Jump to content

Help n Advice Needed Please


Recommended Posts

Hello i have been unable to update any antivrus/malware applications also not able to conect to messanger when i try to update any of these i get message updates failed make sure you are connected to internet and your firewall is set to allow malware bytes can anyone take look at logs ive enclosed please as ive been told my computer is infected,thanks

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:02:41, on 04/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.229.208.2:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1191804486234

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2FEE3D0A-65E8-4E5E-81C5-06B97BAC68A3}: NameServer = 194.168.4.100,194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\..\{44188752-45E2-4488-9398-96C589E7EB24}: NameServer = 194.168.4.100,194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\..\{6C08A0E8-B96D-4D80-A788-3168567EBF76}: NameServer = 194.168.4.100,194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\..\{BE2C7A2D-5762-4B03-B65F-C8B49B0E3668}: NameServer = 194.168.4.100,194.168.8.100

O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Windows Live Family Safety (fsssvc) - Unknown owner - (no file)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--

End of file - 5300 bytes

Malwarebytes' Anti-Malware 1.34

Database version: 1814

Windows 5.1.2600 Service Pack 3

04/03/2009 18:10:22

mbam-log-2009-03-04 (18-10-22).txt

Scan type: Quick Scan

Objects scanned: 61654

Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

  • Root Admin

Post re-opened per user request.

Please post the following if you can - they need to be NEW logs.

If you're running any Peer2Peer software like uTorrent, BitTorrent, Limewire, etc then uninstall it first. P2P software can infect or re-infect faster than we can clean you and is a waste of our time to assist you if you have it installed.

STEP 01

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

STEP 02

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

STEP 03

    Please create a BOOTLOG
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
Link to post
Share on other sites

Here Are The 2 New Log Files Below

Malwarebytes' Anti-Malware 1.34

Database version: 1866

Windows 5.1.2600 Service Pack 3

19/03/2009 00:52:24

mbam-log-2009-03-19 (00-52-24).txt

Scan type: Quick Scan

Objects scanned: 63973

Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:55:07, on 19/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 201.229.208.2:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1191804486234

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1A1CF384-B76D-4A12-AA96-3DB3C5494606}: NameServer = 194.168.4.100,194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\..\{2FEE3D0A-65E8-4E5E-81C5-06B97BAC68A3}: NameServer = 194.168.4.100,194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\..\{44188752-45E2-4488-9398-96C589E7EB24}: NameServer = 194.168.4.100,194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\..\{6C08A0E8-B96D-4D80-A788-3168567EBF76}: NameServer = 194.168.4.100,194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\..\{BE2C7A2D-5762-4B03-B65F-C8B49B0E3668}: NameServer = 194.168.4.100,194.168.8.100

O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Windows Live Family Safety (fsssvc) - Unknown owner - (no file)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

--

End of file - 5281 bytes

Link to post
Share on other sites

the following logs i DDS.txt and Attach.txt

DDS (Ver_09-03-16.01) - NTFSx86

Run by cliff at 1:02:05.81 on 19/03/2009

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.439 [GMT 0:00]

FW: Outpost Firewall Pro *disabled*

FW: COMODO Firewall Pro *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\cliff\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Page = hxxp://www.msn.com

mStart Page = hxxp://www.msn.com

uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com

uInternet Settings,ProxyServer = 201.229.208.2:80

mSearchAssistant = hxxp://www.google.com/ie

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice

mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall pro\feedback.exe" /dump:os_startup

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll

IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448} - c:\program files\agnitum\outpost firewall pro\ie_bar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191804486234

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {1A1CF384-B76D-4A12-AA96-3DB3C5494606} = 194.168.4.100,194.168.8.100

TCP: {2FEE3D0A-65E8-4E5E-81C5-06B97BAC68A3} = 194.168.4.100,194.168.8.100

TCP: {44188752-45E2-4488-9398-96C589E7EB24} = 194.168.4.100,194.168.8.100

TCP: {6C08A0E8-B96D-4D80-A788-3168567EBF76} = 194.168.4.100,194.168.8.100

TCP: {BE2C7A2D-5762-4B03-B65F-C8B49B0E3668} = 194.168.4.100,194.168.8.100

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cliff\applic~1\mozilla\firefox\profiles\obwy9xeo.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en

