Nasty Virus [Archive] - Safer-Networking Forums

View Full Version : Nasty Virus

duneglow

2009-08-08, 04:03

Hi

Something is going on with my computer after surfing the web. I'm getting nasty popups and all of my antimalware software including spybot are disabled. I cant even run "highjackthis"
when I try to run "SUPERAntiSpyware" and spybot i get this message:

"Windows cannot accessthe specified devise,path, or file. You may not have the appropriate permissions to access the item."

I tried to run runalyz-1.6.1.24.exe and it wont wont run either so I ran Sysprot and this is the Log:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\smss.exe
PID: 428
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\csrss.exe
PID: 556
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\wininit.exe
PID: 604
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\csrss.exe
PID: 616
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\services.exe
PID: 652
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\lsass.exe
PID: 664
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\lsm.exe
PID: 676
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\winlogon.exe
PID: 700
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 880
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 952
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 996
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1088
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1184
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1220
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\audiodg.exe
PID: 1288
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SLsvc.exe
PID: 1344
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1424
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1548
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\spoolsv.exe
PID: 1772
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1796
Hidden: No
Window Visible: No

Name: C:\xampp\apache\bin\apache.exe
PID: 376
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 544
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\ASTSRV.EXE
PID: 596
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PID: 888
Hidden: No
Window Visible: No

Name: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
PID: 1216
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1416
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 1268
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Update\GoogleUpdate.exe
PID: 2056
Hidden: No
Window Visible: No

Name: C:\xampp\mysql\bin\mysqld-nt.exe
PID: 2076
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PID: 2124
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 2156
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 2236
Hidden: No
Window Visible: No

Name: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PID: 2348
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 2396
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 2464
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SearchIndexer.exe
PID: 2588
Hidden: No
Window Visible: No

Name: C:\xampp\apache\bin\apache.exe
PID: 2628
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\drivers\XAudio.exe
PID: 2640
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\WUDFHost.exe
PID: 2752
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\taskeng.exe
PID: 3872
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\taskeng.exe
PID: 2104
Hidden: No
Window Visible: No

Name: C:\Program Files\Winamp Remote\bin\OrbTray.exe
PID: 4148
Hidden: No
Window Visible: No

Name: C:\WINDOWS\msa.exe
PID: 4196
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 4260
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\dwm.exe
PID: 4316
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MSASCui.exe
PID: 4628
Hidden: No
Window Visible: No

Name: C:\hp\support\hpsysdrv.exe
PID: 4664
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PID: 4700
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RtHDVCpl.exe
PID: 4708
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 4716
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\rundll32.exe
PID: 4780
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\Wm24Pan.exe
PID: 4792
Hidden: No
Window Visible: No

Name: C:\Program Files\WinZip E-Mail Companion\loadwzco.exe
PID: 4800
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PID: 4808
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 4856
Hidden: No
Window Visible: No

Name: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
PID: 4868
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 4908
Hidden: No
Window Visible: No

Name: C:\Program Files\Winamp Remote\bin\Orb.exe
PID: 5068
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 5088
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\mobsync.exe
PID: 5152
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\wbem\unsecapp.exe
PID: 5188
Hidden: No
Window Visible: No

Name: C:\Program Files\Skype\Phone\Skype.exe
PID: 5252
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PID: 5304
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 5436
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe
PID: 5492
Hidden: No
Window Visible: No

Name: C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
PID: 5944
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\wuauclt.exe
PID: 6136
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\rundll32.exe
PID: 4916
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 6240
Hidden: No
Window Visible: No

Name: C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PID: 6332
Hidden: No
Window Visible: No

Name: C:\hp\KBD\kbd.exe
PID: 7084
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 492
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunes.exe
PID: 7832
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
PID: 1708
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
PID: 7292
Hidden: No
Window Visible: No

Name: C:\Users\duneglow\AppData\Local\Temp\b.exe
PID: 4236
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\ctfmon.exe
PID: 6960
Hidden: No
Window Visible: No

Name: C:\32788R22FWJFW\swxcacls.cfexe
PID: 10104
Hidden: No
Window Visible: No

Name: C:\32788R22FWJFW\gsar.cfexe
PID: 7864
Hidden: No
Window Visible: No

Name: C:\32788R22FWJFW\NirCmd.cfexe
PID: 7652
Hidden: No
Window Visible: No

Name: C:\32788R22FWJFW\swxcacls.cfexe
PID: 8916
Hidden: No
Window Visible: No

Name: C:\32788R22FWJFW\gsar.cfexe
PID: 9248
Hidden: No
Window Visible: No

Name: C:\32788R22FWJFW\NirCmd.cfexe
PID: 8664
Hidden: No
Window Visible: No

Name: C:\Users\duneglow\Desktop\SysProt\SysProt\SysProt.exe
PID: 4696
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\System32\SearchProtocolHost.exe
PID: 4048
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SearchFilterHost.exe
PID: 5484
Hidden: No
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \systemroot\system32\drivers\SKYNETfswbtajb.sys
Service Name: SKYNEToevbakqn
Module Base: ---
Module End: ---
Hidden: Yes

