Jump to content

anotheruser

Honorary Members
 View Profile  See their activity

  • Posts

    51

  • Joined

  • Last visited

Reputation

0 Neutral
  1. anotheruser
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:30:04 AM, on 5/26/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Mionix\NAOS 3200 LED-Optical Gaming Mouse\NAOS3200_Icon.exe C:\Program Files (x86)\AIM\aim.exe H:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Pandora\Pandora.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\Desktop\Downloads\HijackThis.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\lance\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.232.208.116:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Mionix NAOS 3200] "C:\Program Files (x86)\Mionix\NAOS 3200 LED-Optical Gaming Mouse\NAOS3200_Icon.EXE" O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-BDA22.exe" /REG /REGSVRMODE O4 - HKCU\..\Run: [Google Update] "C:\Users\lance\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane..._2.3.10.115.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EA110940-9688-4B98-8783-44421E410039}: NameServer = 8.8.8.8,8.8.4.4 O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - h:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - h:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 8914 bytes i can not find any info on the file i have bolded here. it just popped up last night, right around the same time i started having battle.net issues. i dont know if this just coincidence and blizzard are having issues server side, or if i have a problem on my end. ok, nevermind. it looks like this is an mbam file. i opened up the bda22.lst file with it, and it had mbma written all over it.
  2. anotheruser
    go ahead and close this. thanks for the help.
  3. anotheruser
    just finished running this, said no threats found. i just started getting a random restart on this win7 install today, but i think its a hardware issue. either the case button is shorting out, or the mobo is going. in either case, ive got an rma set up for the mobo.
  4. anotheruser
    i forgot to save the mbam report, but it found 0 problems.
  5. anotheruser
    well, i played around with the computer a bit this afternoon and it seemed fine. its still idling behind me right now so im going to say everything is back to normal. thanks for the help.
  6. anotheruser
    the system is still idling behind me here, so no problems so far. ill let you know tonight if its still on or if its shut down.
  7. anotheruser
    Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000001d Kernel Drivers (total 121): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E4000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F79000 ACPI.sys 0xBA5AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xB9F68000 pci.sys 0xBA0A8000 isapnp.sys 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xBA0B8000 MountMgr.sys 0xB9F49000 ftdisk.sys 0xBA5AC000 dmload.sys 0xB9F23000 dmio.sys 0xBA330000 PartMgr.sys 0xBA671000 amdide.sys 0xBA0C8000 VolSnap.sys 0xB9F0B000 atapi.sys 0xBA0D8000 disk.sys 0xBA0E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xB9EEB000 fltmgr.sys 0xB9ED9000 sr.sys 0xB9EC2000 KSecDD.sys 0xB9E35000 Ntfs.sys 0xB9E08000 NDIS.sys 0xB9DEE000 Mup.sys 0xBA258000 \SystemRoot\System32\DRIVERS\processr.sys 0xB4BEC000 \SystemRoot\System32\DRIVERS\ati2mtag.sys 0xB4BD8000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 0xB4BB0000 \SystemRoot\System32\DRIVERS\HDAudBus.sys 0xBA268000 \SystemRoot\System32\DRIVERS\imapi.sys 0xBA278000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xB509E000 \SystemRoot\System32\DRIVERS\redbook.sys 0xB4B8D000 \SystemRoot\System32\DRIVERS\ks.sys 0xB5DAA000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xBA420000 \SystemRoot\System32\DRIVERS\usbohci.sys 0xB4B69000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xBA428000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB508E000 \SystemRoot\System32\DRIVERS\serial.sys 0xB55DB000 \SystemRoot\System32\DRIVERS\serenum.sys 0xBA430000 \SystemRoot\System32\DRIVERS\fdc.sys 0xBA5D0000 \SystemRoot\System32\DRIVERS\ASACPI.sys 0xB507E000 \SystemRoot\System32\DRIVERS\i8042prt.sys 0xBA438000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xBA440000 \SystemRoot\system32\DRIVERS\RTL8139.SYS 0xB55D7000 \SystemRoot\System32\DRIVERS\wmiacpi.sys 0xBA6E2000 \SystemRoot\System32\DRIVERS\audstub.sys 0xB506E000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xB55D3000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xB4B52000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xB505E000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xB504E000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xBA448000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xB4B41000 \SystemRoot\System32\DRIVERS\psched.sys 0xB503E000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xBA450000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xBA458000 \SystemRoot\System32\DRIVERS\raspti.sys 