Jump to content

thehippestcat

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ok am currently doing the things you left for me to do. Also fixed the lack of internet connectivity by uninstalling the copy of Norton antivirus that I had. Works fine now, but can you suggest a good Antivirus/Firewall that I should get? Thanks for all the help in restoring my pc to a non infected state.
  2. SDFix: Version 1.240 Run by Compaq_Administrator on Mon 08/17/2009 at 11:12 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-18 00:06:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s0"=dword:28f6901a "s1"=dword:53d1e458 "s2"=dword:daa70ea3 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:43,d7,a0,f0,36,cd,ba,aa,74,d1,3d,4a,34,f0,1e,fe,fa,1d,32,71,fd,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,51,6d,e5,ca,0e,de,49,7d,61,b3,18,e6,cf,f1,cc,31,f7,.. "khjeh"=hex:68,5f,84,ee,ca,91,50,8d,ed,0e,af,79,3e,10,5e,b4,3b,1c,a5,73,55,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:4a,f4,94,82,29,8b,3d,01,11,64,b3,e5,3c,ab,8d,08,f4,96,c4,89,44,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:43,d7,a0,f0,36,cd,ba,aa,74,d1,3d,4a,34,f0,1e,fe,fa,1d,32,71,fd,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,51,6d,e5,ca,0e,de,49,7d,61,b3,18,e6,cf,f1,cc,31,f7,.. "khjeh"=hex:68,5f,84,ee,ca,91,50,8d,ed,0e,af,79,3e,10,5e,b4,3b,1c,a5,73,55,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:4a,f4,94,82,29,8b,3d,01,11,64,b3,e5,3c,ab,8d,08,f4,96,c4,89,44,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:d0,f8,3b,73,2c,0c,49,1e,ce,68,10,99,b3,a6,da,f5,3f,fd,dc,92,63,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,51,6d,e5,ca,0e,de,49,7d,61,b3,18,e6,cf,f1,cc,31,f7,.. "khjeh"=hex:68,5f,84,ee,ca,91,50,8d,ed,0e,af,79,3e,10,5e,b4,3b,1c,a5,73,55,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:4a,f4,94,82,29,8b,3d,01,11,64,b3,e5,3c,ab,8d,08,f4,96,c4,89,44,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DISCover.exe:*:Enabled:DISCover Drop & Play System" "C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub" "C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\DISC\\myFTP.exe:*:Enabled:DISCover FTP" "C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Documents and Settings\\Compaq_Administrator\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Compaq_Administrator\\Desktop\\utorrent.exe:*:Enabled:
  3. Ok I uninstalled all p2p related applications. Kapersky Scan Report -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, August 17, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, August 17, 2009 03:23:03 Records in database: 2638378 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan statistics: Objects scanned: 214424 Threats found: 6 Infected objects found: 14 Suspicious objects found: 0 Scan duration: 07:23:29 File name / Threat / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACccxyrpsxkyvhbod.sys.vir Infected: Rootkit.Win32.Agent.mih 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbutrpjbwhjwxvkm.dll.vir Infected: Packed.Win32.Tdss.m 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACdnkvlwtdevmmuxo.dll.vir Infected: Trojan.Win32.Tdss.anrc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACnohskbujudtsdll.dll.vir Infected: Trojan.Win32.Tdss.anrd 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACrpkequackhwxonr.dll.vir Infected: Packed.Win32.Tdss.m 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxadvnoltlvbjxcx.dll.vir Infected: Trojan.Win32.Tdss.anre 1 C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1207\A0204282.sys Infected: Rootkit.Win32.Agent.mih 1 C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1207\A0204283.dll Infected: Packed.Win32.Tdss.m 1 C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1207\A0204284.dll Infected: Trojan.Win32.Tdss.anrc 1 C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1207\A0204285.dll Infected: Packed.Win32.Tdss.m 1 C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1207\A0204286.dll Infected: Trojan.Win32.Tdss.anre 1 C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP1207\A0204287.dll Infected: Trojan.Win32.Tdss.anrd 1 D:\I386\Apps\APP15894\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1 D:\I386\Apps\APP15894\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1 Selected area has been scanned. === Root Repeal log ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/17 06:30 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: Image Path: Address: 0xF7517000 Size: 98304 File Visible: No Signed: - Status: - Name: Image Path: Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: 00000439 Image Path: \Driver\00000439 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF6E90000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7C15000 Size: 8192 File Visible: No Signed: - Status: - Name: giveio.sys Image Path: giveio.sys Address: 0xF7CAC000 Size: 1664 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF68EE000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "Vax347b.sys" at address 0xf75c0c58 #: 041 Function Name: NtCreateKey Status: Hooked by "PCTCore.sys" at address 0xf745c506 #: 045 Function Name: NtCreatePagingFile Status: Hooked by "Vax347b.sys" at address 0xf75b4c70 #: 047 Function Name: NtCreateProcess Status: Hooked by "PCTCore.sys" at address 0xf744b240 #: 048 Function Name: