Seasons Greetings to everyone here at CastleCops!!!

I believe I have a rootkit infection. Find below logs etc from prominent anti-malware apps:

HijackThis 1.99 Log:

Logfile of HijackThis v1.99.1
Scan saved at 1:16:36 PM, on 18/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Port Explorer\PortExplorer.exe
C:\Program Files\AceBIT\Password Depot 3\PasswordDepot.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\My Documents\Archive\Virus and Spyware Protection\Hijack This!\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {5F50A50A-0A0F-4F58-8B1C-62BC60F9B05A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Free Uploader Oe Integration] "C:\Program Files\Free Download Manager\FUM\fumoei.exe"
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in NewzCrawler - file://C:\Program Files\NewzCrawler\context.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra 'Tools' menuitem: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191177869343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191124102375
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

GMER 1.0.13 Log:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-18 00:07:13
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT 8A718020 ZwAllocateVirtualMemory
SSDT 8A79A378 ZwCreateKey
SSDT 8A6CBDA0 ZwCreateProcess
SSDT 8A6CBD28 ZwCreateProcessEx
SSDT 8A6CBB48 ZwCreateThread
SSDT 8A7370A8 ZwDeleteKey
SSDT 8A6CBE18 ZwDeleteValueKey
SSDT 8A6CB8F0 ZwQueueApcThread
SSDT 8A718F30 ZwReadVirtualMemory
SSDT 8A6F9290 ZwRenameKey
SSDT 8A6CB9E0 ZwSetContextThread
SSDT 8A6F9218 ZwSetInformationKey
SSDT 8A6CBC38 ZwSetInformationProcess
SSDT 8A6CBA58 ZwSetInformationThread
SSDT 8A6F91A0 ZwSetValueKey
SSDT 8A6CBBC0 ZwSuspendProcess
SSDT 8A6CB968 ZwSuspendThread
SSDT 8A6CBCB0 ZwTerminateProcess
SSDT 8A6CBAD0 ZwTerminateThread
SSDT 8A718FA8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

? System32\Drivers\IsDrv122.sys The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1484] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ F7, FB, C3, 83 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1992] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F2C1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1992] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A166F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1992] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A15F0 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1992] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A1634 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1992] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A157C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1992] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A15B6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1992] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A16AA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1992] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F31676 C:\WINDOWS\system32\IEFRAME.dll

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A718DC0
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A718EB8
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A718EB8
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A718DC0
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A718DC0
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A718EB8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A718EB8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A718DC0
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A718EB8
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A718DC0
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A718EB8
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8A718DC0
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8A718EB8

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BA8EAE40] SSFS0BB9.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [A65E8FE2] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [A65E8BEC] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [A65E93D4] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [A65E967A] amon.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [A65E967A] amon.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 8A3C4120
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 8A6ABDF8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 8A6434E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 8A3F1170
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 8A174170
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 88F13300
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 88F12300
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 88F11300
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 88F10300
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 88F0F300
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 88F0E300
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 88F0D300
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 88F0C300
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 88F0B300
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 88F0A300
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 88F09300
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 88F08300
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 88F07300
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 88F06300
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 88F05300
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 88F04300
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 88F03300
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 88F02300
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 88F01300
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 88F00300
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 88EFF300
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 88EFE300
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 88EFD300