FF - plugin: c:\documents and settings\cliff\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.notify.interval - 600000

FF - user.js: content.switch.threshold - 600000

FF - user.js: nglayout.initialpaint.delay - 600

============= SERVICES / DRIVERS ===============

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2008-12-24 673920]

R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2008-12-24 30864]

R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2008-12-24 234640]

R3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2008-12-24 33408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-10-19 15504]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2008-11-4 26448]

S2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2008-12-24 1238344]

S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys --> c:\windows\system32\drivers\fssfltr.sys [?]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-10-19 179856]

S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2008-11-4 52944]

S3 fsssvc;Windows Live Family Safety; [x]

S3 getPlus® Helper;getPlus® Helper; [x]

S3 INFUNLTD;INFUNLTD;c:\windows\system32\drivers\SiUSBXp.sys [2007-7-8 14848]

S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2007-7-8 14848]

S3 usb2vcom;DKU-5 Connectivity Adapter Cable;c:\windows\system32\drivers\usb2vcom.sys [2007-8-27 30272]

============== File Associations ===============

txtfile=c:\windows\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-03-17 08:33 <DIR> --d----- c:\windows\RestoreSafeDeleted

2009-03-17 00:15 <DIR> --d----- c:\docume~1\cliff\applic~1\RegRun

2009-03-17 00:01 57,556 a------- c:\windows\guard.bmp

2009-03-17 00:01 <DIR> --d----- c:\program files\Greatis

2009-03-13 15:55 0 a------- c:\windows\system32\drivers\SENEKADITGRRFV.SYS.del

2009-03-11 16:43 <DIR> --d----- C:\RootkitNO

2009-03-11 11:12 2 a--shrot c:\windows\winstart.bat

2009-03-10 14:08 <DIR> --dsh--- c:\documents and settings\cliff\PrivacIE

2009-03-10 14:08 <DIR> --dsh--- c:\documents and settings\cliff\IETldCache

2009-03-07 00:05 <DIR> --d----- c:\windows\ie8updates

2009-03-06 23:54 81,920 a------- c:\windows\system32\ieencode.dll

2009-03-06 23:52 79,360 -c------ c:\windows\system32\dllcache\iecompat.dll

2009-03-05 01:26 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat

2009-03-05 01:26 1,089,593 -------- c:\windows\ntprint.cat

2009-03-04 19:13 <DIR> --d----- c:\windows\system32\XPSViewer

2009-03-04 19:07 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-03-04 19:07 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll

2009-03-04 19:07 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-03-04 19:07 575,488 -------- c:\windows\system32\xpsshhdr.dll

2009-03-04 19:07 117,760 -------- c:\windows\system32\prntvpt.dll

2009-03-04 19:07 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll

2009-03-04 19:07 1,676,288 -------- c:\windows\system32\xpssvcs.dll

2009-03-04 19:07 <DIR> --d----- C:\6f42334d2be88dc778ff04c32d4ce908

2009-03-04 19:06 <DIR> --d----- c:\windows\SxsCaPendDel

2009-03-04 18:02 <DIR> --d----- c:\program files\Trend Micro

2009-02-28 02:16 7,168 a--sh--- c:\windows\Thumbs.db

2009-02-28 02:13 31 a------- c:\windows\system32\Days5.ini

2009-02-27 03:30 434,688 a------- c:\windows\system32\ss2uinst.exe

2009-02-22 21:57 0 a------- c:\windows\rschkr.ini

==================== Find3M ====================

2009-02-27 10:27 36,892 a------- c:\windows\system32\btbass.dll

2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-02-09 11:13 1,846,784 a------- c:\windows\system32\win32k.sys

2009-01-07 23:44 339,968 a------- c:\windows\system32\pythoncom25.dll

2009-01-07 23:44 2,117,632 a------- c:\windows\system32\python25.dll

2009-01-07 23:44 348,160 a------- c:\windows\system32\msvcr71.dll

2009-01-07 23:44 114,688 a------- c:\windows\system32\pywintypes25.dll

2008-12-20 23:15 826,368 a------- c:\windows\system32\wininet.dll

2008-10-08 13:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100820081009\index.dat

============= FINISH: 1:02:21.59 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 07/07/2007 20:21:40

System Uptime: 18/03/2009 04:52:56 (21 hours ago)