NtCreateProcessEx Status: Hooked by "PCTCore.sys" at address 0xf744b432 #: 063 Function Name: NtDeleteKey Status: Hooked by "PCTCore.sys" at address 0xf745ccc8 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "PCTCore.sys" at address 0xf745cf88 #: 071 Function Name: NtEnumerateKey Status: Hooked by "Vax347b.sys" at address 0xf75b54fe #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "Vax347b.sys" at address 0xf75c0d50 #: 119 Function Name: NtOpenKey Status: Hooked by "PCTCore.sys" at address 0xf745b3ec #: 160 Function Name: NtQueryKey Status: Hooked by "Vax347b.sys" at address 0xf75b551e #: 177 Function Name: NtQueryValueKey Status: Hooked by "Vax347b.sys" at address 0xf75c0ca6 #: 192 Function Name: NtRenameKey Status: Hooked by "PCTCore.sys" at address 0xf745d3ec #: 241 Function Name: NtSetSystemPowerState Status: Hooked by "Vax347b.sys" at address 0xf75c04f0 #: 247 Function Name: NtSetValueKey Status: Hooked by "PCTCore.sys" at address 0xf745c7b8 #: 257 Function Name: NtTerminateProcess Status: Hooked by "PCTCore.sys" at address 0xf744aef0 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x873895d0 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x86d4b710 Size: 11 Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x86cf10e8 Size: 15 Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_CLOSE] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_READ] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_WRITE] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_QUERY_EA] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_SET_EA] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_SHUTDOWN] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_CLEANUP] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_SET_SECURITY] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_POWER] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_SET_QUOTA] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: dtscsi, IRP_MJ_PNP] Process: System Address: 0x86e1dd50 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x86eb7438 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_READ] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x86ed8330 Size: 99 Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE] Process: System Address: 0x87389808 Size: 15 Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE] Process: System Address: 0x87389808 Size: 15 Object: Hidden Code [Driver: Disk, IRP_MJ_READ] Process: System Address: 0x87389808 Size: 15 Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE] Process: System Address: 0x87389808 Size: 15 Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x87389808 Size: 15 Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87389808 Size: 15 Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87389808 Size: 15 Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN] Process: System Address: 0x87389808 Size: 15 Object: Hidden Code [Driver: Disk, IRP_MJ_POWER] Process: System Address: 0x87389808 Size: 15 Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x87389808 Size: 15 Object: Hidden Code [Driver: Disk, IRP_MJ_PNP] Process: System Address: 0x87389808 Size: 15 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE] Process: System Address: 0x86d0fc88 Size: 15 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE] Process: System Address: 0x86d0fc88 Size: 15 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ] Process: System Address: 0x86d0fc88 Size: 15 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE] Process: System Address: 0x86d0fc88 Size: 15 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86d0fc88 Size: 15 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86d0fc88 Size: 15 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER] Process: System Address: 0x86d0fc88 Size: 15 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86d0fc88 Size: 15 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP] Process: System Address: 0x86d0fc88 Size: 15 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x873d4590 Size: 15 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x873d4590 Size: 15 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x873d4590 Size: 15 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x873d4590 Size: 15 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x873d4590 Size: 15 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x873d4590 Size: 15 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x873d4590 Size: 15 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x873d4590 Size: 15 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x873d4590 Size: 15 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x873d4590 Size: 15 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x873d4590 Size: 15 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x873d47c8 Size: 15 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x873d47c8 Size: 15 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x873d47c8 Size: 15 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x873d47c8 Size: 15 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x873d47c8 Size: 15 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x873d47c8 Size: 15 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x873d47c8 Size: 15 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x873d47c8 