Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer keeps crashing along with explorer.exe and run32dll.exe


  • This topic is locked This topic is locked
22 replies to this topic

#1 JGagne

JGagne

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 03 July 2009 - 09:57 AM

Hello,

This is my first post, and I'm not too sure what my next step should be...

The problem started yesterday, and I suspect it's related to a virus that was supposedly removed by AVG.

Here's what's going on:
- Windows Explorer crashes every 3 seconds; it restarts, then the message box pops up again
- Right after that message comes up (on startup), my laptop claims run32dll.exe has stopped working
- Other programs seem to be going wonky: I've seen Windows Defender message, Synaptics [I think it's the mouse pad on my laptop],
Windows Task Scheduler, etc.
- I've run AVG scan, 6 threats were found, along with tracking cookies... removed all of it.
- I tried opening HiJack This, but it won't open either.
- No Uninstall option in Remove A Program.

I have no idea what to do next. Everyone always asks for a HiJack This log, but how do I run it if it won't open?

Other things that may help:
- I'm a noob with computers
- I'm running Vista Home Premium
- I'm using an HP Pavillion laptop
- 3 GB Ram
- 220 GB HDD
- I'll give other details if needed and I'll respond quickly :thumbsup:

Please help, and many thanks in advance.

Justin

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:29 PM

Posted 03 July 2009 - 11:32 AM

Let's try this...

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 JGagne

JGagne
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 06 July 2009 - 02:52 PM

Alright, here are the results:

SmitFraudFix v2.423

Scan done at 15:45:59.93, 06/07/2009
Run from C:\Users\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe

hosts


C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\Administrator


C:\Users\ADMINI~1\AppData\Local\Temp


C:\Users\Administrator\Application Data


Start Menu


C:\Users\ADMINI~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]




DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Atheros AR5009 802.11a/g/n WiFi Adapter
DNS Server Search Order: 85.255.112.112
DNS Server Search Order: 85.255.112.212

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CC62308F-1949-4F78-9073-E37D050B8518}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CC62308F-1949-4F78-9073-E37D050B8518}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CC62308F-1949-4F78-9073-E37D050B8518}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CC62308F-1949-4F78-9073-E37D050B8518}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CC62308F-1949-4F78-9073-E37D050B8518}: DhcpNameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CC62308F-1949-4F78-9073-E37D050B8518}: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.112,85.255.112.212
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.112.112,85.255.112.212


Scanning for wininet.dll infection


End

DNS Hijack? That's bad, right? How do I fix?

Thanks.

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:29 PM

Posted 06 July 2009 - 02:59 PM

Part II

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 JGagne

JGagne
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 06 July 2009 - 04:22 PM

Crud, I had already cleaned before you asked me too, and in normal mode :|

Here's the normal mode results:
SmitFraudFix v2.423

Scan done at 16:28:37.80, 06/07/2009
Run from C:\Users\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost
::1 localhost

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


RK


DNS

Description: Atheros AR5009 802.11a/g/n WiFi Adapter
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: DhcpNameServer=192.168.0.1


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!



RK.2



Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End



And the safe mode:
SmitFraudFix v2.423

Scan done at 16:53:02.70, 06/07/2009
Run from C:\Users\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost
::1 localhost

VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


RK


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: NameServer=
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A40A024E-FB74-4234-B4A1-47E581829D22}: DhcpNameServer=192.168.0.1


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!



RK.2



Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

Thanks again for the help, and I hope I didn't screw up the process by cleaning in normal mode.

#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:29 PM

Posted 06 July 2009 - 07:36 PM

Thats ok... The program can run in normal mode, it is just more effective in safe mode.

A couple of scans now...

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Next


Please download ATF Cleaner by Atribune & save it to your desktop.
alternate download link DO NOT use yet.