0xB4B11000 \SystemRoot\System32\DRIVERS\rdpdr.sys 0xB502E000 \SystemRoot\System32\DRIVERS\termdd.sys 0xBA460000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xBA5D2000 \SystemRoot\System32\DRIVERS\swenum.sys 0xB4AB3000 \SystemRoot\System32\DRIVERS\update.sys 0xB55B7000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xB501E000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xBA5D4000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xB500E000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xA491E000 \SystemRoot\system32\drivers\AtiHdAud.sys 0xA48FA000 \SystemRoot\system32\drivers\portcls.sys 0xBA2A8000 \SystemRoot\system32\drivers\drmk.sys 0xA4467000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xBA468000 \SystemRoot\System32\DRIVERS\flpydisk.sys 0xBA5DA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA6ED000 \SystemRoot\System32\Drivers\Null.SYS 0xBA5DC000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA478000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA480000 \SystemRoot\System32\drivers\vga.sys 0xBA5DE000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5E0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA488000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA490000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA5A4000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xA43E4000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xA438B000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xA4363000 \SystemRoot\System32\DRIVERS\netbt.sys 0xA433D000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xBA2C8000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xA431B000 \SystemRoot\System32\drivers\afd.sys 0xBA2D8000 \SystemRoot\System32\DRIVERS\netbios.sys 0xA42FA000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 0xBA498000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0xBA4A0000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xA42CF000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xA425F000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xBA2E8000 \SystemRoot\System32\Drivers\Fips.SYS 0xBA5E2000 \SystemRoot\system32\drivers\AsIO.sys 0xB5DB6000 \SystemRoot\System32\DRIVERS\hidusb.sys 0xBA2F8000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS 0xB5DAE000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xBA318000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xA417F000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBA5E4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB4A5E000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA4A8000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA69A000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF05F000 \SystemRoot\System32\ati2cqag.dll 0xBF0DE000 \SystemRoot\System32\atikvmag.dll 0xBF14E000 \SystemRoot\System32\atiok3x2.dll 0xBF17C000 \SystemRoot\System32\ati3duag.dll 0xBF484000 \SystemRoot\System32\ativvaxx.dll 0xA1B0A000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0xA17C1000 \SystemRoot\system32\drivers\wdmaud.sys 0xA1A6E000 \SystemRoot\system32\drivers\sysaudio.sys 0xA16D3000 \SystemRoot\system32\drivers\kmixer.sys 0xA158C000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xA15D1000 \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys 0xA12B5000 \SystemRoot\System32\DRIVERS\srv.sys 0xA0CAC000 \SystemRoot\System32\Drivers\HTTP.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 36): 0 System Idle Process 4 System 492 C:\WINDOWS\system32\smss.exe 540 csrss.exe 572 C:\WINDOWS\system32\winlogon.exe 616 C:\WINDOWS\system32\services.exe 628 C:\WINDOWS\system32\lsass.exe 804 C:\WINDOWS\system32\ati2evxx.exe 824 C:\WINDOWS\system32\svchost.exe 872 svchost.exe 952 C:\WINDOWS\system32\svchost.exe 1040 svchost.exe 1096 svchost.exe 1248 C:\WINDOWS\system32\spoolsv.exe 1260 C:\WINDOWS\system32\ati2evxx.exe 1676 C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe 1832 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1848 C:\Program Files\Bonjour\mDNSResponder.exe 1888 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE 1936 C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE 180 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 432 C:\WINDOWS\system32\svchost.exe 772 C:\Program Files\Viewpoint\Common\ViewpointService.exe 1060 C:\WINDOWS\system32\wuauclt.exe 1984 C:\WINDOWS\explorer.exe 1996 alg.exe 2212 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2224 C:\WINDOWS\RTHDCPL.exe 2232 C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe 2264 C:\Program Files\AWS\WeatherBug\Weather.exe 2276 C:\WINDOWS\system32\ctfmon.exe 2332 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 2972 C:\WINDOWS\system32\svchost.exe 3312 C:\Program Files\Mozilla Firefox\firefox.exe 3596 wmiprvse.exe 3932 C:\Documents and Settings\lance\My Documents\Downloads\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001f`ff588800 (NTFS) PhysicalDrive0 Model Number: ST3320620A, Rev: 3.AAF Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done!