Size: 15 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x873d47c8 Size: 15 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x873d47c8 Size: 15 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x873d47c8 Size: 15 Object: Hidden Code [Driver: Vax347s, IRP_MJ_CREATE] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_CLOSE] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_READ] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_WRITE] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_EA] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_EA] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_SHUTDOWN] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_CLEANUP] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_SECURITY] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_POWER] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_SET_QUOTA] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: Vax347s, IRP_MJ_PNP] Process: System Address: 0x86edf5d8 Size: 99 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x86d74c88 Size: 15 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x86d74c88 Size: 15 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86d74c88 Size: 15 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86d74c88 Size: 15 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x86d74c88 Size: 15 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x86d74c88 Size: 15 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_CREATE] Process: System Address: 0x87389eb0 Size: 15 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_CLOSE] Process: System Address: 0x87389eb0 Size: 15 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x87389eb0 Size: 15 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x87389eb0 Size: 15 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_POWER] Process: System Address: 0x87389eb0 Size: 15 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x87389eb0 Size: 15 Object: Hidden Code [Driver: fasttx2k, IRP_MJ_PNP] Process: System Address: 0x87389eb0 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLOSE] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ] Process: System Address: 0x86cf3bf0 Size: 11 Object: Hidden Code [Driver: Rdbss, IRP_MJ_WRITE] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_EA] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_EA] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_SHUTDOWN] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLEANUP] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_SECURITY] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_POWER] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_QUOTA] Process: System Address: 0x86d4f7c8 Size: 15 Object: Hidden Code [Driver: Srv, IRP_MJ_READ] Process: System Address: 0x86b5bb18 Size: 11 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x86d53b28 Size: 11 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x86d4c838 Size: 15 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Addres==EOF==
  4. stop: 0x0000008e (0xC0000005, 0xBF8BC003, 0xF7812B94, 0x00000000 *** win32k.sys - Address BF8BC003 base at BF800000 DateStamp 49e87572 = RootRepeal txt log ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/16 12:04 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! === Also, I am still unable to connect to the Internet through the normal windows mode. In safe mode with networking I can, but not in normal mode. Its strange though, because under the network connections window, it shows LAN 6 (the adapter I use) as connected, and it is sending and receiving packets. Here is a log from the IE network connectivity diagnostic Last diagnostic run time: 08/16/09 20:55:20 Network Adapter Diagnostic Network location detection info Using home Internet connection Network adapter identification info Network connection: Name=Local Area Connection 3, Device=Realtek RTL8139/810x Family Fast Ethernet NIC, MediaType=LAN, SubMediaType=LAN info Network connection: Name=Local Area Connection 6, Device=D-Link DFE-530TX+ PCI Fast Ethernet Adapter (rev.F), MediaType=LAN, SubMediaType=LAN info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394 warn This machine has more than one Ethernet or more than one Wireless adapter info Redirecting user to support call HTTP, HTTPS, FTP Diagnostic HTTP, HTTPS, FTP connectivity warn FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established warn FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established warn HTTPS: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established warn HTTP: Error 12029 connecting to www.microsoft.com: A connection with the server could not be established warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established warn HTTP: Error 12029 connecting to www.hotmail.com: A connection with the server could not be established error Could not make an HTTP connection. error Could not make an HTTPS connection. error Could not make an FTP connection. I'll start the Kapersky scanner in safe mode and Post the results of that aas well as the other logs you needed ===
  5. all was going well, albeit slow. Started the Drweb scan around 10:45, and about 10 mins ago it was at close to 50% completion. Then sometime between now and then I got BSOD. Any thoughts on this matter?