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the
    definitions before scanning by selecting "Check for Updates". (If you encounter
    any problems while downloading the updates, manually download them from
    here and
    unzip into the program's folder.
    )
  • Under the "Configuration and Preferences", click the Preferences... button.
  • Click the "General and Startup" tab, and under
    Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner
    Options
    , make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose:
    Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp"

ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#7 JGagne

JGagne
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 07 July 2009 - 08:34 AM

K, before I continue, let me make sure I'm doing this right... I already had Malware Bytes, didn't work before, so I reinstalled from the links you posted. Still doesn't work. Even if I run as Administrator, there's a message that always pops up saying the program has stopped working. When I run in normal mode, nothing happens at all. So what's next? Just skip that step? Or is it essential to run that step? Oh, and by the way, I managed to get a HiJack This log if it helps (someone told me to run RSIT, and it worked)... I also have DDS logs. Should I just focus on those, or keep following your steps first?

Thanks a lot, again... You don't realize how happy I'll be if I fix this thing.

PS: In a log (I think from RSIT), it showed recently changed files in the past 30 days... I know my computer started acting up on July 2nd, when I downloaded malicious software. Is it a good idea to look for the created files and delete the ones that don't make sense (from that day)?

PPS: There was a folder created named C:\RECYCLER\ along with the virus, but I can't even find it... Does that make sense? And one more thing: does the fact that I can't burn stuff to a DVD have to do with a virus?

#8 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:29 PM

Posted 07 July 2009 - 08:58 AM

The things you mention do make sense. We cannot work HJT or RSIT logs in this area of the forums. If you would like, we can move you to the HJT forums where they can use the more advanced tools. Jut let me know. Locate MBAM.exe and rename it to winlogon.exe and see if that will allow Malwarebytes to run. Take a look here for more info :Malwarebytes topic Continue with SAS if Malwarebytes still will not run. Thanks!

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#9 JGagne

JGagne
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 07 July 2009 - 09:05 AM

Update: got Malwarebytes working.. Changed name to winlogon.exe... But as with 2 other antivirus programs, the scan freezes as soon as it hits c:\windows\system32\config\software... Is there a way to fix that?

Thanks again.

#10 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:29 PM

Posted 07 July 2009 - 09:35 AM

Try running Malwarebytes in Safe Mode

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#11 JGagne

JGagne
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 07 July 2009 - 09:42 PM

Alright, did both... Sorry, I think I get what's next, but not sure... I just copy and paste the Malware Bytes log in a new reply? That all?

#12 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:29 PM

Posted 07 July 2009 - 10:24 PM

Thats it :thumbsup:

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#13 JGagne

JGagne
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 07 July 2009 - 10:29 PM

Alrighty, here goes:

Malwarebytes' Anti-Malware 1.38
Database version: 2385
Windows 6.0.6001 Service Pack 1

06/07/2009 10:50:42 PM
mbam-log-2009-07-06 (22-50-42).txt

Scan type: Quick Scan
Objects scanned: 94646
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\MSIVXcount (Trojan.Agent) -> Delete on reboot.


In case you gotta know, SUPERAntiSpyware coughed up 55 threats... 41 adwares and 14 Trogan somethings.. system/NS or something. 12 of the trojans in registry, 2 in files.. The 2 files had infiltrated the registry, causing the 12 others, I'm assuming.

Thanks a lot man...

#14 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:10:29 PM

Posted 07 July 2009 - 11:27 PM

Install RootRepeal

Click here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop.
Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.
Click RootRepeal.exe to open the scanner.
Click the Report tab, now click on Scan. A Window will open asking what to include in the scan.
Check the following items:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

Click OK
Scan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report.
Name the log RootRepeal.txt and save it to your Documents folder - (Default folder).
Paste the log into your next reply.

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#15 JGagne

JGagne
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 08 July 2009 - 09:59 AM

Scan completed with these results:


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Time: 2009/07/08 10:30
Program Version: Version 1.3.0.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_ahcix86s.sys
Image Path: C:\Windows\System32\Drivers\dump_ahcix86s.sys
Address: 0xA054A000 Size: 262144 File Visible: No Signed: -
Status: -

Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0xA0540000 Size: 40960 File Visible: No Signed: -
Status: -

Name: MSIVXrmqcijvwxhhvcxwovhisiayxwieqsppy.sys
Image Path: C:\Windows\system32\drivers\MSIVXrmqcijvwxhhvcxwovhisiayxwieqsppy.sys
Address: 0x9F64B000 Size: 180224 File Visible: - Signed: -
Status: Hidden from Windows API!