  8. anotheruser
    RkU Version: 3.8.388.590, Type LE (SR2) ============================================== OS Name: Windows XP Version 5.1.2600 (Service Pack 3) Number of processors #2 ============================================== >Drivers ============================================== 0xA4427000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4796416 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver) 0xB4BEC000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 4333568 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver) 0xBF17C000 C:\WINDOWS\System32\ati3duag.dll 3178496 bytes (ATI Technologies Inc. , ati3duag.dll) 0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System) 0x804D7000 PnpManager 2150400 bytes 0x804D7000 RAW 2150400 bytes 0x804D7000 WMIxWDM 2150400 bytes 0xBF800000 Win32k 1855488 bytes 0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0xBF484000 C:\WINDOWS\System32\ativvaxx.dll 1757184 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver) 0xB9E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver) 0xBF05F000 C:\WINDOWS\System32\ati2cqag.dll 520192 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module) 0xBF0DE000 C:\WINDOWS\System32\atikvmag.dll 458752 bytes (ATI Technologies Inc., Virtual Command And Memory Manager) 0xA421F000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xB4AB3000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver) 0xA434B000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver) 0xA11AD000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver) 0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 315392 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver) 0xA0C6C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack) 0xB4B11000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT) 0xBF14E000 C:\WINDOWS\System32\atiok3x2.dll 188416 bytes (ATI Technologies Inc., Ring 0 x2 component) 0xA1791000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0xB9E08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver) 0xA428F000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0xB4BB0000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a) 0xA4323000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver) 0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver) 0xA42FD000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator) 0xA48FA000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0xB4B69000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0xB4B8D000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library) 0xA42DB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0xA42BA000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS) 0x806E4000 ACPI_HAL 134400 bytes 0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver) 0xA491E000 C:\WINDOWS\system32\drivers\AtiHdAud.sys 106496 bytes (ATI Research Inc., Ati High Definition Audio Function Driver) 0xB9DEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver) 0xA413F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes 0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0xB4B52000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0xA14FC000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper) 0xB4BD8000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver) 0xA43A4000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver) 0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver) 0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver) 0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0xB4B41000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler) 0xBA138000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver) 0xB509E000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xB507E000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver) 0xBA2B8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0xB508E000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver) 0xA1691000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter) 0xB500E000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB) 0xBA0E8000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll) 0xB506E000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver) 0xB505E000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0xB503E000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0xBA2E8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver) 0xBA278000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver) 0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager) 0xB504E000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver) 0xBA288000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy) 0xB501E000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver) 0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver) 0xBA2F8000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library) 0xB502E000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier) 0xBA2D8000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver) 0xA1244000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver) 0xBA258000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver) 0xBA308000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0xBA488000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver) 0xBA498000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver) 0xBA428000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0xBA430000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver) 0xBA470000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0xBA328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension) 0xBA490000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 28672 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS) 0xBA458000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver) 0xBA438000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver) 0xBA3E8000 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver) 0xBA478000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0xBA460000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver) 0xBA480000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver) 0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager) 0xBA448000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library) 0xBA450000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver) 0xBA440000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper) 0xBA420000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver) 0xBA4A0000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver) 0xA17D6000 C:\WINDOWS\system32\drivers\cpuz134_x32.sys 16384 bytes (Windows ® Win 7 DDK provider, CPUID Driver) 0xB4A7A000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0xB55B7000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver) 0xA1A26000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver) 0xB55DB000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator) 0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver) 0xA4423000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver) 0xB5DAA000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter) 0xB5DB6000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0xB55D3000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0xBA5A4000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0xB55D7000 C:\WINDOWS\System32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI) 0xBA5D0000 C:\WINDOWS\System32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility) 0xBA5E2000 C:\WINDOWS\system32\drivers\AsIO.sys 8192 bytes 0xBA5DC000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver) 0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver) 0xBA5E4000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes 0xBA5DA000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver) 0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0xBA5DE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator) 0xBA5E0000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport) 0xBA5D2000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0xBA5D4000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) 0xBA5AA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0xBA671000 amdide.sys 4096 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver) 0xBA6D8000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver) 0xBA6B7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk) 0xBA6A7000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver) 0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver) ============================================== >Stealth ============================================== 0x05100000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 102400 bytes 0x00C70000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x89D57860 ] PID: 264, 110592 bytes 0x01250000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 110592 bytes 0x05FF0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 110592 bytes 0x05010000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 126976 bytes 0x04F90000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 143360 bytes 0x05970000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 1519616 bytes 0x052C0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 1691648 bytes 0x05460000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 208896 bytes 0x04FC0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 225280 bytes 0x043C0000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 266240 bytes 0x00E40000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x89D57860 ] PID: 264, 28672 bytes 0x01060000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x89D57860 ] PID: 264, 28672 bytes 0x054C0000 Hidden Image-->atixclib.