4                                                                                                                                804F7850 1 Byte  [C4]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!KeAttachProcess + D1                                                                                                                                        804F79AD 1 Byte  [97]
.text           ntkrnlpa.exe!KeStackAttachProcess + 96                                                                                                                                   804F7A6E 1 Byte  [AE]
.text           ntkrnlpa.exe!KeStackAttachProcess + AF                                                                                                                                   804F7A87 1 Byte  [D5]
.text           ntkrnlpa.exe!KeStackAttachProcess + 16D                                                                                                                                  804F7B45 1 Byte  [12]
.text           ntkrnlpa.exe!KeStackAttachProcess + 1C4                                                                                                                                  804F7B9C 1 Byte  [80]
.text           ntkrnlpa.exe!KeStackAttachProcess + 1D1                                                                                                                                  804F7BA9 1 Byte  [3B]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!KeDeregisterBugCheckCallback + 1B                                                                                                                           804F7E59 1 Byte  [73]
.text           ntkrnlpa.exe!KeDeregisterBugCheckCallback + 3C                                                                                                                           804F7E7A 1 Byte  [62]
.text           ntkrnlpa.exe!KeRegisterBugCheckCallback + 1A                                                                                                                             804F7EAE 1 Byte  [1E]
.text           ntkrnlpa.exe!KeRegisterBugCheckCallback + 72                                                                                                                             804F7F06 1 Byte  [D6]
.text           ntkrnlpa.exe!KeRegisterBugCheckCallback + 94                                                                                                                             804F7F28 3 Bytes  CALL 80537F21 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!KeRegisterBugCheckCallback + C9                                                                                                                             804F7F5D 1 Byte  [2F]
.text           ntkrnlpa.exe!KeRegisterBugCheckCallback + 129                                                                                                                            804F7FBD 1 Byte  [9A]
.text           ntkrnlpa.exe!KeDeregisterBugCheckReasonCallback + 1B                                                                                                                     804F7FE3 1 Byte  [E9]
.text           ntkrnlpa.exe!KeDeregisterBugCheckReasonCallback + 3C                                                                                                                     804F8004 1 Byte  [D8]
.text           ntkrnlpa.exe!KeRegisterBugCheckReasonCallback + 1B                                                                                                                       804F8039 1 Byte  [93]
.text           ntkrnlpa.exe!KeRegisterBugCheckReasonCallback + 64                                                                                                                       804F8082 1 Byte  [5A]
.text           ntkrnlpa.exe!KeRegisterBugCheckReasonCallback + 86                                                                                                                       804F80A4 1 Byte  [78]
.text           ntkrnlpa.exe!KeRegisterBugCheckReasonCallback + CF                                                                                                                       804F80ED 1 Byte  [9F]
.text           ntkrnlpa.exe!KeRegisterBugCheckReasonCallback + 110                                                                                                                      804F812E 1 Byte  [5E]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!KeReadStateTimer + 89                                                                                                                                       804F8D6D 1 Byte  [D7]
.text           ntkrnlpa.exe!KeCancelTimer + 2A                                                                                                                                          804F8DFC 1 Byte  [48]
.text           ntkrnlpa.exe!KeSetTimerEx + 5B                                                                                                                                           804F8E67 1 Byte  [61]
.text           ntkrnlpa.exe!KeSetTimerEx + 96                                                                                                                                           804F8EA2 1 Byte  [9A]
.text           ntkrnlpa.exe!KeSetTimerEx + AF                                                                                                                                           804F8EBB 1 Byte  [89]
.text           ntkrnlpa.exe!KeResetEvent + 19                                                                                                                                           804F8F21 1 Byte  [23]
.text           ntkrnlpa.exe!KePulseEvent + 2E                                                                                                                                           804F8F8A 1 Byte  [3E]
.text           ntkrnlpa.exe!KePulseEvent + 4E                                                                                                                                           804F8FAA 1 Byte  [9A]
.text           ntkrnlpa.exe!KeSetEvent + 43                                                                                                                                             804F8FFF 1 Byte  [6B]
.text           ntkrnlpa.exe!KeSetEvent + 54                                                                                                                                             804F9010 1 Byte  [B8]
.text           ntkrnlpa.exe!KeSetEvent + 70                                                                                                                                             804F902C 1 Byte  [18]
.text           ntkrnlpa.exe!KeSetEventBoostPriority + 39                                                                                                                                804F9077 1 Byte  [51]
.text           ntkrnlpa.exe!KeSetEventBoostPriority + 99                                                                                                                                804F90D7 1 Byte  [37]
.text           ntkrnlpa.exe!KeSetEventBoostPriority + A3                                                                                                                                804F90E1 1 Byte  [33]
.text           ntkrnlpa.exe!KeSetEventBoostPriority + AB                                                                                                                                804F90E9 1 Byte  [5B]
.text           ntkrnlpa.exe!KeInitializeInterrupt + 33                                                                                                                                  804F912B 1 Byte  [71]
.text           ntkrnlpa.exe!KeInitializeInterrupt + 6D                                                                                                                                  804F9165 1 Byte  [BA]
.text           ntkrnlpa.exe!KeInitializeInterrupt + 84                                                                                                                                  804F917C 1 Byte  [62]
.text           ntkrnlpa.exe!KeInitializeInterrupt + 8E                                                                                                                                  804F9186 1 Byte  [54]
.text           ntkrnlpa.exe!KeInitializeInterrupt + BA                                                                                                                                  804F91B2 1 Byte  [D6]
.text           ...                                                                                                                                                                     
.text           ntkrnlpa.exe!KeDisconnectInterrupt + 94                                                                                                                                  804F93DC 1 Byte  [68]
.text           ntkrnlpa.exe!KeConnectInterrupt + E9                                                                                                                                     804F94DB 1 Byte  [69]
.text           ntkrnlpa.exe!KeConnectInterrupt + 1BA                                                                                                                                    804F95AC 1 Byte  [0A]
.text           ntkrnlpa.exe!KeConnectInterrupt + 1DA                                                                                                                                    804F95CC 1 Byte  [C4]
.text           ntkrnlpa.exe!KeDelayExecutionThread + 90                                                                                                                                 804F9676 1 Byte  [CE] {INTO }
.text           ntkrnlpa.exe!KeDelayExecutionThread + 117                                                                                                                                804F96FD 1 Byte  [B9]
.text           ntkrnlpa.exe!KeDelayExecutionThread + 130                                                                                                                                804F9716 1 Byte  [7A]
.text           ntkrnlpa.exe!KeDelayExecutionThread + 1C5                                                                                                                                804F97AB 1 Byte  [F1] {INT1 }
.text           ntkrnlpa.exe!KeDelayExecutionThread + 26B                                                                                                                                804F9851 2 Bytes  CALL 80541749 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!KeWaitForMultipleObjects + AA                                                                                                                               804F9918 1 Byte  [2C]
.text           ntkrnlpa.exe!KeWaitForMultipleObjects + F4                                                                                                                               804F9962 2 Bytes  CALL 80541749 \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
.text           ntkrnlpa.exe!KeWaitForMultipleObjects + FE                                                                                                                               804F996C 1 Byte  [D0]
.text           ntkrnlpa.exe!KeWaitForMultipleObjects + 280                                                                                                                              804F9AEE 1 Byte  [AE]
.text           ntkrnlpa.exe!KeWaitForMultipleObjects + 2FF