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xB0DCF000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spvx.sys
Image Path: C:\Windows\System32\Drivers\spvx.sys
Address: 0x80600000 Size: 1052672 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Avenger\MSIVXcount
Status: Invisible to the Windows API!

Path: C:\Windows\System32\MSIVXcount
Status: Invisible to the Windows API!

Path: C:\Windows\System32\MSIVXqxeiuktudskouqxygaadmyfpuchqnpln.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\MSIVXtwqekcuplateiepneomwtxrejgxxysko.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\drivers\MSIVXrmqcijvwxhhvcxwovhisiayxwieqsppy.sys
Status: Invisible to the Windows API!

Path: C:\Windows\System32\drivers\MSIVXviveqpttwqypstjufbmurpwplvxsyekq.sys
Status: Invisible to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.16720_none_04c87b54ba4ac535\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.20883_none_ee0091f8d3ed0a28\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.18111_none_04a3600aba9cd1d6\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.22230_none_edd7d0a6d4424ae9\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.18111_none_75c874a9a137a5f0\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965368d\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-mscorjit_dll_b03f5f7f11d50a3a_6.0.6001.18111_none_bf5d932d312ea83f\$$DeleteMe.mscorjit.dll.01c9f918fe4fc34e.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_33db43850c7307a2\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.22230_none_5efce545badd1f03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.16720_none_62b207ce0c996d96\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.20883_none_4bea1e72263bb289\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.18111_none_628cec840ceb7a37\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.22230_none_4bc15d202690f34a\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1444 Status: Locked to the Windows API!

SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x889d6110

#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x889d01e8

#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x88a6fb18

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "<unknown>" at address 0x88869da0

#: 042 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x889c98e8

#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8941d680

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8ac52282

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8ac52474

#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x89421f60

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x889d2390

#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x889c8b18

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x88a60df0

#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x88a66b30

#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x88a71120

#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x88a70108

#: 165 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x88869d28

#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x88a69360

#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x88a8b108

#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xb0dadc90

#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x88997a00

#: 197 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x89433658

#: 201 Function Name: NtOpenThread
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xb0dadd7e

#: 210 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x89421808

#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x889b9ad0

#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x889d04c8

#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x88a69128

#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x894366b8

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x889bb128

#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x889a04b0

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xa003fdf0

#: 335 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xb0dadec4

#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x889ce248

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x88a65480

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0x894201d8

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8ac5267c

Stealth Objects
-------------------
Object: Hidden Module [Name: MSIVXqxeiuktudskouqxygaadmyfpuchqnpln.dll]
Process: svchost.exe (PID: 804) Address: 0x10000000 Size: 53248

Object: Hidden Module [Name: WinMgmtR.dll]
Process: svchost.exe (PID: 1172) Address: 0x00db0000 Size: 8192

Object: Hidden Module [Name: winlogon.exe]
Process: svchost.exe (PID: 1172) Address: 0x010c0000 Size: 323584

Object: Hidden Module [Name: winlogon.exe]
Process: svchost.exe (PID: 1172) Address: 0x01b00000 Size: 323584

Object: Hidden Module [Name: WinMgmtR.dll]
Process: svchost.exe (PID: 1172) Address: 0x70560000 Size: 8192

Object: Hidden Module [Name: tquery.dll]
Process: svchost.exe (PID: 1172) Address: 0x70e50000 Size: 1589248

Object: Hidden Module [Name: profsvc.dll]
Process: svchost.exe (PID: 1172) Address: 0x72fb0000 Size: 163840

Object: Hidden Module [Name: wevtapi.dll]
Process: svchost.exe (PID: 1172) Address: 0x750a0000 Size: 258048

Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 4456) Address: 0x73ca0000 Size: 20480

Object: Hidden Module [Name: MSIVXtwqekcuplateiepneomwtxrejgxxysko.dll]
Process: firefox.exe (PID: 4516) Address: 0x10000000 Size: 237568