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x00CF0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x00D10000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x038F0000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x03940000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x03980000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x03A90000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x03AD0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x03AB0000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x03B00000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x03B10000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04120000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04130000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04450000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04420000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04490000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04630000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04600000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x045F0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04680000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x047F0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04840000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04A30000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04F20000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04F10000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04F40000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04F50000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x04F80000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x05050000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 28672 bytes 0x01080000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x89D57860 ] PID: 264, 307200 bytes 0x00D50000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x89DE0670 ] PID: 1888, 307200 bytes 0x05D50000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 364544 bytes 0x03C00000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x89D57860 ] PID: 264, 36864 bytes 0x01270000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 36864 bytes 0x03920000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 36864 bytes 0x03950000 Hidden Image-->AEM.Foundation.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 36864 bytes 0x04410000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 36864 bytes 0x04650000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 36864 bytes 0x04740000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 36864 bytes 0x04710000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 36864 bytes 0x047B0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 36864 bytes 0x04820000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 36864 bytes 0x04F30000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 36864 bytes 0x03B30000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x89DE0670 ] PID: 1888, 380928 bytes 0x05750000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 413696 bytes 0x05BF0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 446464 bytes 0x00CA0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x89D57860 ] PID: 264, 45056 bytes 0x00D10000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x89D57860 ] PID: 264, 45056 bytes 0x00CC0000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 45056 bytes 0x00CE0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 45056 bytes 0x00DB0000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 45056 bytes 0x03900000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 45056 bytes 0x04660000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 45056 bytes 0x04690000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 45056 bytes 0x04720000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 45056 bytes 0x047A0000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 45056 bytes 0x05CE0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 454656 bytes 0x05C60000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 487424 bytes 0x05060000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 495616 bytes 0x04E80000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 503808 bytes 0x03BE0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x89D57860 ] PID: 264, 53248 bytes 0x04F00000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 53248 bytes 0x038E0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 53248 bytes 0x038D0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 53248 bytes 0x03910000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 53248 bytes 0x03AA0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 53248 bytes 0x03AF0000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 53248 bytes 0x04640000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 53248 bytes 0x04700000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 53248 bytes 0x04750000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 53248 bytes 0x047E0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 53248 bytes 0x05040000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 53248 bytes 0x054A0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 53248 bytes 0x05DB0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 593920 bytes 0x00D00000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 61440 bytes 0x04090000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 61440 bytes 0x04760000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 61440 bytes 0x04880000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 61440 bytes 0x048E0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 61440 bytes 0x04A20000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 61440 bytes 0x00D20000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x89D57860 ] PID: 264, 69632 bytes 0x00D20000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 69632 bytes 0x047C0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 69632 bytes 0x04860000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 69632 bytes 0x04470000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 77824 bytes 0x04610000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 77824 bytes 0x046E0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 77824 bytes 0x05F20000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 815104 bytes 0x038B0000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 86016 bytes 0x046B0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 86016 bytes 0x048C0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 86016 bytes 0x04F60000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x89DE0670 ] PID: 1888, 86016 bytes !!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
  9. anotheruser
    oh hell, i feel like an idiot, i JUST saw the report tab when i posted that.
  10. anotheruser
    theres no report tab. i see a drivers and stealth tab, but no check boxes for those either.
  11. anotheruser
    no, theres no error message when it shuts down. something is actually triggering the shutdown procedure, as if i click start/shutdown my self. i did get the internet problem sorted out. i just installed a pci ethernet card, rather then continuing to use the onboard ethernet. i havnt checked it on xp yet, but im sending this from a fresh install of win7 (ya, reinstalling win7 from scratch didnt do any good)
  12. anotheruser
    the win7 connection is gone now too.
  13. anotheruser
    going from bad to worse here. i just turned the xp computer back on, and i thought it locked up at the welcome screen. alt tabing showed two things running, the winodws logon, and restoring network connection. once it finally got into the desktop, i have no net connection at all. looking at the network connection it shows i sent 163 packets and received 0 packets in 3 mins, at which point the system restarted its self.