Motherboard: | | SiS-755

Processor: AMD Sempron Processor 3000+ | Socket 940 | 1799/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 16 GiB total, 6.778 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: SiS 900-Based PCI Fast Ethernet Adapter

Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_18911019&REV_91\3&61AAA01&0&20

Manufacturer: SiS

Name: SiS 900-Based PCI Fast Ethernet Adapter

PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_18911019&REV_91\3&61AAA01&0&20

Service: SISNICXP

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel 21140-Based PCI Fast Ethernet Adapter (Generic)

Device ID: PCI\VEN_1011&DEV_0009&SUBSYS_00000000&REV_22\3&61AAA01&0&60

Manufacturer: Intel

Name: Intel 21140-Based PCI Fast Ethernet Adapter (Generic) #4

PNP Device ID: PCI\VEN_1011&DEV_0009&SUBSYS_00000000&REV_22\3&61AAA01&0&60

Service: DC21x4

==== System Restore Points ===================

RP165: 07/03/2009 21:01:39 - Before uninstall OpenDNS Updater 1.3.0.187

RP166: 08/03/2009 21:31:02 - System Checkpoint

RP167: 09/03/2009 23:41:15 - System Checkpoint

RP168: 11/03/2009 02:53:15 - System Checkpoint

RP169: 11/03/2009 03:00:55 - Software Distribution Service 3.0

RP170: 11/03/2009 11:20:36 - RegRun Virus Scan

RP171: 11/03/2009 11:25:14 - RegRun Virus Scan

RP172: 11/03/2009 11:29:55 - RegRun Virus Scan

RP173: 11/03/2009 11:31:00 - RegRun Virus Scan

RP174: 12/03/2009 15:46:51 - System Checkpoint

RP175: 13/03/2009 15:57:37 - Before uninstall Adobe Flash Player 10 ActiveX

RP176: 13/03/2009 15:58:45 - Before uninstall TrojanHunter 5.0

RP177: 14/03/2009 03:03:42 - Software Distribution Service 3.0

RP178: 14/03/2009 22:11:13 - RegRun Virus Scan

RP179: 14/03/2009 22:14:07 - RegRun Virus Scan

RP180: 16/03/2009 04:34:31 - System Checkpoint

RP181: 17/03/2009 05:11:20 - System Checkpoint

RP182: 17/03/2009 08:13:29 - RegRun Virus Scan

RP183: 17/03/2009 08:14:45 - RegRun Virus Scan

RP184: 17/03/2009 08:29:18 - RegRun Virus Scan

RP185: 17/03/2009 15:16:45 - Before uninstall UnHackMe 4.80 beta

RP186: 17/03/2009 21:01:44 - RegRun Virus Scan

RP187: 17/03/2009 21:27:46 - RegRun Virus Scan

RP188: 18/03/2009 02:20:05 - Before uninstall RegRun Security Suite Platinum

==== Installed Programs ======================

Adobe Reader 9

Agnitum Outpost Firewall Pro

ATI Display Driver

C-Media WDM Audio Driver

CaptureWizPro 3.90

Critical Update for Windows Media Player 11 (KB959772)

CuteFTP 8 Professional

DBOX2 Image-Flashing-Assistent 3.1.1

FlashFXP v3

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

HyperTerminal Private Edition v6.3

IBP & ARELIS 9.7.1

Infinity USB Unlimited 2.75

Java 6 Update 2

Java SE Runtime Environment 6 Update 1

Lib Debug 1.0

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual J# 2.0 Redistributable Package

Mozilla Firefox (3.0.7)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

Realtek AC'97 Audio

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

SiS 900 PCI Fast Ethernet Adapter Driver

SMAC 2.7

SolarWinds TFTP Server

Trojan Remover 6.7.6

TuneUp Utilities 2009

Unlocker 1.8.7

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VultureWare DOCSIS Config Editor 0.1

WebFldrs XP

WinAce Archiver

Windows Doctor 2.0

Windows Live installer

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR archiver

XoftSpySE

Your Uninstaller! 2008 Version 6.2

==== Event Viewer Messages From Past Week ========

15/03/2009 14:33:15, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

15/03/2009 14:32:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

15/03/2009 13:04:00, error: Service Control Manager [7034] - The Logical Disk Manager Administrative Service service terminated unexpectedly. It has done this 1 time(s).

