Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Forced shut down during Safe Mode


  • Please log in to reply
11 replies to this topic

#1 Cherubim

Cherubim

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 29 August 2009 - 09:05 AM

Hello! I'm new to the site, but I hope my problems would get resolved somehow. :flowers: Thank you in advance for those who'll be helping me.

Okay to start off, some specific descriptions of my computer. I use a laptop with Windows XP SP2 and I use Avira AntiVir Desktop as my main Anti-virus software. I use the free version of Malwarebytes Antimalware as an external scanner / alternative. Then I use Spybot Search and Destroy as my Anti-spyware software and Windows Defender as an alternative.

I think my problem (though I'm not sure) is somehow related to what I've been experiencing the past month, which I've posted at TechSupportForums but received no reply from. Although I think the problem is more serious now, after experiencing forced shut downs during a scan in safe mode.

The problem: Recently the laptop has been acting weird, lagging for about 3-5 minutes every 8-10 minutes in continuous intervals. At first I thought it was the typical problem where I just need to free up some space or uninstall some unused programs. However, even though I've tried freeing up space, defragging the computer, and other methods used to maintain an XP OS running smoothly, the performance never really improved. So I did not mind not getting an answer from the security section of TechSupport because It probably might have been only a simple problem not related to any security issues. However, since the last time I've done a scan, I tried it just today in safe mode. AntiVir starts smoothly but even before the registry scan finishes, the laptop blacks out. I've tried to redo this operation 5 times, still no good. So I've tried searching for the same problems in the Internet but found nothing useful for the moment. The lagging is becoming worse and I can't seem to do my work smoothly anymore. If you could help me I'd really appreciate it, I think the performance problem I've been experiencing the past months had just turned into a security problem. :thumbsup:

If there are any more descriptions or information I could still provide to help in solving the problem please just tell me. :trumpet: Thanks again.

BC AdBot (Login to Remove)

 


#2 neomage

neomage

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:33 AM

Posted 29 August 2009 - 10:32 AM

Hello, Cherubim :thumbsup:
Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.



:trumpet: We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
:flowers: Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

In your next reply, please include the following:
  • RootRepeal.txt
  • MBAM log

Regards,
neomage

#3 Cherubim

Cherubim
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 29 August 2009 - 11:46 AM

Thanks neomage. Here are the requested information :thumbsup:

RootRepeal
ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/08/30 00:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA949B000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADD4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP6686
Image Path: \Driver\PCI_PNP6686
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA80A4000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spub.sys
Image Path: spub.sys
Address: 0xBA6A7000 Size: 1048576 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\HIBERFIL.SYS
Status: Locked to the Windows API!

Path: C:\RootRepeal report 08-30-09 (00-13-00).txt
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Temp\TMP0000005E0A616AEF8A97DF5D
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\MBAMGUI.EXE-0B28CE92.pf
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\All Users\Application Data\COMODO\Firewall Pro\cfplogdb.sdb-journal
Status: Invisible to the Windows API!

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9853f68

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9853472

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9853b0c

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xbaed4d5e

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9853150

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa98551f0

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa98554c8

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xbaed4d54

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xbaed4d63

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xbaed4d6d

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9852a78

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spub.sys" at address 0xba6c6ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spub.sys" at address 0xba6c7030

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9854e72

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xbaed4d72

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa98536f6

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9853d50

#: 119 Function Name: NtOpenKey
Status: Hooked by "spub.sys" at address 0xba6a80c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xbaed4d40

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9853986

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xbaed4d45

#: 160 Function Name: NtQueryKey
Status: Hooked by "spub.sys" at address 0xba6c7108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spub.sys" at address 0xba6c6f88

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa98548aa

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xbaed4d7c

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa985326e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xbaed4d77