  14. anotheruser
    i dont know if your aware of this, but MS/Digital River offer the win7 iso for download, direct from their own servers. thats where my copy came from. COMBOFIX ComboFix 10-08-21.06 - lance 08/22/2010 11:40:08.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1179 [GMT -4:00] Running from: c:\documents and settings\lance\My Documents\Downloads\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 ))))))))))))))))))))))))))))))) . 2010-08-21 02:13 . 2010-08-21 02:13 -------- d-----w- C:\Boot 2010-08-20 17:15 . 2010-08-20 17:15 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-08-20 17:15 . 2010-08-20 17:17 -------- d-----w- c:\documents and settings\lance\Application Data\DAEMON Tools Lite 2010-08-20 17:14 . 2010-08-20 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-08-20 05:28 . 2010-08-20 05:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2010-08-20 03:20 . 2010-08-20 03:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-08-19 02:56 . 2010-08-19 02:56 -------- d-----w- c:\windows\system32\NtmsData 2010-08-18 02:40 . 2010-08-19 18:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\wrvyssakp 2010-08-16 01:53 . 2010-08-16 01:53 -------- d-----w- c:\documents and settings\lance\Application Data\Office Genuine Advantage 2010-08-16 01:34 . 2010-04-20 06:09 180824 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\dlupd.exe 2010-08-16 01:34 . 2010-04-20 06:09 97112 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\bsetutil.exe 2010-08-16 01:34 . 2010-04-20 06:09 245080 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\migrator.exe 2010-08-16 01:34 . 2010-04-20 06:09 10072 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\imappver.dll 2010-08-16 01:34 . 2010-04-20 06:09 36704 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\postproc.exe 2010-08-16 01:34 . 2010-04-20 06:09 1062232 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\gui.dll 2010-08-16 01:34 . 2010-04-20 06:09 111960 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\AOLSearch.dll 2010-08-16 01:34 . 2010-04-20 06:09 2351472 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\AIMLang.exe 2010-08-16 01:34 . 2010-04-20 06:09 95792 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\AOLFirewallMgr.dll 2010-08-16 01:34 . 2009-12-16 12:07 136528 ------w- c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4506.2.4\AOLSetup.exe 2010-08-08 19:18 . 2010-08-08 19:18 -------- d-----w- c:\program files\CPUID 2010-08-08 19:18 . 2010-07-09 17:18 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys 2010-08-05 21:54 . 2010-08-05 21:54 -------- d-----w- c:\documents and settings\lance\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1 2010-08-05 21:54 . 2010-08-05 21:54 -------- d-----w- c:\program files\Pandora 2010-08-05 21:54 . 2010-08-05 21:53 53632 ----a-w- c:\documents and settings\lance\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-08-05 21:54 . 2010-08-05 21:54 -------- d-----w- c:\program files\Common Files\Adobe AIR . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-22 05:49 . 2008-09-07 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-08-16 01:35 . 2010-08-16 01:35 -------- d-----w- c:\program files\Common Files\Software Update Utility 2010-08-16 01:35 . 2010-08-16 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM 2010-08-16 01:35 . 2010-08-16 01:35 -------- d-----w- c:\program files\AIM 2010-08-16 01:35 . 2009-11-23 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads 2010-08-14 03:11 . 2009-02-02 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-05 21:53 . 2010-08-20 03:19 53632 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-06-30 12:31 . 2001-08-23 12:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-26 14:22 . 2008-11-26 06:17 -------- d-----w- c:\documents and settings\lance\Application Data\LimeWire 2010-06-24 12:15 . 2008-06-24 04:17 832512 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:15 . 2008-06-24 04:29 78336 ------w- c:\windows\system32\ieencode.dll 2010-06-24 12:15 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-06-23 13:44 . 2001-08-23 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2001-08-23 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2001-08-23 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2008-06-24 04:15 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe 2010-06-14 07:41 . 2008-06-24 04:16 1172480 ----a-w- c:\windows\system32\msxml3.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^lance^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\lance\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^lance^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\documents and settings\lance\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM] 2009-02-06 05:00 843776 ----a-w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"= "c:\\Program Files\\AIM\\aim.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/22/2008 12:06 PM 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 55024] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [8/8/2010 3:18 PM 20328] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/24/2008 12:50 AM 24652] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [6/24/2008 2:45 PM 36864] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 10:12 PM 135664] S3 ALSysIO;ALSysIO;\??