15/03/2009 13:01:42, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips Processor SandBox

15/03/2009 13:01:42, error: Service Control Manager [7001] - The TuneUp Theme Extension service depends on the Themes service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

15/03/2009 12:28:12, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

15/03/2009 12:26:05, error: Service Control Manager [7000] - The fssfltr service failed to start due to the following error: The system cannot find the file specified.

13/03/2009 20:01:27, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).

13/03/2009 20:01:27, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

13/03/2009 15:55:44, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).

13/03/2009 15:01:54, error: Dhcp [1002] - The IP address lease 192.168.100.11 for the Network Card with network address 00028A630344 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

13/03/2009 13:20:10, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

Link to post
Share on other sites

ROOTREPEAL © AD, 2007-2008

==================================================

Scan Time: 2009/03/19 01:11

Program Version: Version 1.2.3.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF752C000 Size: 187776 File Visible: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2066048 File Visible: -

Status: -

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xAA608000 Size: 138496 File Visible: -

Status: -

Name: afw.sys

Image Path: C:\WINDOWS\system32\DRIVERS\afw.sys

Address: 0xF797B000 Size: 24192 File Visible: -

Status: -

Name: afwcore.sys

Image Path: C:\WINDOWS\system32\drivers\afwcore.sys

Address: 0xF6E7F000 Size: 227968 File Visible: -

Status: -

Name: ALCXSENS.SYS

Image Path: C:\WINDOWS\system32\drivers\ALCXSENS.SYS

Address: 0xF6EEF000 Size: 400384 File Visible: -

Status: -

Name: ALCXWDM.SYS

Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS

Address: 0xF6F98000 Size: 601920 File Visible: -

Status: -

Name: ASWFilt.dll

Image Path: C:\WINDOWS\system32\Filt\ASWFilt.dll

Address: 0xF7A53000 Size: 26624 File Visible: -

Status: -

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF74BE000 Size: 96512 File Visible: -

Status: -

Name: ati2cqag.dll

Image Path: C:\WINDOWS\System32\ati2cqag.dll

Address: 0xBF057000 Size: 499712 File Visible: -

Status: -

Name: ati2dvag.dll

Image Path: C:\WINDOWS\System32\ati2dvag.dll

Address: 0xBF012000 Size: 282624 File Visible: -

Status: -

Name: ati2mtag.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

Address: 0xF703F000 Size: 2662400 File Visible: -

Status: -

Name: ati3duag.dll

Image Path: C:\WINDOWS\System32\ati3duag.dll

Address: 0xBF16B000 Size: 3133440 File Visible: -

Status: -

Name: atikvmag.dll

Image Path: C:\WINDOWS\System32\atikvmag.dll

Address: 0xBF0D1000 Size: 442368 File Visible: -

Status: -

Name: atiok3x2.dll

Image Path: C:\WINDOWS\System32\atiok3x2.dll

Address: 0xBF13D000 Size: 188416 File Visible: -

Status: -

Name: ativvaxx.dll

Image Path: C:\WINDOWS\System32\ativvaxx.dll

Address: 0xBF468000 Size: 1597440 File Visible: -

Status: -

Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: -

Status: -

Name: audstub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys

Address: 0xF7D05000 Size: 3072 File Visible: -

Status: -

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF7B75000 Size: 4224 File Visible: -

Status: -

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7A6B000 Size: 12288 File Visible: -

Status: -

Name: cercsr6.sys

Image Path: cercsr6.sys

Address: 0xF78EB000 Size: 29120 File Visible: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xF769B000 Size: 53248 File Visible: -

Status: -

Name: disk.sys

Image Path: disk.sys

Address: 0xF768B000 Size: 36352 File Visible: -

Status: -

Name: dmio.sys

Image Path: dmio.sys

Address: 0xF74D6000 Size: 153344 File Visible: -

Status: -

Name: dmload.sys

Image Path: dmload.sys

Address: 0xF7B5F000 Size: 5888 File Visible: -

Status: -

Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xF76EB000 Size: 61440 File Visible: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xAA48A000 Size: 98304 File Visible: No

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7BF1000 Size: 8192 File Visible: No

Status: -

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xAA52A000 Size: 12288 File Visible: -