Object: Hidden Code [ETHREAD: 0x85581570]
Process: System Address: 0x8ba104a0 Size: 2912

Object: Hidden Code [ETHREAD: 0x855cb2d8]
Process: System Address: 0x855cb4cc Size: 2776

Object: Hidden Code [ETHREAD: 0x855cc020]
Process: System Address: 0xa6a973f0 Size: 3088

Object: Hidden Code [ETHREAD: 0x855ccd78]
Process: System Address: 0x815d2bf0 Size: 2

Object: Hidden Code [ETHREAD: 0x855ccad0]
Process: System Address: 0xbc380410 Size: 3061

Object: Hidden Code [ETHREAD: 0x855cc2d8]
Process: System Address: 0x8140d290 Size: 3445

Object: Hidden Code [ETHREAD: 0x8901f408]
Process: System Address: 0xf365f530 Size: 2768

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x863931f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System Address: 0x87c831f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x87c831f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System Address: 0x87c831f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System Address: 0x87c831f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x87c831f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87c831f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87c831f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87c831f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System Address: 0x87c831f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x87c831f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System Address: 0x87c831f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_CREATE]
Process: System Address: 0x863831f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_CLOSE]
Process: System Address: 0x863831f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863831f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863831f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_POWER]
Process: System Address: 0x863831f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863831f8 Size: 121

Object: Hidden Code [Driver: LSI_SAS, IRP_MJ_PNP]
Process: System Address: 0x863831f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_CREATE]
Process: System Address: 0x8637b1f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_CLOSE]
Process: System Address: 0x8637b1f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8637b1f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8637b1f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_POWER]
Process: System Address: 0x8637b1f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8637b1f8 Size: 121

Object: Hidden Code [Driver: arc, IRP_MJ_PNP]
Process: System Address: 0x8637b1f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_CREATE]
Process: System Address: 0x863801f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_CLOSE]
Process: System Address: 0x863801f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863801f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863801f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_POWER]
Process: System Address: 0x863801f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863801f8 Size: 121

Object: Hidden Code [Driver: iteatapi, IRP_MJ_PNP]
Process: System Address: 0x863801f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CREATE]
Process: System Address: 0x863711f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CLOSE]
Process: System Address: 0x863711f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863711f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863711f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_POWER]
Process: System Address: 0x863711f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863711f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_PNP]
Process: System Address: 0x863711f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_CREATE]
Process: System Address: 0x863881f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_CLOSE]
Process: System Address: 0x863881f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863881f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863881f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_POWER]
Process: System Address: 0x863881f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863881f8 Size: 121

Object: Hidden Code [Driver: ql2300, IRP_MJ_PNP]
Process: System Address: 0x863881f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_CREATE]
Process: System Address: 0x863841f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_CLOSE]
Process: System Address: 0x863841f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863841f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863841f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_POWER]
Process: System Address: 0x863841f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863841f8 Size: 121

Object: Hidden Code [Driver: megasas, IRP_MJ_PNP]
Process: System Address: 0x863841f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_CREATE]
Process: System Address: 0x863761f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_CLOSE]
Process: System Address: 0x863761f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863761f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863761f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_POWER]
Process: System Address: 0x863761f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863761f8 Size: 121

Object: Hidden Code [Driver: HpCISSs, IRP_MJ_PNP]
Process: System Address: 0x863761f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_CREATE]
Process: System Address: 0x8637c1f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_CLOSE]
Process: System Address: 0x8637c1f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8637c1f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8637c1f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_POWER]
Process: System Address: 0x8637c1f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8637c1f8 Size: 121

Object: Hidden Code [Driver: arcsas, IRP_MJ_PNP]
Process: System Address: 0x8637c1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_CREATE]
Process: System Address: 0x8638a1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_CLOSE]
Process: System Address: 0x8638a1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8638a1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8638a1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_POWER]
Process: System Address: 0x8638a1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8638a1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid2, IRP_MJ_PNP]
Process: System Address: 0x8638a1f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_CREATE]
Process: System Address: 0x863861f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_CLOSE]
Process: System Address: 0x863861f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863861f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863861f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_POWER]
Process: System Address: 0x863861f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863861f8 Size: 121