\c:\docume~1\lance\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\lance\LOCALS~1\Temp\ALSysIO.sys [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 7408] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/20/2010 1:15 PM 691696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-07-18 21:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34] 2010-08-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-07 23:07] 2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 02:12] 2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 02:12] 2010-08-22 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://msn.com/ uInternet Settings,ProxyOverride = *.local IE: Send Image to Photo Library FF - ProfilePath - c:\documents and settings\lance\Application Data\Mozilla\Firefox\Profiles\hpc9de45.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100816013530796&tb_oid=16-08-2010&tb_mrud=16-08-2010 FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - msn.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&q= FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: nglayout.initialpaint.delay - 100 FF - user.js: content.notify.ontimer - true FF - user.js: content.notify.interval - 100000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: network.http.pipelining - true FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.max-connections - 32 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-proxy - 4 FF - user.js: network.http.max-persistent-connections-per-server - 2 FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: browser.sessionstore.resume_from_crash - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-22 11:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\
  15. anotheruser
    GMER (im not sure how much of this is actual rootkit, and how much is false posities from having daemon tools, as i just installed daemon tools 2 nights ago so i could burn my copy of win7) GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-08-22 02:10:28 Windows 5.1.2600 Service Pack 3 Running: zo0zck77.exe; Driver: C:\DOCUME~1\lance\LOCALS~1\Temp\agpiyaod.sys ---- System - GMER 1.0.15 ---- SSDT spvw.sys ZwCreateKey [0xB9EB50E0] SSDT spvw.sys ZwEnumerateKey [0xB9ECDDA4] SSDT spvw.sys ZwEnumerateValueKey [0xB9ECE132] SSDT spvw.sys ZwOpenKey [0xB9EB50C0] SSDT spvw.sys ZwQueryKey [0xB9ECE20A] SSDT spvw.sys ZwQueryValueKey [0xB9ECE08A] SSDT spvw.sys ZwSetValueKey [0xB9ECE29C] INT 0x62 ? 8A417BF8 INT 0x73 ? 8A417BF8 INT 0x82 ? 8A417BF8 INT 0x83 ? 8A09DF00 INT 0x83 ? 8A09DF00 INT 0x83 ? 8A09DF00 INT 0xA4 ? 8A09DF00 INT 0xB4 ? 8A09DF00 INT 0xB4 ? 8A09DF00 INT 0xB4 ? 8A09DF00 ---- Kernel code sections - GMER 1.0.15 ---- ? spvw.sys The system cannot find the file specified. ! .text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB4BAA000, 0x185EB2, 0xE8000020] .text USBPORT.SYS!DllUnload B4B3E8AC 5 Bytes JMP 8A09D4E0 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b9EB6042] spvw.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b9EB613E] spvw.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b9EB60C0] spvw.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b9EB6800] spvw.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b9EB66D6] spvw.sys IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b9EC5B90] spvw.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A4161F8 Device \Driver\usbohci \Device\USBPDO-0 8A09C1F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A3A61F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A3A61F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A3A61F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A3A61F8 Device \Driver\usbohci \Device\USBPDO-1 8A09C1F8 Device \Driver\usbohci \Device\USBPDO-2 8A09C1F8 Device \Driver\usbehci \Device\USBPDO-3 8A0901F8 Device \Driver\usbohci \Device\USBPDO-4 8A09C1F8 Device \Driver\usbohci \Device\USBPDO-5 8A09C1F8 Device \Driver\usbehci \Device\USBPDO-6 8A0901F8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4181F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4181F8 Device \Driver\Cdrom \Device\CdRom0 8A0A0298 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [b9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [b9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [b9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [b9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [b9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [b9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 8970B1F8 Device \Driver\NetBT \Device\NetbiosSmb 8970B1F8 Device \Driver\usbohci \Device\USBFDO-0 8A09C1F8 Device \Driver\usbohci \Device\USBFDO-1 8A09C1F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89E11500 Device \Driver\usbehci \Device\USBFDO-2 8A0901F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89E11500 Device \Driver\usbohci \Device\USBFDO-3 8A09C1F8 Device \Driver\usbohci \Device\USBFDO-4 8A09C1F8 Device \Driver\Ftdisk \Device\FtControl 8A4181F8 Device \Driver\usbehci \Device\USBFDO-5 8A0901F8 Device \Driver\usbohci \Device\USBFDO-6 8A09C1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{15F45687-E031-4062-BEC2-FCF38E5CB617} 8970B1F8 Device \FileSystem\Cdfs \Cdfs 89F01500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x78 0xA2 0xD1 0x9A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0xBB 0xD1 0x64 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0xC6 0xE1 0x31 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x83 0xF1 0x60 0x8B ... ---- EOF - GMER 1.0.15 ----
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.