  6. Apparently the log finished loading about 5 minutes after I posted that Anyways heres the completed Combofix log ComboFix 09-08-10.06 - Compaq_Administrator 08/15/2009 8:41.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.604 [GMT -4:00] Running from: c:\documents and settings\Compaq_Administrator\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt AV: avast! antivirus 4.8.1229 [VPS 080830-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} FILE :: "c:\documents and settings\Compaq_Administrator\Local Settings\Temp\UACafe3.tmp" "c:\windows\system32\drivers\UACccxyrpsxkyvhbod.sys" "c:\windows\system32\UACajrttnucajqtchc.dat" "c:\windows\system32\UACbutrpjbwhjwxvkm.dll" "c:\windows\system32\UACdnkvlwtdevmmuxo.dll" "c:\windows\system32\uacinit.dll" "c:\windows\system32\UACnohskbujudtsdll.dll" "c:\windows\system32\UACrpkequackhwxonr.dll" "c:\windows\system32\uactmp.db" "c:\windows\system32\UACwyaurfwjfhimihg.db" "c:\windows\system32\UACxadvnoltlvbjxcx.dll" "c:\windows\Temp\UAC8529.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Compaq_Administrator\Local Settings\Temp\UACafe3.tmp c:\windows\Install.txt c:\windows\kb913800.exe c:\windows\run.log c:\windows\system32\drivers\UACccxyrpsxkyvhbod.sys c:\windows\system32\Install.txt c:\windows\system32\UACajrttnucajqtchc.dat c:\windows\system32\UACbutrpjbwhjwxvkm.dll c:\windows\system32\UACdnkvlwtdevmmuxo.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACnohskbujudtsdll.dll c:\windows\system32\UACrpkequackhwxonr.dll c:\windows\system32\uactmp.db c:\windows\system32\UACwyaurfwjfhimihg.db c:\windows\system32\UACxadvnoltlvbjxcx.dll c:\windows\Temp\UAC8529.tmp D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_UACd.sys -------\Legacy_MSNCACHE -------\Legacy_SOPIDKC ((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 ))))))))))))))))))))))))))))))) . 2009-08-14 21:46 . 2009-08-14 21:46 -------- d-----w- C:\_OTL 2009-08-14 21:40 . 2009-08-14 21:40 -------- d-----w- c:\program files\ERUNT 2009-08-12 23:45 . 2009-08-12 23:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-08-12 02:07 . 2009-08-12 02:07 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes 2009-08-12 02:00 . 2009-08-12 02:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-08-12 01:58 . 2008-11-06 06:03 -------- d-----w- C:\SDFix 2009-08-12 00:56 . 2009-08-12 00:56 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\PrivacIE 2009-08-12 00:56 . 2009-08-12 00:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-08-12 00:53 . 2009-08-12 00:53 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IETldCache 2009-08-12 00:31 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-08-12 00:31 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-08-12 00:31 . 2009-08-12 00:31 -------- d-----w- c:\windows\ie8updates 2009-08-12 00:31 . 2009-07-01 07:08 101376 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-08-12 00:28 . 2009-08-12 00:30 -------- dc-h--w- c:\windows\ie8 2009-08-12 00:20 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-11 22:07 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-11 22:07 . 2009-08-13 20:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-11 22:07 . 2009-08-11 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-11 22:07 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-11 21:49 . 2009-08-11 21:49 -------- d-----w- c:\program files\Trend Micro 2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-29 04:37 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2009-07-29 04:37 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-15 00:03 . 2006-12-09 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-08-14 21:36 . 2009-07-08 20:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-05 09:01 . 2004-08-10 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:37 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2004-08-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-17 19:01 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-10 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 01:28 . 2009-07-10 01:28 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-07-10 01:28 . 2009-07-10 01:28 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-07-10 01:28 . 2009-07-10 01:28 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-07-10 01:28 . 2009-07-10 01:28 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-07-10 01:28 . 