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [A2375170] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [A237543C] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [A237557A] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [A2374FB2] IsDrv122.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [A2374FB2] IsDrv122.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 8A3C4120
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 8A6ABDF8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 8A6434E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 8A3F1170
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 8A174170
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 88F13300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 88F12300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 88F11300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 88F10300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 88F0F300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 88F0E300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 88F0D300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 88F0C300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 88F0B300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 88F0A300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 88F09300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 88F08300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 88F07300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 88F06300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 88F05300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 88F04300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 88F03300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 88F02300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 88F01300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 88F00300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 88EFF300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 88EFE300
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 88EFD300
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 8A3C4120
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 8A6ABDF8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 8A6434E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 8A3F1170
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 8A174170
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 88F13300
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 88F12300
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 88F11300
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 88F10300
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 88F0F300
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 88F0E300
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 88F0D300
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 88F0C300
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 88F0B300
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 88F0A300
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 88F09300
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 88F08300
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 88F07300
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 88F06300
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 88F05300
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 88F04300
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 88F03300
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 88F02300
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 88F01300
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 88F00300
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 88EFF300
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 88EFE300
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 88EFD300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 8A3C4120
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 8A6ABDF8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 8A6434E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 8A3F1170
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 8A174170
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 88F13300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 88F12300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 88F11300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 88F10300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 88F0F300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 88F0E300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 88F0D300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 88F0C300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 88F0B300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 88F0A300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 88F09300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 88F08300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 88F07300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 88F06300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 88F05300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 88F04300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 88F03300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 88F02300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 88F01300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 88F00300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 88EFF300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 88EFE300
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 88EFD300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 8A3C4120
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 8A6ABDF8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE 8A6434E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 8A3F1170
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 8A174170
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 88F13300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 88F12300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 88F11300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 88F10300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 88F0F300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 88F0E300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 88F0D300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 88F0C300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 88F0B300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL 88F0A300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL 88F09300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN 88F08300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 88F07300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP 88F06300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 88F05300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 88F04300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 88F03300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 88F02300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL 88F01300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 88F00300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 88EFF300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 88EFE300
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 88EFD300
Device \Driver\usb_rndisx \Device\{1C2136B4-CE83-4ED5-80EB-5736C6A0A5DD} IRP_MJ_PNP [A7548E8A] RNDISMPX.SYS

---- EOF - GMER 1.0.13 ----

RootkitRevealer 1.7 Sysinternals Log:

HKLM\SECURITY\Policy\Secrets\SAC* 9/30/2007 10:36 AM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 9/30/2007 10:36 AM 0 bytes Key name contains embedded nulls (*)

IceSword 1.22 Starup Log:

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon
"RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nwiz
"nwiz.exe" /install

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter
"RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nod32kui
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Kernel and Hardware Abstraction Layer
KHALMNPR.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP
"C:\Program Files\Analog Devices\Core\smax4pnp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMAX
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!1_pgaccount
"C:\Program Files\ProcessGuard\pgaccount.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
H/PC Connection Agent
"C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Free Uploader Oe Integration
"C:\Program Files\Free Download Manager\FUM\fumoei.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
!1_ProcessGuard_Startup
"C:\Program Files\ProcessGuard\procguard.exe" -minimize

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
desktop.ini

IceSword 1.22 Win32 Services Log:

Started Service:

Service Name:ALG Display Name:Application Layer Gateway Service
Service Name:AudioSrv Display Name:Windows Audio
Service Name:BITS Display Name:Background Intelligent Transfer Service
Service Name:Browser Display Name:Computer Browser
Service Name:COMSysApp Display Name:COM+ System Application
Service Name:CryptSvc Display Name:Cryptographic Services
Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
Service Name:DCSPGSRV Display Name:DiamondCS Process Guard Service v3.000
Service Name:Dhcp Display Name:DHCP Client
Service Name:dmserver Display Name:Logical Disk Manager
Service Name:Dnscache Display Name:DNS Client
Service Name:ehRecvr Display Name:Media Center Receiver Service
Service Name:ehSched Display Name:Media Center Scheduler Service
Service Name:ERSvc Display Name:Error Reporting Service
Service Name:Eventlog Display Name:Event Log
Service Name:EventSystem Display Name:COM+ Event System
Service Name:helpsvc Display Name:Help and Support
Service Name:HidServ Display Name:HID Input Service
Service Name:HTTPFilter Display Name:HTTP SSL
Service Name:lanmanserver Display Name:Server
Service Name:lanmanworkstation Display Name:Workstation
Service Name:LmHosts Display Name:TCP/IP NetBIOS Helper
Service Name:McrdSvc Display Name:Media Center Extender Service
Service Name:Netman Display Name:Network Connections
Service Name:Nla Display Name:Network Location Awareness (NLA)
Service Name:NOD32krn Display Name:NOD32 Kernel Service
Service Name:NVSvc Display Name:NVIDIA Display Driver Service
Service Name:PlugPlay Display Name:Plug and Play
Service Name:ProtectedStorage Display Name:Protected Storage
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:Schedule Display Name:Task Scheduler
Service Name:SENS Display Name:System Event Notification
Service Name:SharedAccess Display Name:Windows Firewall/Internet Connection Sharing (ICS)
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:Spooler Display Name:Print Spooler
Service Name:srservice Display Name:System Restore Service
Service Name:SSDPSRV Display Name:SSDP Discovery Service
Service Name:stisvc Display Name:Windows Image Acquisition (WIA)
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Themes
Service Name:TrkWks Display Name:Distributed Link Tracking Client
Service Name:W32Time Display Name:Windows Time
Service Name:WebClient Display Name:WebClient
Service Name:WebrootSpySweeperService Display Name:Webroot Spy Sweeper Engine
Service Name:winmgmt Display Name:Windows Management Instrumentation
Service Name:wscsvc Display Name:Security Center
Service Name:wuauserv Display Name:Automatic Updates