Object: Hidden Code [Driver: Mraid35x, IRP_MJ_PNP]
Process: System Address: 0x863861f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_CREATE]
Process: System Address: 0x8637a1f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_CLOSE]
Process: System Address: 0x8637a1f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8637a1f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8637a1f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_POWER]
Process: System Address: 0x8637a1f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8637a1f8 Size: 121

Object: Hidden Code [Driver: adpu320, IRP_MJ_PNP]
Process: System Address: 0x8637a1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x863721f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x863721f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863721f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863721f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x863721f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863721f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x863721f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_CREATE]
Process: System Address: 0x8638b1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_CLOSE]
Process: System Address: 0x8638b1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8638b1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8638b1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_POWER]
Process: System Address: 0x8638b1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8638b1f8 Size: 121

Object: Hidden Code [Driver: SiSRaid4, IRP_MJ_PNP]
Process: System Address: 0x8638b1f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_CREATE]
Process: System Address: 0x863781f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_CLOSE]
Process: System Address: 0x863781f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863781f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863781f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_POWER]
Process: System Address: 0x863781f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863781f8 Size: 121

Object: Hidden Code [Driver: adpahci, IRP_MJ_PNP]
Process: System Address: 0x863781f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_CREATE]
Process: System Address: 0x8637f1f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_CLOSE]
Process: System Address: 0x8637f1f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8637f1f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8637f1f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_POWER]
Process: System Address: 0x8637f1f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8637f1f8 Size: 121

Object: Hidden Code [Driver: iirsp, IRP_MJ_PNP]
Process: System Address: 0x8637f1f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_CREATE]
Process: System Address: 0x863891f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_CLOSE]
Process: System Address: 0x863891f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863891f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863891f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_POWER]
Process: System Address: 0x863891f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863891f8 Size: 121

Object: Hidden Code [Driver: ql40xx, IRP_MJ_PNP]
Process: System Address: 0x863891f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_CREATE]
Process: System Address: 0x8638f1f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_CLOSE]
Process: System Address: 0x8638f1f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8638f1f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8638f1f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_POWER]
Process: System Address: 0x8638f1f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8638f1f8 Size: 121

Object: Hidden Code [Driver: uliahci, IRP_MJ_PNP]
Process: System Address: 0x8638f1f8 Size: 121

Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_CREATE]
Process: System Address: 0x87c161f8 Size: 121

Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_CLOSE]
Process: System Address: 0x87c161f8 Size: 121

Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87c161f8 Size: 121

Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87c161f8 Size: 121

Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_POWER]
Process: System Address: 0x87c161f8 Size: 121

Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x87c161f8 Size: 121

Object: Hidden Code [Driver: usbohci捩Ђ䑎䵃, IRP_MJ_PNP]
Process: System Address: 0x87c161f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_CREATE]
Process: System Address: 0x8638c1f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_CLOSE]
Process: System Address: 0x8638c1f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8638c1f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8638c1f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_POWER]
Process: System Address: 0x8638c1f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8638c1f8 Size: 121

Object: Hidden Code [Driver: Symc8xx, IRP_MJ_PNP]
Process: System Address: 0x8638c1f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_CREATE]
Process: System Address: 0x863871f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_CLOSE]
Process: System Address: 0x863871f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863871f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863871f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_POWER]
Process: System Address: 0x863871f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863871f8 Size: 121

Object: Hidden Code [Driver: nfrd960, IRP_MJ_PNP]
Process: System Address: 0x863871f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_CREATE]
Process: System Address: 0x863821f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_CLOSE]
Process: System Address: 0x863821f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863821f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863821f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_POWER]
Process: System Address: 0x863821f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863821f8 Size: 121

Object: Hidden Code [Driver: LSI_FC, IRP_MJ_PNP]
Process: System Address: 0x863821f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CREATE]
Process: System Address: 0x863791f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CLOSE]
Process: System Address: 0x863791f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863791f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863791f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_POWER]
Process: System Address: 0x863791f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863791f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_PNP]
Process: System Address: 0x863791f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_CREATE]
Process: System Address: 0x8638e1f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_CLOSE]
Process: System Address: 0x8638e1f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8638e1f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8638e1f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_POWER]
Process: System Address: 0x8638e1f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8638e1f8 Size: 121