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9854c0e

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9855020

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xbaed4d68

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9853690

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa985387a

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xbaed4d4f

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9852ee8

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_CREATE]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_CLOSE]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_READ]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_WRITE]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_SET_EA]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_CLEANUP]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Ntfsȅ, IRP_MJ_PNP]
Process: System Address: 0x8a0311f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x8ba331f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CREATE]
Process: System Address: 0x8ba421f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CLOSE]
Process: System Address: 0x8ba421f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba421f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba421f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_POWER]
Process: System Address: 0x8ba421f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba421f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_PNP]
Process: System Address: 0x8ba421f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_CREATE]
Process: System Address: 0x8b9c51f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_CLOSE]
Process: System Address: 0x8b9c51f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9c51f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9c51f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_POWER]
Process: System Address: 0x8b9c51f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9c51f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_PNP]
Process: System Address: 0x8b9c51f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_CREATE]
Process: System Address: 0x8ba361f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_CLOSE]
Process: System Address: 0x8ba361f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba361f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba361f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_POWER]
Process: System Address: 0x8ba361f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba361f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_PNP]
Process: System Address: 0x8ba361f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_CREATE]
Process: System Address: 0x8ba3f1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_CLOSE]
Process: System Address: 0x8ba3f1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba3f1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba3f1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_POWER]
Process: System Address: 0x8ba3f1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba3f1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_PNP]
Process: System Address: 0x8ba3f1f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_CREATE]
Process: System Address: 0x8ba411f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_CLOSE]
Process: System Address: 0x8ba411f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba411f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba411f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_POWER]
Process: System Address: 0x8ba411f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba411f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_PNP]
Process: System Address: 0x8ba411f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_CREATE]
Process: System Address: 0x8b9c61f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_CLOSE]
Process: System Address: 0x8b9c61f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9c61f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9c61f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_POWER]
Process: System Address: 0x8b9c61f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9c61f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_PNP]
Process: System Address: 0x8b9c61f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CREATE]
Process: System Address: 0x8b9c91f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CLOSE]
Process: System Address: 0x8b9c91f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9c91f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9c91f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_POWER]
Process: System Address: 0x8b9c91f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9c91f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_PNP]
Process: System Address: 0x8b9c91f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8ba451f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8ba451f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba451f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba451f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8ba451f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba451f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8ba451f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8b54a1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8b54a1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8b54a1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8b54a1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b54a1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b54a1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8b54a1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8b54a1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b54a1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8b54a1f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CREATE]
Process: System Address: 0x8ba401f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CLOSE]
Process: System Address: 0x8ba401f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba401f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba401f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_POWER]
Process: System Address: 0x8ba401f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba401f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_PNP]
Process: System Address: 0x8ba401f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CREATE]
Process: System Address: 0x8ba3b1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CLOSE]
Process: System Address: 0x8ba3b1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba3b1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba3b1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_POWER]
Process: System Address: 0x8ba3b1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba3b1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_PNP]
Process: System Address: 0x8ba3b1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CREATE]
Process: System Address: 0x8b9cb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CLOSE]
Process: System Address: 0x8b9cb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9cb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9cb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_POWER]
Process: System Address: 0x8b9cb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9cb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_PNP]
Process: System Address: 0x8b9cb1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8b5c2500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8b5c2500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b5c2500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b5c2500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8b5c2500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b5c2500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8b5c2500 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_CREATE]
Process: System Address: 0x8b9c81f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_CLOSE]
Process: System Address: 0x8b9c81f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9c81f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9c81f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_POWER]
Process: System Address: 0x8b9c81f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9c81f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_PNP]
Process: System Address: 0x8b9c81f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CREATE]
Process: System Address: 0x8b9d01f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CLOSE]
Process: System Address: 0x8b9d01f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9d01f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9d01f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_POWER]
Process: System Address: 0x8b9d01f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9d01f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_PNP]
Process: System Address: 0x8b9d01f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CREATE]
Process: System Address: 0x8ba3e1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CLOSE]
Process: System Address: 0x8ba3e1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba3e1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba3e1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_POWER]
Process: System Address: 0x8ba3e1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba3e1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_PNP]
Process: System Address: 0x8ba3e1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8ba461f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8ba461f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8ba461f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ba461f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba461f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba461f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ba461f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8ba461f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8ba461f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba461f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8ba461f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CREATE]
Process: System Address: 0x8ba3a1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CLOSE]
Process: System Address: 0x8ba3a1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba3a1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba3a1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_POWER]
Process: System Address: 0x8ba3a1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba3a1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_PNP]
Process: System Address: 0x8ba3a1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CREATE]
Process: System Address: 0x8b9ca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CLOSE]
Process: System Address: 0x8b9ca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9ca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9ca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_POWER]
Process: System Address: 0x8b9ca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9ca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_PNP]
Process: System Address: 0x8b9ca1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CREATE]
Process: System Address: 0x8ba3c1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CLOSE]
Process: System Address: 0x8ba3c1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba3c1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba3c1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_POWER]
Process: System Address: 0x8ba3c1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba3c1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_PNP]
Process: System Address: 0x8ba3c1f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_CREATE]
Process: System Address: 0x8ba391f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_CLOSE]
Process: System Address: 0x8ba391f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba391f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba391f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_POWER]
Process: System Address: 0x8ba391f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba391f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_PNP]
Process: System Address: 0x8ba391f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_CREATE]
Process: System Address: 0x8b9d11f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_CLOSE]
Process: System Address: 0x8b9d11f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9d11f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9d11f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_POWER]
Process: System Address: 0x8b9d11f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9d11f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_PNP]
Process: System Address: 0x8b9d11f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_CREATE]
Process: System Address: 0x8b9c41f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_CLOSE]
Process: System Address: 0x8b9c41f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9c41f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9c41f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_POWER]
Process: System Address: 0x8b9c41f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9c41f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_PNP]
Process: System Address: 0x8b9c41f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_CREATE]
Process: System Address: 0x8ba381f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_CLOSE]
Process: System Address: 0x8ba381f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba381f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba381f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_POWER]
Process: System Address: 0x8ba381f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba381f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_PNP]
Process: System Address: 0x8ba381f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8b733500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8b733500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b733500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b733500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8b733500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8b733500 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CREATE]
Process: System Address: 0x8ba431f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CLOSE]
Process: System Address: 0x8ba431f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba431f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba431f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_POWER]
Process: System Address: 0x8ba431f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba431f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_PNP]
Process: System Address: 0x8ba431f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_CREATE]
Process: System Address: 0x8b9cf1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_CLOSE]
Process: System Address: 0x8b9cf1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9cf1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9cf1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_POWER]
Process: System Address: 0x8b9cf1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9cf1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_PNP]
Process: System Address: 0x8b9cf1f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_CREATE]
Process: System Address: 0x8ba351f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_CLOSE]
Process: System Address: 0x8ba351f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba351f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba351f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_POWER]
Process: System Address: 0x8ba351f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba351f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_PNP]
Process: System Address: 0x8ba351f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_CREATE]
Process: System Address: 0x8ba441f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_CLOSE]
Process: System Address: 0x8ba441f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba441f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba441f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_POWER]
Process: System Address: 0x8ba441f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba441f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_PNP]
Process: System Address: 0x8ba441f8 Size: 121