IceSword 1.22 Process Log:

Process:

System Idle Process
System
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ProcessGuard\DCSUserProt.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\IceSword122en\IceSword.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\AceBIT\Password Depot 3\PasswordDepot.exe


{u}IceSword 1.22 Port Log:{/U]

Port:

Protocol Local Address Foreign Address State PID PathName
TCP 127.0.0.1 : 1255 127.0.0.1 : 1254 ESTABLISHED 2192 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 1254 127.0.0.1 : 1255 ESTABLISHED 2192 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 10.53.43.102 : 1401 168.75.65.85 : 80 ESTABLISHED 2192 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 1257 127.0.0.1 : 1256 ESTABLISHED 2192 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 127.0.0.1 : 1256 127.0.0.1 : 1257 ESTABLISHED 2192 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 10.53.43.102 : 1392 74.208.14.106 : 80 ESTABLISHED 2192 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 10.53.43.102 : 1367 72.21.207.5 : 80 ESTABLISHED 2192 C:\Program Files\Mozilla Firefox\firefox.exe
TCP 0.0.0.0 : 445 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
TCP 0.0.0.0 : 135 0.0.0.0 : 0 LISTENING 1256 C:\WINDOWS\system32\svchost.exe
TCP 0.0.0.0 : 2869 0.0.0.0 : 0 LISTENING 924 C:\WINDOWS\system32\svchost.exe
TCP 127.0.0.1 : 7438 0.0.0.0 : 0 LISTENING 308 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
TCP 10.53.43.102 : 139 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
TCP 0.0.0.0 : 990 0.0.0.0 : 0 LISTENING 360 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
TCP 127.0.0.1 : 5679 0.0.0.0 : 0 LISTENING 308 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
TCP 127.0.0.1 : 1031 0.0.0.0 : 0 LISTENING 3008 C:\WINDOWS\system32\alg.exe
UDP 0.0.0.0 : 1062 * : * 1464 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 3776 * : * 1900 C:\WINDOWS\ehome\mcrdsvc.exe
UDP 10.53.43.102 : 138 * : * 4 NT OS Kernel
UDP 0.0.0.0 : 1055 * : * 1464 C:\WINDOWS\system32\svchost.exe
UDP 10.53.43.102 : 123 * : * 1412 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1059 * : * 1464 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1044 * : * 1464 C:\WINDOWS\system32\svchost.exe
UDP 127.0.0.1 : 1123 * : * 1412 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1331 * : * 1464 C:\WINDOWS\system32\svchost.exe
UDP 127.0.0.1 : 123 * : * 1412 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1056 * : * 1464 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1060 * : * 1464 C:\WINDOWS\system32\svchost.exe
UDP 10.53.43.102 : 1900 * : * 924 C:\WINDOWS\system32\svchost.exe
UDP 127.0.0.1 : 1124 * : * 2000 C:\WINDOWS\explorer.exe
UDP 0.0.0.0 : 1061 * : * 1464 C:\WINDOWS\system32\svchost.exe
UDP 127.0.0.1 : 1900 * : * 924 C:\WINDOWS\system32\svchost.exe
UDP 10.53.43.102 : 137 * : * 4 NT OS Kernel
UDP 0.0.0.0 : 445 * : * 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel


IceSword 1.22 Kernal Module Log:

Kernel Module:

\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
SSHRMD.SYS
SSFS0BB9.SYS
SSIDRV.SYS
\WINDOWS\SYSTEM32\Drivers\NDIS.SYS
\WINDOWS\SYSTEM32\Drivers\TDI.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
nvata.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
Mup.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\L8042Kbd.sys
\SystemRoot\System32\Drivers\sskbfd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\AnyDVD.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvnetbus.sys
\SystemRoot\system32\DRIVERS\NVNRM.SYS
\SystemRoot\system32\DRIVERS\NVSNPU.SYS
\SystemRoot\system32\DRIVERS\AVerBas.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\AmdLLD.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\AVerCap.sys
\SystemRoot\system32\DRIVERS\AVerTun.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\NVENETFD.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\AEAudio.sys
\SystemRoot\system32\drivers\Senfilt.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\system32\Drivers\nvport.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\drivers\nod32drv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\IrBus.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\dump_nvata.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\amon.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\procguard.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\MSPQM.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\??\C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS
\SystemRoot\system32\drivers\kmixer.sys
\WINDOWS\system32\ntdll.dll


IceSword 1.22 IDT Log:

IDT Base:0x8003F400 , IDT Limit:0x7FF
Index Selector:Offset Type DPL P bit
000 0008:805413F0 E 00 P
001 0008:8054156C E 00 P
002 0058:0000112E 5 00 P
003 0008:80541980 E 03 P
004 0008:80541B00 E 03 P
005 0008:80541C60 E 00 P
006 0008:80541DD4 E 00 P
007 0008:8054244C E 00 P
008 0050:00001188 5 00 P
009 0008:80542850 E 00 P
010 0008:80542970 E 00 P
011 0008:80542AB0 E 00 P
012 0008:80542D10 E 00 P
013 0008:80542FFC E 00 P
014 0008:805436F8 E 00 P
015 0008:80543A30 E 00 P
016 0008:80543B50 E 00 P
017 0008:80543C8C E 00 P
018 00A0:80543A30 5 00 P
019 0008:80543DF4 E 00 P
020 0008:80543A30 E 00 P
021 0008:80543A30 E 00 P
022 0008:80543A30 E 00 P
023 0008:80543A30 E 00 P
024 0008:80543A30 E 00 P
025 0008:80543A30 E 00 P
026 0008:80543A30 E 00 P
027 0008:80543A30 E 00 P
028 0008:80543A30 E 00 P
029 0008:80543A30 E 00 P
030 0008:80543A30 E 00 P
031 0008:806E410C E 00 P
032 0008:00000000 0 00 N
033 0008:00000000 0 00 N
034 0008:00000000 0 00 N
035 0008:00000000 0 00 N
036 0008:00000000 0 00 N
037 0008:00000000 0 00 N
038 0008:00000000 0 00 N
039 0008:00000000 0 00 N
040 0008:00000000 0 00 N
041 0008:00000000 0 00 N
042 0008:80540C1E E 03 P
043 0008:80540D20 E 03 P
044 0008:80540ED0 E 03 P
045 0008:8054185C E 03 P
046 0008:805406A1 E 03 P
047 0008:80543A30 E 00 P
048 0008:8053FD60 E 00 P
049 0008:8053FD6A E 00 P
050 0008:8053FD74 E 00 P
051 0008:8053FD7E E 00 P
052 0008:8053FD88 E 00 P
053 0008:8053FD92 E 00 P
054 0008:8053FD9C E 00 P
055 0008:806E3864 E 00 P
056 0008:8053FDB0 E 00 P
057 0008:8053FDBA E 00 P
058 0008:8053FDC4 E 00 P
059 0008:8053FDCE E 00 P
060 0008:8053FDD8 E 00 P
061 0008:806E4E2C E 00 P
062 0008:8053FDEC E 00 P
063 0008:8053FDF6 E 00 P
064 0008:8053FE00 E 00 P
065 0008:806E4C88 E 00 P
066 0008:8053FE14 E 00 P
067 0008:8053FE1E E 00 P
068 0008:8053FE28 E 00 P
069 0008:8053FE32 E 00 P
070 0008:8053FE3C E 00 P
071 0008:8053FE46 E 00 P
072 0008:8053FE50 E 00 P
073 0008:8053FE5A E 00 P
074 0008:8053FE64 E 00 P
075 0008:8053FE6E E 00 P
076 0008:8053FE78 E 00 P
077 0008:8053FE82 E 00 P
078 0008:8053FE8C E 00 P
079 0008:8053FE96 E 00 P
080 0008:806E393C E 00 P
081 0008:8053FEAA E 00 P
082 0008:8053FEB4 E 00 P
083 0008:8053FEBE E 00 P
084 0008:8053FEC8 E 00 P
085 0008:8053FED2 E 00 P
086 0008:8053FEDC E 00 P
087 0008:8053FEE6 E 00 P
088 0008:8053FEF0 E 00 P
089 0008:8053FEFA E 00 P
090 0008:8053FF04 E 00 P
091 0008:8053FF0E E 00 P
092 0008:8053FF18 E 00 P
093 0008:8053FF22 E 00 P
094 0008:8053FF2C E 00 P
095 0008:8053FF36 E 00 P
096 0008:8053FF40 E 00 P
097 0008:8053FF4A E 00 P
098 0008:8053FF54 E 00 P
099 0008:8A683BEC E 00 P
100 0008:8053FF68 E 00 P
101 0008:8053FF72 E