2009-07-10 01:28 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-07-10 01:28 . 2009-07-09 10:00 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-07-10 01:28 . 2009-07-10 01:28 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-07-10 01:28 . 2009-07-10 01:28 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-07-09 21:03 . 2009-07-09 21:01 -------- d-----w- c:\program files\Spyware Doctor 2009-07-09 21:01 . 2009-07-09 21:01 -------- d-----w- c:\program files\Common Files\PC Tools 2009-07-09 21:01 . 2009-07-09 21:01 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\PC Tools 2009-07-09 21:01 . 2009-07-09 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-07-09 20:19 . 2006-02-25 23:40 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\LimeWire 2009-07-08 23:45 . 2009-07-08 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-07-08 23:43 . 2009-07-08 02:49 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-07-08 23:43 . 2006-02-25 19:44 -------- d-----w- c:\program files\Lavasoft 2009-07-07 19:54 . 2005-11-11 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-07-05 16:01 . 2007-09-08 17:26 -------- d-----w- c:\program files\Steam 2009-07-03 22:11 . 2008-02-07 00:12 -------- d-----w- c:\program files\AIM6 2009-07-03 22:11 . 2006-02-25 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-07-03 22:10 . 2009-07-03 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore 2009-07-03 17:09 . 2004-08-10 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 20:31 . 2005-11-11 21:44 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-06-18 15:36 . 2006-07-26 01:05 1878984 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-05-19 05:36 . 2009-06-15 21:11 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe 2009-05-19 05:36 . 2009-06-15 21:11 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat 2009-05-19 05:36 . 2009-06-15 21:11 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat 2009-05-19 05:36 . 2009-06-15 21:11 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe 2009-05-19 05:36 . 2009-06-15 21:11 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe 2009-05-19 05:36 . 2009-06-15 21:11 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe 2009-05-19 05:36 . 2009-06-18 01:34 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe 2009-05-19 05:36 . 2009-06-15 21:11 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe 2009-05-19 05:36 . 2009-06-18 01:34 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll 2009-05-19 05:36 . 2009-06-15 21:11 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll 2006-06-03 19:04 . 2006-06-03 19:04 56 --sh--r- c:\windows\system32\E94347B703.sys 2007-04-16 18:15 . 2006-06-03 19:04 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 68856] "Google Update"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-08 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-05-06 6656] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816] "lxdkmon.exe"="c:\program files\Lexmark 5300 Series\lxdkmon.exe" [2007-06-22 455344] "lxdkamon"="c:\program files\Lexmark 5300 Series\lxdkamon.exe" [2007-06-01 20480] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-10 520024] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-10-20 136768] c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk.disabled [2007-6-3 928] HP Digital Imaging Monitor.lnk.disabled [2006-6-28 1816] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "Aim6"= "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "Steam"="c:\program files\steam\steam.exe" -silent "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "PeerGuardian"=c:\program files\PeerGuardian2\pg2.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "<NO NAME>"= "ehTray"=c:\windows\ehome\ehtray.exe "PC Pitstop Optimize Scheduler"=c:\program files\PCPitstop\Optimize\PCPOptimize.exe -boot "PCPitstop Optimize Registration Reminder"=c:\program files\PCPitstop\Optimize\Reminder.exe "NWEReboot"= "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "DISCover"=c:\program files\DISC\DISCover.exe "DiscUpdateManager"=c:\program files\DISC\DiscUpdateMgr.exe "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE "Lexmark 5300 Series Fax Server"="c:\program files\Lexmark 5300 Series\fm3032.exe" /s "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN "Verizon_McciTrayApp"=c:\program files\Verizon\McciTrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Documents and Settings\\Compaq_Administrator\\Desktop\\utorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Documents and Settings\\Compaq_Administrator\\My Documents\\My Downloads\\UT1.6.1.