Module Name: \??\C:\Users\duneglow\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A05B3000
Module End: A05BE000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 82C00000
Module End: 82FA1000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 82FA1000
Module End: 82FD5000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 802C6000
Module End: 802CE000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 802BD000
Module End: 802C6000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 802B5000
Module End: 802BD000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8027A000
Module End: 802B5000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 8051F000
Module End: 80600000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 804A4000
Module End: 8051F000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 8026D000
Module End: 8027A000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\spxs.sys
Service Name: ---
Module Base: 80703000
Module End: 80800000
Hidden: Yes

Module Name: C:\Windows\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: 80264000
Module End: 8026D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\SCSIPORT.SYS
Service Name: ---
Module Base: 8023E000
Module End: 80264000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 80461000
Module End: 804A4000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 80236000
Module End: 8023E000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 80227000
Module End: 80236000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 80202000
Module End: 80227000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 80451000
Module End: 80461000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 8044A000
Module End: 80451000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 8043C000
Module End: 8044A000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 806B9000
Module End: 80703000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 80434000
Module End: 8043C000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 80416000
Module End: 80434000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 80688000
Module End: 806B9000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 80406000
Module End: 80416000
Hidden: No

Module Name: C:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 8067F000
Module End: 80688000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 82AFC000
Module End: 82C00000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 8061B000
Module End: 80654000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 880F8000
Module End: 88200000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 82A92000
Module End: 82AFC000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 82A5C000
Module End: 82A92000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 80613000
Module End: 8061B000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 80604000
Module End: 80613000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 82A4D000
Module End: 82A5C000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 82A28000
Module End: 82A4D000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 82A17000
Module End: 82A28000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 880D7000
Module End: 880F8000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 82A0E000
Module End: 82A17000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 8C770000
Module End: 8C779000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\amdk8.sys
Service Name: AmdK8
Module Base: 88037000
Module End: 88046000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 8C6D0000
Module End: 8C6DA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8C433000
Module End: 8C470000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 88E04000
Module End: 88E12000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wm24.sys
Service Name: Wm24_AA
Module Base: 8C41C000
Module End: 8C433000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8C6A3000
Module End: 8C6D0000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8C67E000
Module End: 8C6A3000
Hidden: No

Module Name: C:\Windows\system32\drivers\ks.sys
Service Name: ---
Module Base: 8C654000
Module End: 8C67E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 8C5B0000
Module End: 8C5C0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 8C40E000
Module End: 8C41C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8C4AE000
Module End: 8C4C0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8C63C000
Module End: 8C654000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Service Name: NVENETFD
Module Base: 8D2FD000
Module End: 8D400000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 8D4C8000
Module End: 8DC00000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8D260000
Module End: 8D2FD000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8C401000
Module End: 8C40E000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\ayfspynw.SYS
Service Name: ---
Module Base: 8D463000
Module End: 8D4C8000
Hidden: Yes

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8C611000
Module End: 8C63C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 8D220000
Module End: 8D260000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8C606000
Module End: 8C611000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8D209000
Module End: 8D220000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8D458000
Module End: 8D463000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8D435000
Module End: 8D458000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8D426000
Module End: 8D435000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8D413000
Module End: 8D426000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8DFF1000
Module End: 8E000000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8DFE6000
Module End: 8DFF1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8DFDB000
Module End: 8DFE6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 88FB6000
Module End: 88FB8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8C6DA000
Module End: 8C6E4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8D406000
Module End: 8D413000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8DEC7000
Module End: 8DEFB000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wm24wdm.sys
Service Name: Wm24_01
Module Base: 88F04000
Module End: 88F0A000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wm24wdm2.sys
Service Name: Wm24_02
Module Base: 88F0A000
Module End: 88F10000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wm24wdm3.sys
Service Name: Wm24_03
Module Base: 88F10000
Module End: 88F16000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wm24wdm4.sys
Service Name: Wm24_04
Module Base: 88F16000
Module End: 88F1C000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wm24wdm5.sys
Service Name: Wm24_05
Module Base: 88F22000
Module End: 88F28000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wm24wdm6.sys
Service Name: Wm24_06
Module Base: 88F28000
Module End: 88F2E000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8C5E0000
Module End: 8C5F0000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTKVHDA.sys
Service Name: IntcAzAudAddService
Module Base: 8E05B000
Module End: 8E200000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\klif.sys
Service Name: KLIF
Module Base: 8DE5F000
Module End: 8DE87000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 88FF9000
Module End: 89000000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 88F40000
Module End: 88F47000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 88E29000
Module End: 88E35000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8DE3E000
Module End: 8DE5F000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 88AC0000
Module End: 88AC8000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 88A48000
Module End: 88A50000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8DE05000
Module End: 8DE13000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8C7B8000
Module End: 8C7C1000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8E20E000
Module End: 8E2E0000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 8E00D000
Module End: 8E026000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8E7EB000
Module End: 8E800000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 8C7C1000
Module End: 8C7CA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 8C560000
Module End: 8C570000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 88FC4000
Module End: 88FC6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: 8E7D9000
Module End: 8E7EB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 88A90000
Module End: 88A98000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: 8E7C2000
Module End: 8E7D9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 8C7CA000
Module End: 8C7D3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8E7AE000
Module End: 8E7C2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kl1.sys
Service Name: kl1
Module Base: 8E791000
Module End: 8E7AE000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8E74A000
Module End: 8E791000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8E718000
Module End: 8E74A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8E702000
Module End: 8E718000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\klim6.sys
Service Name: KLIM6
Module Base: 88F7F000
Module End: 88F86000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8E200000
Module End: 8E20E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8E6EF000
Module End: 8E702000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Service Name: SASKUTIL
Module Base: 8E6BB000
Module End: 8E6E0000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: 8E3B2000
Module End: 8E3B8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8E680000
Module End: 8E6BB000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8C6E4000
Module End: 8C6EE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8E629000
Module End: 8E640000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8DF0B000
Module End: 8DF18000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 88E3F000
Module End: 88E4A000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 88A58000
Module End: 88A60000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8C6F8000
Module End: 8C702000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 8E6E0000
Module End: 8E6EF000
Hidden: No