Object: Hidden Code [Driver: ql1240, IRP_MJ_CREATE]
Process: System Address: 0x8b9cc1f8 Size: 121

Object: Hidden Code [Driver: ql1240, IRP_MJ_CLOSE]
Process: System Address: 0x8b9cc1f8 Size: 121

Object: Hidden Code [Driver: ql1240, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9cc1f8 Size: 121

Object: Hidden Code [Driver: ql1240, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9cc1f8 Size: 121

Object: Hidden Code [Driver: ql1240, IRP_MJ_POWER]
Process: System Address: 0x8b9cc1f8 Size: 121

Object: Hidden Code [Driver: ql1240, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9cc1f8 Size: 121

Object: Hidden Code [Driver: ql1240, IRP_MJ_PNP]
Process: System Address: 0x8b9cc1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8b5c9500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8b5c9500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b5c9500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b5c9500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8b5c9500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b5c9500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8b5c9500 Size: 121

Object: Hidden Code [Driver: sym_hi, IRP_MJ_CREATE]
Process: System Address: 0x8ba3d1f8 Size: 121

Object: Hidden Code [Driver: sym_hi, IRP_MJ_CLOSE]
Process: System Address: 0x8ba3d1f8 Size: 121

Object: Hidden Code [Driver: sym_hi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba3d1f8 Size: 121

Object: Hidden Code [Driver: sym_hi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba3d1f8 Size: 121

Object: Hidden Code [Driver: sym_hi, IRP_MJ_POWER]
Process: System Address: 0x8ba3d1f8 Size: 121

Object: Hidden Code [Driver: sym_hi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba3d1f8 Size: 121