102 0008:8053FF7C E 00 P
103 0008:8053FF86 E 00 P
104 0008:8053FF90 E 00 P
105 0008:8053FF9A E 00 P
106 0008:8053FFA4 E 00 P
107 0008:8053FFAE E 00 P
108 0008:8053FFB8 E 00 P
109 0008:8053FFC2 E 00 P
110 0008:8053FFCC E 00 P
111 0008:8053FFD6 E 00 P
112 0008:8053FFE0 E 00 P
113 0008:8053FFEA E 00 P
114 0008:8053FFF4 E 00 P
115 0008:8A685BEC E 00 P
116 0008:80540008 E 00 P
117 0008:80540012 E 00 P
118 0008:8054001C E 00 P
119 0008:80540026 E 00 P
120 0008:80540030 E 00 P
121 0008:8054003A E 00 P
122 0008:80540044 E 00 P
123 0008:8054004E E 00 P
124 0008:80540058 E 00 P
125 0008:80540062 E 00 P
126 0008:8054006C E 00 P
127 0008:80540076 E 00 P
128 0008:80540080 E 00 P
129 0008:8054008A E 00 P
130 0008:80540094 E 00 P
131 0008:8A7333EC E 00 P
132 0008:805400A8 E 00 P
133 0008:805400B2 E 00 P
134 0008:805400BC E 00 P
135 0008:805400C6 E 00 P
136 0008:805400D0 E 00 P
137 0008:805400DA E 00 P
138 0008:805400E4 E 00 P
139 0008:805400EE E 00 P
140 0008:805400F8 E 00 P
141 0008:80540102 E 00 P
142 0008:8054010C E 00 P
143 0008:80540116 E 00 P
144 0008:80540120 E 00 P
145 0008:8054012A E 00 P
146 0008:88AC77E4 E 00 P
147 0008:8A3BB2A4 E 00 P
148 0008:89516BEC E 00 P
149 0008:80540152 E 00 P
150 0008:8054015C E 00 P
151 0008:80540166 E 00 P
152 0008:80540170 E 00 P
153 0008:8054017A E 00 P
154 0008:80540184 E 00 P
155 0008:8054018E E 00 P
156 0008:80540198 E 00 P
157 0008:805401A2 E 00 P
158 0008:805401AC E 00 P
159 0008:805401B6 E 00 P
160 0008:805401C0 E 00 P
161 0008:805401CA E 00 P
162 0008:805401D4 E 00 P
163 0008:805401DE E 00 P
164 0008:8A6CEBEC E 00 P
165 0008:805401F2 E 00 P
166 0008:805401FC E 00 P
167 0008:80540206 E 00 P
168 0008:80540210 E 00 P
169 0008:8054021A E 00 P
170 0008:80540224 E 00 P
171 0008:8054022E E 00 P
172 0008:80540238 E 00 P
173 0008:80540242 E 00 P
174 0008:8054024C E 00 P
175 0008:80540256 E 00 P
176 0008:80540260 E 00 P
177 0008:8A780104 E 00 P
178 0008:80540274 E 00 P