Status: -

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF000000 Size: 73728 File Visible: -

Status: -

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7D4C000 Size: 4096 File Visible: -

Status: -

Name: eamon.sys

Image Path: C:\WINDOWS\system32\DRIVERS\eamon.sys

Address: 0xA7C8C000 Size: 315392 File Visible: -

Status: -

Name: epfw.sys

Image Path: C:\WINDOWS\system32\DRIVERS\epfw.sys

Address: 0xA806E000 Size: 81920 File Visible: -

Status: -

Name: epfwtdi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\epfwtdi.sys

Address: 0xAA678000 Size: 73728 File Visible: -

Status: -

Name: evsbc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\evsbc.sys

Address: 0xF79DB000 Size: 20224 File Visible: -

Status: -

Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xA74AC000 Size: 143744 File Visible: -

Status: -

Name: fdc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys

Address: 0xF7953000 Size: 27392 File Visible: -

Status: -

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xF783B000 Size: 44544 File Visible: -

Status: -

Name: flpydisk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys

Address: 0xF79F3000 Size: 20480 File Visible: -

Status: -

Name: fltmgr.sys

Image Path: fltmgr.sys

Address: 0xF7486000 Size: 129792 File Visible: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF7B71000 Size: 7936 File Visible: -

Status: -

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF74FC000 Size: 125056 File Visible: -

Status: -

Name: gagp30kx.sys

Image Path: gagp30kx.sys

Address: 0xF76AB000 Size: 46464 File Visible: -

Status: -

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806D0000 Size: 131840 File Visible: -

Status: -

Name: i8042prt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys

Address: 0xF770B000 Size: 52480 File Visible: -

Status: -

Name: ipnat.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Address: 0xAA652000 Size: 152832 File Visible: -

Status: -

Name: ipsec.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xAA6E3000 Size: 75264 File Visible: -

Status: -

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF765B000 Size: 37248 File Visible: -

Status: -

Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xF796B000 Size: 24576 File Visible: -

Status: -

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7B5B000 Size: 8192 File Visible: -

Status: -

Name: kmixer.sys

Image Path: C:\WINDOWS\system32\drivers\kmixer.sys

Address: 0xA5B75000 Size: 172416 File Visible: -

Status: -

Name: ks.sys

Image Path: C:\WINDOWS\system32\drivers\ks.sys

Address: 0xF6F51000 Size: 143360 File Visible: -

Status: -

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF745D000 Size: 92288 File Visible: -

Status: -

Name: mbam.sys

Image Path: C:\WINDOWS\system32\drivers\mbam.sys

Address: 0xA7DD9000 Size: 11776 File Visible: -

Status: -

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xF7B79000 Size: 4224 File Visible: -

Status: -

Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xF7963000 Size: 23040 File Visible: -

Status: -

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF766B000 Size: 42368 File Visible: -

Status: -

Name: mrxsmb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Address: 0xAA4A2000 Size: 455296 File Visible: -

Status: -

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF7A1B000 Size: 19072 File Visible: -

Status: -

Name: msgpc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Address: 0xF77CB000 Size: 35072 File Visible: -

Status: -

Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xF7319000 Size: 15488 File Visible: -

Status: -

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF7389000 Size: 105344 File Visible: -

Status: -

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF73A3000 Size: 182656 File Visible: -

Status: -

Name: ndistapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xF7331000 Size: 10112 File Visible: -

Status: -

Name: ndiswan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xF6E68000 Size: 91520 File Visible: -

Status: -

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF776B000 Size: 40576 File Visible: -

Status: -

Name: netbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys

Address: 0xF77EB000 Size: 34688 File Visible: -

Status: -

Name: netbt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys

Address: 0xAA62A000 Size: 162816 File Visible: -

Status: -

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF7A2B000 Size: 30848 File Visible: -

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF73D0000 Size: 574976 File Visible: -

Status: -

Name: ntkrnlpa.exe

Image Path: C:\WINDOWS\system32\ntkrnlpa.exe

Address: 0x804D7000 Size: 2066048 File Visible: -

Status: -

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF7D31000 Size: 2944 File Visible: -

Status: -

Name: parport.sys

Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys

Address: 0xF6EB7000 Size: 80128 File Visible: -

Status: -

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF78E3000 Size: 19712 File Visible: -