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Steam\\steamapps\\hitmansteve007\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Lexmark 5300 Series\\lxdkmon.exe"= "c:\\WINDOWS\\system32\\lxdkcoms.exe"= "c:\\Program Files\\Lexmark 5300 Series\\lxdkamon.exe"= "c:\\Program Files\\Lexmark 5300 Series\\FRun.exe"= "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"= "c:\\Program Files\\Lexmark 5300 Series\\lxdkfax.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdkpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdktime.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdkjswx.exe"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"= "c:\\Program Files\\Steam\\steamapps\\hitmansteve007\\day of defeat source\\hl2.exe"= "c:\\Program Files\\Adobe\\Adobe Photoshop CS2\\Photoshop.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "c:\\Program Files\\Steam\\steamapps\\boober947\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Steam\\steamapps\\hitmansteve007\\half-life\\hl.exe"= "c:\\Program Files\\Steam\\steamapps\\hitmansteve007\\counter-strike\\hl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "80:UDP"= 80:UDP:*:Disabled:http2 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/8/2009 7:44 PM 64160] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/9/2009 5:01 PM 130424] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/2/2008 10:55 AM 78416] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/2/2008 10:55 AM 20560] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456] R2 lxdk_device;lxdk_device;c:\windows\system32\lxdkcoms.exe -service --> c:\windows\system32\lxdkcoms.exe -service [?] R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [12/25/2006 2:20 PM 2368] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 6:43 PM 24652] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 1:31 PM 101936] S2 lxdkCATSCustConnectService;lxdkCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdkserv.exe [1/13/2008 5:07 PM 99248] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/9/2009 5:01 PM 348752] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:27] 2009-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-08-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 15:27] 2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2386330855-2385140882-2528244212-1008Core.job - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-08 18:45] 2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2386330855-2385140882-2528244212-1008UA.job - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-08 18:45] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) HKLM-Run-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe HKLM-Run-PCDrProfiler - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=yahoo_v.1_ie&bm=yh_home uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 Trusted Zone: trymedia.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\9cjsfy2t.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFFab&query= FF - plugin: c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-15 08:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(812) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2684) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\arservice.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\lxdkcoms.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\dllhost.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\hp\KBD\kbd.exe . ************************************************************************** . Completion time: 2009-08-15 9:13 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-15 13:13 Pre-Run: 6,409,248,768 bytes free Post-Run: 6,225,313,792 bytes free 341 --- E O F --- 2009-08-12 02:04
  7. I ran combofix, and it said that it needed to perform a task on reboot. It has rebooted and the window now says that it is preparing the log report. But since it restarted , so did Teatimer, which is now telling me that KernelFaultCheck has been deleted (%systemroot%\system32\dumprep 0-k). Combofix is hanging on the "Preparing log report step". Any thoughts?