179 0008:8054027E E 00 P
180 0008:8A729B64 E 00 P
181 0008:80540292 E 00 P
182 0008:8054029C E 00 P
183 0008:805402A6 E 00 P
184 0008:805402B0 E 00 P
185 0008:805402BA E 00 P
186 0008:805402C4 E 00 P
187 0008:805402CE E 00 P
188 0008:805402D8 E 00 P
189 0008:805402E2 E 00 P
190 0008:805402EC E 00 P
191 0008:805402F6 E 00 P
192 0008:80540300 E 00 P
193 0008:806E3AC0 E 00 P
194 0008:80540314 E 00 P
195 0008:8054031E E 00 P
196 0008:80540328 E 00 P
197 0008:80540332 E 00 P
198 0008:8054033C E 00 P
199 0008:80540346 E 00 P
200 0008:80540350 E 00 P
201 0008:8054035A E 00 P
202 0008:80540364 E 00 P
203 0008:8054036E E 00 P
204 0008:80540378 E 00 P
205 0008:80540382 E 00 P
206 0008:8054038C E 00 P
207 0008:80540396 E 00 P
208 0008:805403A0 E 00 P
209 0008:806E2E54 E 00 P
210 0008:805403B4 E 00 P
211 0008:805403BE E 00 P
212 0008:805403C8 E 00 P
213 0008:805403D2 E 00 P
214 0008:805403DC E 00 P
215 0008:805403E6 E 00 P
216 0008:805403F0 E 00 P
217 0008:805403FA E 00 P
218 0008:80540404 E 00 P
219 0008:8054040E E 00 P
220 0008:80540418 E 00 P
221 0008:80540422 E 00 P
222 0008:8054042C E 00 P
223 0008:80540436 E 00 P
224 0008:80540440 E 00 P
225 0008:806E4048 E 00 P
226 0008:80540454 E 00 P
227 0008:806E3DAC E 00 P
228 0008:80540468 E 00 P
229 0008:80540472 E 00 P
230 0008:8054047C E 00 P
231 0008:80540486 E 00 P
232 0008:80540490 E 00 P
233 0008:8054049A E 00 P
234 0008:805404A4 E 00 P
235 0008:805404AE E 00 P
236 0008:805404B8 E 00 P
237 0008:805404C2 E 00 P
238 0008:805404C9 E 00 P
239 0008:805404D0 E 00 P
240 0008:805404D7 E 00 P
241 0008:805404DE E 00 P
242 0008:805404E5 E 00 P
243 0008:805404EC E 00 P
244 0008:805404F3 E 00 P
245 0008:805404FA E 00 P
246 0008:80540501 E 00 P
247 0008:80540508 E 00 P
248 0008:8054050F E 00 P
249 0008:80540516 E 00 P
250 0008:8054051D E 00 P
251 0008:80540524 E 00 P
252 0008:8054052B E 00 P
253 0008:806E45A8 E 00 P
254 0008:806E4748 E 00 P
255 0008:80540540 E 00 P