Object: Hidden Code [Driver: sym_hi, IRP_MJ_PNP]
Process: System Address: 0x8ba3d1f8 Size: 121

Object: Hidden Code [Driver: Aha154x, IRP_MJ_CREATE]
Process: System Address: 0x8b9d21f8 Size: 121

Object: Hidden Code [Driver: Aha154x, IRP_MJ_CLOSE]
Process: System Address: 0x8b9d21f8 Size: 121

Object: Hidden Code [Driver: Aha154x, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9d21f8 Size: 121

Object: Hidden Code [Driver: Aha154x, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9d21f8 Size: 121

Object: Hidden Code [Driver: Aha154x, IRP_MJ_POWER]
Process: System Address: 0x8b9d21f8 Size: 121

Object: Hidden Code [Driver: Aha154x, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9d21f8 Size: 121

Object: Hidden Code [Driver: Aha154x, IRP_MJ_PNP]
Process: System Address: 0x8b9d21f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_CREATE]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_CLOSE]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_READ]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_WRITE]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_QUERY_EA]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_SET_EA]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_CLEANUP]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_POWER]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: perc2hib, IRP_MJ_PNP]
Process: System Address: 0x8ba371f8 Size: 121

Object: Hidden Code [Driver: i2omp, IRP_MJ_CREATE]
Process: System Address: 0x8b9cd1f8 Size: 121

Object: Hidden Code [Driver: i2omp, IRP_MJ_CLOSE]
Process: System Address: 0x8b9cd1f8 Size: 121

Object: Hidden Code [Driver: i2omp, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9cd1f8 Size: 121

Object: Hidden Code [Driver: i2omp, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9cd1f8 Size: 121

Object: Hidden Code [Driver: i2omp, IRP_MJ_POWER]
Process: System Address: 0x8b9cd1f8 Size: 121

Object: Hidden Code [Driver: i2omp, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9cd1f8 Size: 121

Object: Hidden Code [Driver: i2omp, IRP_MJ_PNP]
Process: System Address: 0x8b9cd1f8 Size: 121

Object: Hidden Code [Driver: dpti2o, IRP_MJ_CREATE]
Process: System Address: 0x8b9c71f8 Size: 121

Object: Hidden Code [Driver: dpti2o, IRP_MJ_CLOSE]
Process: System Address: 0x8b9c71f8 Size: 121

Object: Hidden Code [Driver: dpti2o, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9c71f8 Size: 121

Object: Hidden Code [Driver: dpti2o, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9c71f8 Size: 121

Object: Hidden Code [Driver: dpti2o, IRP_MJ_POWER]
Process: System Address: 0x8b9c71f8 Size: 121

Object: Hidden Code [Driver: dpti2o, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9c71f8 Size: 121

Object: Hidden Code [Driver: dpti2o, IRP_MJ_PNP]
Process: System Address: 0x8b9c71f8 Size: 121

Object: Hidden Code [Driver: asc3550, IRP_MJ_CREATE]
Process: System Address: 0x8b9ce1f8 Size: 121

Object: Hidden Code [Driver: asc3550, IRP_MJ_CLOSE]
Process: System Address: 0x8b9ce1f8 Size: 121

Object: Hidden Code [Driver: asc3550, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9ce1f8 Size: 121

Object: Hidden Code [Driver: asc3550, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9ce1f8 Size: 121

Object: Hidden Code [Driver: asc3550, IRP_MJ_POWER]
Process: System Address: 0x8b9ce1f8 Size: 121

Object: Hidden Code [Driver: asc3550, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9ce1f8 Size: 121

Object: Hidden Code [Driver: asc3550, IRP_MJ_PNP]
Process: System Address: 0x8b9ce1f8 Size: 121

Object: Hidden Code [Driver: Cpqarray, IRP_MJ_CREATE]
Process: System Address: 0x8b9d31f8 Size: 121

Object: Hidden Code [Driver: Cpqarray, IRP_MJ_CLOSE]
Process: System Address: 0x8b9d31f8 Size: 121

Object: Hidden Code [Driver: Cpqarray, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b9d31f8 Size: 121

Object: Hidden Code [Driver: Cpqarray, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b9d31f8 Size: 121