  8. All processes killed ========== FILES ========== File\Folder C:\WINDOWS\system32\uacinit.dll not found. File\Folder C:\WINDOWS\system32\drivers\uac*.* not found. C:\RECYCLER\S-1-5-21-2386330855-2385140882-2528244212-500 moved successfully. C:\RECYCLER\S-1-5-21-2386330855-2385140882-2528244212-1008 moved successfully. C:\RECYCLER moved successfully. File\Folder D:\recycler not found. File\Folder e:\recycler not found. File\Folder f:\recycler not found. File\Folder g:\recycler not found. File\Folder h:\recycler not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 118040 bytes ->Temporary Internet Files folder emptied: 428620 bytes ->FireFox cache emptied: 39979339 bytes User: All Users User: Compaq_Administrator ->Temp folder emptied: 47875509 bytes ->Temporary Internet Files folder emptied: 10431283 bytes ->Java cache emptied: 34887570 bytes ->FireFox cache emptied: 58503329 bytes ->Google Chrome cache emptied: 100591880 bytes ->Apple Safari cache emptied: 288245 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 24411670 bytes ->FireFox cache emptied: 3769041 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 90340772 bytes %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\msdownld.tmp folder deleted successfully. %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 7039297 bytes Windows Temp folder emptied: 17048 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 399.40 mb OTL by OldTimer - Version 3.0.10.7 log created on 08142009_174605 Files\Folders moved on Reboot... Registry entries deleted on Reboot... RootRepeal ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/14 18:32 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\WINDOWS\system32\UACajrttnucajqtchc.dat Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACbutrpjbwhjwxvkm.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACdnkvlwtdevmmuxo.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\uacinit.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACnohskbujudtsdll.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACrpkequackhwxonr.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\uactmp.db Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACwyaurfwjfhimihg.db Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\UACxadvnoltlvbjxcx.dll Status: Invisible to the Windows API! Path: C:\WINDOWS\Temp\UAC8529.tmp Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\drivers\UACccxyrpsxkyvhbod.sys Status: Invisible to the Windows API! Path: C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\UACafe3.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\uacnohskbujudtsdll.dll.f376ca4a672e76102b96ef6c3247e0.aawqff Status: Invisible to the Windows API! Results of screen317's Security Check version 0.98.7 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! avast! Antivirus Norton 360 Antivirus out of date! (On Access scanning disabled!) `````````````````````````````` Anti-malware/Other Utilities Check: Out of date Spybot installed! Ad-Aware Spybot - Search & Destroy 1.5.2.20 Spyware Doctor 6.0 Spybot - Search & Destroy Malwarebytes' Anti-Malware HijackThis 2.0.2 Java 6 Update 11 Java 6 Update 6 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 8.1.2 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! `````````````````````````````` DNS Vulnerability Check: GREAT! (Very random) `````````End of Log```````````
  9. About 3-4 weeks ago, A nasty virus got ahold of my computer. It wouldnt let me open any .exe's or connect to the internet. After downloading MBAM on another computer, renaming it and running it on the infected computer it got rid of alot of different viruses as well as other spyware. I can now open .exe's (but not all, it wont let me open up certain antispyware/antivirus programs whose names havent been changed) and I still cannot connect to the internet through any browser (I usually use Firefox, and i installed opera to verify the lack of internet connectivity.) Any help would be appreciated in resolving my problems. Current MBAM log Malwarebytes' Anti-Malware 1.40 Database version: 2551 Windows 5.1.2600 Service Pack 3 8/13/2009 4:04:09 PM mbam-log-2009-08-13 (16-04-04).txt Scan type: Quick Scan Objects scanned: 105440 Time elapsed: 6 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken. _______HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:04:23 PM, on 8/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxdkcoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Lexmark 5300 Series\lxdkmon.exe C:\Program Files\Lexmark 5300 Series\lxdkamon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\SOUNDMAN.EXE c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir....&bm=yh_home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [lxdkmon.exe] "C:\Program Files\Lexmark 5300 Series\lxdkmon.exe" O4 - HKLM\..\Run: [lxdkamon] "C:\Program Files\Lexmark 5300 Series\lxdkamon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\fun.exe" /runcleanupscript O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Google Updater.lnk.disabled O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-los...bGameLoader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140892258757 O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab? O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file:///E:/CDVIEWER/CdViewer.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\190992921745mxx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxdkCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdkserv.exe O23 - Service: lxdk_device - - C:\WINDOWS\system32\lxdkcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14145 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.