IceSword 1.22 GDT Log:

GDT Base:0xBAB44190 , GDT Limit:0x3FF

000 Reserved
008 Mem 00000000:FFFFFFFF(Base:Limit) P 0(DPL) 1011
010 Mem 00000000:FFFFFFFF(Base:Limit) P 0(DPL) 0011
01B Mem 00000000:FFFFFFFF(Base:Limit) P 3(DPL) 1011
023 Mem 00000000:FFFFFFFF(Base:Limit) P 3(DPL) 0011
028 Sys BAB40D70:000020AB(Base:Limit) P 0(DPL) B(type)
030 Mem BAB40000:00001FFF(Base:Limit) P 0(DPL) 0011
03B Mem 7FFDF000:00FFFFFF(Base:Limit) P 3(DPL) 0011
043 Mem 00000400:0000FFFF(Base:Limit) P 3(DPL) 0010
048 Reserved
050 Sys BAB43080:00000068(Base:Limit) P 0(DPL) 9(type)
058 Sys BAB430F0:00000068(Base:Limit) P 0(DPL) 9(type)
060 Mem 00022F30:0000FFFF(Base:Limit) P 0(DPL) 0011
068 Mem 000B8000:00003FFF(Base:Limit) P 0(DPL) 0010
070 Mem FFFF7000:000003FF(Base:Limit) P 0(DPL) 0010
078 Mem 80400000:0000FFFF(Base:Limit) P 0(DPL) 1010
080 Mem 80400000:0000FFFF(Base:Limit) P 0(DPL) 0010
088 Mem 00000000:00000000(Base:Limit) P 0(DPL) 0010
090 Reserved
098 Reserved
0A0 Sys 8A7A32D0:00000068(Base:Limit) P 0(DPL) 9(type)
0A8 Reserved
0B0 Reserved
0B8 Reserved
0C0 Reserved
0C8 Reserved
0D0 Reserved
0D8 Reserved
0E0 Mem BA948000:0000FFFF(Base:Limit) P 0(DPL) 1111
0E8 Mem 00000000:0000FFFF(Base:Limit) P 0(DPL) 0010
0F0 Mem 804FBE88:000003B7(Base:Limit) P 0(DPL) 1000
0F8 Mem 00000000:0000FFFF(Base:Limit) P 0(DPL) 0010
100 Mem BA958000:0FFFFFFF(Base:Limit) P 0(DPL) 0011
108 Mem BA958000:0FFFFFFF(Base:Limit) P 0(DPL) 0011
110 Mem BA958000:0FFFFFFF(Base:Limit) P 0(DPL) 0011
118 Reserved
120 Reserved
128 Reserved
130 Reserved
138 Reserved
140 Reserved
148 Reserved
150 Reserved
158 Reserved
160 Reserved
168 Reserved
170 Reserved
178 Reserved
180 Reserved
188 Reserved
190 Reserved
198 Reserved
1A0 Reserved
1A8 Reserved
1B0 Reserved
1B8 Reserved
1C0 Reserved
1C8 Reserved
1D0 Reserved
1D8 Reserved
1E0 Reserved
1E8 Reserved
1F0 Reserved
1F8 Reserved
200 Reserved
208 Reserved
210 Reserved
218 Reserved
220 Reserved
228 Reserved
230 Reserved
238 Reserved
240 Reserved
248 Reserved
250 Reserved
258 Reserved
260 Reserved
268 Reserved
270 Reserved
278 Reserved
280 Reserved
288 Reserved
290 Reserved
298 Reserved
2A0 Reserved
2A8 Reserved
2B0 Reserved
2B8 Reserved
2C0 Reserved
2C8 Reserved
2D0 Reserved
2D8 Reserved
2E0 Reserved
2E8 Reserved
2F0 Reserved
2F8 Reserved
300 Reserved
308 Reserved
310 Reserved
318 Reserved
320 Reserved
328 Reserved
330 Reserved
338 Reserved
340 Reserved
348 Reserved
350 Reserved
358 Reserved
360 Reserved
368 Reserved
370 Reserved
378 Reserved
380 Reserved
388 Reserved
390 Reserved
398 Reserved
3A0 Reserved
3A8 Reserved
3B0 Reserved
3B8 Reserved
3C0 Reserved
3C8 Reserved
3D0 Reserved
3D8 Reserved
3E0 Reserved
3E8 Reserved
3F0 Reserved
3F8 Reserved