Object: Hidden Code [Driver: Cpqarray, IRP_MJ_POWER]
Process: System Address: 0x8b9d31f8 Size: 121

Object: Hidden Code [Driver: Cpqarray, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b9d31f8 Size: 121

Object: Hidden Code [Driver: Cpqarray, IRP_MJ_PNP]
Process: System Address: 0x8b9d31f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8b73d1f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_CREATE]
Process: System Address: 0x8b8511f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_CLOSE]
Process: System Address: 0x8b8511f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_READ]
Process: System Address: 0x8b8511f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8b8511f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8b8511f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8b8511f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8b8511f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8b8511f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8b8511f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8b8511f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8b8511f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_CLEANUP]
Process: System Address: 0x8b8511f8 Size: 121

Object: Hidden Code [Driver: avgi, IRP_MJ_PNP]
Process: System Address: 0x8b8511f8 Size: 121

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa98572a4

#: 122 Function Name: NtGdiDeleteObjectApp
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa98579c8

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa98573d8

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9857888

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9857518

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa985764c

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9857124

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9856376

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9856df4

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9857786

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9856b62

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9856ca4

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9856846

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa98560ae

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa98564f8

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa98566a4

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9856f44

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9856a08

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa985703a

#: 529 Function Name: NtUserSetParent
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa985621e

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9857a2e

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa9857c62

==EOF==

Malwarebytes Antimalware Log

Malwarebytes' Anti-Malware 1.40
Database version: 2712
Windows 5.1.2600 Service Pack 2

8/30/2009 12:35:57 AM
mbam-log-2009-08-30 (00-35-57).txt

Scan type: Quick Scan
Objects scanned: 92026
Time elapsed: 17 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank you.

Edited by Cherubim, 29 August 2009 - 11:47 AM.


#4 neomage

neomage

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:33 AM

Posted 29 August 2009 - 11:57 AM

Hello,

Logs seems clean. Any reason you haven't updated to SP3? Does your antivirus detect anything?

#5 Cherubim

Cherubim
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 30 August 2009 - 06:22 AM

I haven't updated to SP3 because I don't know what would happen if I did. And I don't need the update that much anyway, I think it might just add more stress to the computer's system performance. For now I haven't done a full system scan with AntiVir. Yesterday I tried scanning using safe mode so the scan would go faster (normal scan when windows is normally started might take more than 3-4hrs due to the worsening performance) but the laptop automatically shuts down (the screen just blacks out) during every scan. :thumbsup:

#6 neomage

neomage

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:33 AM

Posted 30 August 2009 - 09:43 AM

Do you have your windows XP installation CD? Also run chkdsk on your drives: http://www.updatexp.com/windows-xp-chkdsk.html

#7 Cherubim

Cherubim
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 30 August 2009 - 10:04 AM

I don't have the XP installation CD for a Home Edition (which I use in this laptop). But can an XP Professional installation CD be used?

I'll try to run checkdisk and give a reply immediately. :thumbsup:

#8 Cherubim

Cherubim
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 31 August 2009 - 03:15 AM

There weren't any significant errors found on the disk after disk check.

#9 neomage

neomage

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:33 AM

Posted 31 August 2009 - 09:35 AM

You should try to upgrade to SP3 and see if solves your problem. Up till now from all the logs you pasted it doesn't seem like a malware problem.

#10 Cherubim

Cherubim
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 02 September 2009 - 09:23 AM

Sorry I haven't replied immediately. Recently I tried uninstalling some programs to help speed up the scanning process. I tried turning off system restore in one of the process when suddenly Avira pops up with two trojans which infected the System Volume Information. I tried scanning again using safe mode but still, even before the laptop could boot in safe mode, it automatically shuts down. :thumbsup: I'll try installing SP3 and reply again. :flowers:

#11 neomage

neomage

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:33 AM

Posted 04 September 2009 - 09:51 PM

Let me know how SP3 installation goes.

#12 Cherubim

Cherubim
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:33 AM

Posted 16 December 2009 - 01:21 PM

Hi, I'm sorry it's been a LONG time. I've installed SP3 and the performance seems to be okay. I guess I should mark this thread as solved. :thumbsup: Thank you so much for the help. I'm also able to scan using AntiVir again. I'm not really sure what was the problem behind it shutting down suddenly. Thank you and advance merry christmas!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users