Status: -

Name: ParVdm.SYS

Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS

Address: 0xF7BB5000 Size: 6784 File Visible: -

Status: -

Name: pci.sys

Image Path: pci.sys

Address: 0xF751B000 Size: 68224 File Visible: -

Status: -

Name: pciide.sys

Image Path: pciide.sys

Address: 0xF7C23000 Size: 3328 File Visible: -

Status: -

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Address: 0xF78DB000 Size: 28672 File Visible: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2066048 File Visible: -

Status: -

Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xF6F74000 Size: 147456 File Visible: -

Status: -

Name: processr.sys

Image Path: C:\WINDOWS\system32\DRIVERS\processr.sys

Address: 0xF76DB000 Size: 35840 File Visible: -

Status: -

Name: ptilink.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xF79AB000 Size: 17792 File Visible: -

Status: -

Name: rasacd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xF72D1000 Size: 8832 File Visible: -

Status: -

Name: rasl2tp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xF772B000 Size: 51328 File Visible: -

Status: -

Name: raspppoe.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xF773B000 Size: 41472 File Visible: -

Status: -

Name: raspptp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Address: 0xF774B000 Size: 48384 File Visible: -

Status: -

Name: raspti.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xF79BB000 Size: 16512 File Visible: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2066048 File Visible: -

Status: -

Name: rdbss.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Address: 0xAA53A000 Size: 175744 File Visible: -

Status: -

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF7B7D000 Size: 4224 File Visible: -

Status: -

Name: rdpdr.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys

Address: 0xF6E38000 Size: 196224 File Visible: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA796B000 Size: 45056 File Visible: No

Status: -

Name: SandBox.sys

Image Path: C:\WINDOWS\system32\DRIVERS\SandBox.sys

Address: 0xAA565000 Size: 667136 File Visible: -

Status: -

Name: SCSIPORT.SYS

Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS

Address: 0xF74A6000 Size: 98304 File Visible: -

Status: -

Name: serenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys

Address: 0xF7349000 Size: 15744 File Visible: -

Status: -

Name: serial.sys

Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys

Address: 0xF76FB000 Size: 64512 File Visible: -

Status: -

Name: sisnicxp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\sisnicxp.sys

Address: 0xF79FB000 Size: 32768 File Visible: -

Status: -

Name: sr.sys

Image Path: sr.sys

Address: 0xF7474000 Size: 73472 File Visible: -

Status: -

Name: srv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys

Address: 0xA7B0B000 Size: 333952 File Visible: -

Status: -

Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xF7B67000 Size: 4352 File Visible: -

Status: -

Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xA7FE6000 Size: 60800 File Visible: -

Status: -

Name: tcpip.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Address: 0xAA68A000 Size: 361600 File Visible: -

Status: -

Name: TDI.SYS

Image Path: C:\WINDOWS\system32\drivers\TDI.SYS

Address: 0xF798B000 Size: 20480 File Visible: -

Status: -

Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xF775B000 Size: 40704 File Visible: -

Status: -

Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xF6DB2000 Size: 384768 File Visible: -

Status: -

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF7B6D000 Size: 8192 File Visible: -

Status: -

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xF793B000 Size: 30208 File Visible: -

Status: -

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xF779B000 Size: 59520 File Visible: -

Status: -

Name: usbohci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys

Address: 0xF7933000 Size: 17152 File Visible: -

Status: -

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xF6ECB000 Size: 147456 File Visible: -

Status: -

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF7A0B000 Size: 20992 File Visible: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xF702B000 Size: 81920 File Visible: -

Status: -

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF767B000 Size: 52352 File Visible: -

Status: -

Name: vsb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\vsb.sys

Address: 0xF7315000 Size: 15360 File Visible: -

Status: -

Name: wanarp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Address: 0xF77DB000 Size: 34560 File Visible: -

Status: -

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF799B000 Size: 20480 File Visible: -

Status: -

Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0xA7EF1000 Size: 83072 File Visible: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1847296 File Visible: -

Status: -

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1847296 File Visible: -

Status: -

Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xF7B5D000 Size: 8192 File Visible: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2066048 File Visible: -

Status: -

Name: ws2ifsl.sys

Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys

Address: 0xF7355000 Size: 12032 File Visible: -

Status: -

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.