The following are Logs from Windows Audits and make reference to some svchost issues... could be related...

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1004
Date: 18/12/2007
Time: 12:12:27 AM
User: N/A
Computer: HAL9000
Description:
Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 75 6e 6b 6e in unkn
0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
0038: 30 2e 30 20 61 74 20 6f 0.0 at o
0040: 66 66 73 65 74 20 30 30 ffset 00
0048: 30 30 30 30 30 30 000000


Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1004
Date: 18/12/2007
Time: 12:12:04 AM
User: N/A
Computer: HAL9000
Description:
Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0028: 20 69 6e 20 75 6e 6b 6e in unkn
0030: 6f 77 6e 20 30 2e 30 2e own 0.0.
0038: 30 2e 30 20 61 74 20 6f 0.0 at o
0040: 66 66 73 65 74 20 30 30 ffset 00
0048: 30 30 30 30 30 30 000000



Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 17/12/2007
Time: 10:08:06 PM
User: N/A
Computer: HAL9000
Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 20 30 2e ure 0.
0018: 30 2e 30 2e 30 20 69 6e 0.0.0 in
0020: 20 75 6e 6b 6e 6f 77 6e unknown
0028: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0030: 20 61 74 20 6f 66 66 73 at offs
0038: 65 74 20 30 30 30 30 30 et 00000
0040: 30 30 30 000


Then a whack of Dcom trying to start....

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 19/12/2007
Time: 5:22:32 PM
User: HAL9000\Administrator
Computer: HAL9000
Description:
DCOM got error "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. " attempting to start the service MDM with arguments "" in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


I'm not sure what I have here but I'm most certain it's not your average infection.


Solid-State

Greetings to you and Happy New Year!

I am not seeing evidence of a rootkit or malware in your logs. Maybe you can tell me what is causing you to believe you have a rootkit. What have your AV and antispyware scans revealed?

In IceSword, you only need to look at the Services and Process functions because red items indicate rootkit hidden components. The other functions are less cut and dry and there is no color-coding. If there were any red items under those functions that is what is important to note.

You are using an old version of HJT. The latest version that is packaged with an installer can be downloaded here,

The svchost error in your event log is the type that occurs when you receive the rather vague Windows message "Generic Host Process for Win32 Services has encountered a problem and needs to close". It is not that uncommon and as long as it doesn't happen repeatedly, I wouldn't get that worried about it. In your case, the message is not informative because it does not mention the DLL that failed instance of service host loaded, making it difficult to troubleshoot.

I can see from the list of services in your IceSword log that DCOM is running so that was a temporary problem,

One thing I noticed is that you are not running a third party firewall. Since the Windows firewall doesn't perform outbound filtering, it is important to use one that does. Additionally, a firewall that monitors outbound connection attempts, may alert you when your PC is trying to connect to a suspect site, which is very helpful information from a malware troubleshooting perspective. The firewall program access log can tell you if any malware processes are accessing the net, which most of the worst threats try to do.

Here are some highly regarded freeware firewall alternatives;
1. ZoneAlarm:
http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

2. Comodo Personal Firewall Free:
http://www.personalfirewall.comodo.com/

3. Sygate Personal Firewall Free:
http://www.majorgeeks.com/Sygate_Personal_Firewall_Free_d3356.html

_________________
Negster22 - MS MVP - Consumer Security 2006-2008