Object: Hidden Code [Driver: Sym_u3, IRP_MJ_PNP]
Process: System Address: 0x8638e1f8 Size: 121

Object: Hidden Code [Driver: Smb前Ї䅓䵃ꊼ齱훴袆훴袆, IRP_MJ_CREATE]
Process: System Address: 0x889471f8 Size: 121

Object: Hidden Code [Driver: Smb前Ї䅓䵃ꊼ齱훴袆훴袆, IRP_MJ_CLOSE]
Process: System Address: 0x889471f8 Size: 121

Object: Hidden Code [Driver: Smb前Ї䅓䵃ꊼ齱훴袆훴袆, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x889471f8 Size: 121

Object: Hidden Code [Driver: Smb前Ї䅓䵃ꊼ齱훴袆훴袆, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x889471f8 Size: 121

Object: Hidden Code [Driver: Smb前Ї䅓䵃ꊼ齱훴袆훴袆, IRP_MJ_CLEANUP]
Process: System Address: 0x889471f8 Size: 121

Object: Hidden Code [Driver: Smb前Ї䅓䵃ꊼ齱훴袆훴袆, IRP_MJ_PNP]
Process: System Address: 0x889471f8 Size: 121

Object: Hidden Code [Driver: netbt衶, IRP_MJ_CREATE]
Process: System Address: 0x889cf500 Size: 121

Object: Hidden Code [Driver: netbt衶, IRP_MJ_CLOSE]
Process: System Address: 0x889cf500 Size: 121

Object: Hidden Code [Driver: netbt衶, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x889cf500 Size: 121

Object: Hidden Code [Driver: netbt衶, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x889cf500 Size: 121

Object: Hidden Code [Driver: netbt衶, IRP_MJ_CLEANUP]
Process: System Address: 0x889cf500 Size: 121

Object: Hidden Code [Driver: netbt衶, IRP_MJ_PNP]
Process: System Address: 0x889cf500 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_CREATE]
Process: System Address: 0x863901f8 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_CLOSE]
Process: System Address: 0x863901f8 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863901f8 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863901f8 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_POWER]
Process: System Address: 0x863901f8 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863901f8 Size: 121

Object: Hidden Code [Driver: UlSata, IRP_MJ_PNP]
Process: System Address: 0x863901f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_CREATE]
Process: System Address: 0x87d56500 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_CLOSE]
Process: System Address: 0x87d56500 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87d56500 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87d56500 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_POWER]
Process: System Address: 0x87d56500 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x87d56500 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄㞀讦�赫, IRP_MJ_PNP]
Process: System Address: 0x87d56500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x87c141f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x87c141f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87c141f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87c141f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x87c141f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x87c141f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x87c141f8 Size: 121

Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_CREATE]
Process: System Address: 0x87d012e0 Size: 121

Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_CLOSE]
Process: System Address: 0x87d012e0 Size: 121

Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87d012e0 Size: 121

Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87d012e0 Size: 121

Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_POWER]
Process: System Address: 0x87d012e0 Size: 121

Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x87d012e0 Size: 121

Object: Hidden Code [Driver: ack51btzЈ瑎牦ᶰ蟁宨螿, IRP_MJ_PNP]
Process: System Address: 0x87d012e0 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_CREATE]
Process: System Address: 0x863811f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_CLOSE]
Process: System Address: 0x863811f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863811f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863811f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_POWER]
Process: System Address: 0x863811f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863811f8 Size: 121

Object: Hidden Code [Driver: iteraid, IRP_MJ_PNP]
Process: System Address: 0x863811f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x8636f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x8636f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x8636f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8636f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8636f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8636f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8636f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x8636f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x8636f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8636f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x8636f1f8 Size: 12Hidden Services
-------------------
Service Name: MSIVXserv.sys
Image Path: C:\Windows\system32\drivers\MSIVXrmqcijvwxhhvcxwovhisiayxwieqsppy.sys

==EOF==




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users