Module Name: \systemroot\win32k.sys:1
Service Name: ---
Module Base: 9E28F000
Module End: 9E294000
Hidden: Yes

Module Name: \systemroot\win32k.sys:2
Service Name: ---
Module Base: 9E310000
Module End: 9E31F000
Hidden: Yes

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 9F82E000
Module End: 9F849000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: A2600000
Module End: A268E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 9E060000
Module End: 9E070000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: A2B41000
Module End: A2B54000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: A4ABA000
Module End: A4B20000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: A2AA6000
Module End: A2AC1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: A4A1A000
Module End: A4A33000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: A4A06000
Module End: A4A1A000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: A4FE0000
Module End: A5000000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: A4FC2000
Module End: A4FE0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: A4F89000
Module End: A4FC2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: A4F77000
Module End: A4F89000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: A4F53000
Module End: A4F77000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: A4EC7000
Module End: A4F13000
Hidden: No

Module Name: C:\Windows\System32\Drivers\adfs.SYS
Service Name: adfs
Module Base: A4E16000
Module End: A4E27000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: A61CC000
Module End: A61D0000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: A60A2000
Module End: A6180000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 8C748000
Module End: 8C752000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: A05C9000
Module End: A05D4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\WUDFRd.sys
Service Name: WUDFRd
Module Base: A4E01000
Module End: A4E16000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\WUDFPf.sys
Service Name: ---
Module Base: A642E000
Module End: A6440000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\xaudio.sys
Service Name: XAudio
Module Base: A2780000
Module End: A2788000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: A6407000
Module End: A641D000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 88FA9000
Module End: 88FB0000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8DE13000
Module End: 8DE1E000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwFlushWriteBuffer
At Address: 82DE849F
Jump To: 877122A4
Module Name: _unknown_

Hooked Function: ZwFlushInstructionCache
At Address: 82DE849F
Jump To: 877122A4
Module Name: _unknown_

Hooked Function: ZwEnumerateKey
At Address: 82D37F06
Jump To: 877122DC
Module Name: _unknown_

Hooked Function: IofCompleteRequest
At Address: 82C27FA4
Jump To: 876DAC43
Module Name: _unknown_

Hooked Function: IofCallDriver
At Address: 82C27F37
Jump To: 872A4D1A
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 853351F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 853351F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 853351F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 853351F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 853351F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 853351F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 8755C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8755C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_READ
Jump To: 8755C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_WRITE
Jump To: 8755C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8755C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8755C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 8755C1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8755C1F8
Hooking Module: _unknown_

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

duneglow

2009-08-08, 04:06

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 80704000
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 864F21F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 864F21F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 864F21F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 864F21F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 864F21F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 864F21F8
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\ayfspynw.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 8652E500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\ayfspynw.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8652E500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\ayfspynw.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8652E500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\ayfspynw.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8652E500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\ayfspynw.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 8652E500
Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\ayfspynw.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8652E500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 877D01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 877D01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 877D01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 877D01F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 877D01F8
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_CREATE
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_CLOSE
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_READ
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_WRITE
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_SET_EA
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_POWER
Jump To: 8070BE1C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8071F514
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: \Driver\PCI_PNP3203
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 80745B0C
Hooking Module: \SystemRoot\System32\Drivers\spxs.sys

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8780F500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8780F500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8780F500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8780F500
Hooking Module: _unknown_

Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8780F500
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 864F11F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 864F11F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 864F11F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 864F11F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 864F11F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 864F11F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 864F11F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 864F11F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 864F11F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 864F11F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8652D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8652D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8652D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8652D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8652D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8652D1F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 849A51F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_READ
Jump To: 849A51F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 849A51F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 849A51F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 849A51F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 849A51F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 849A51F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 849A51F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 849A51F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 849A51F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 864F31F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 864F31F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 864F31F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 864F31F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 864F31F8
Hooking Module: _unknown_

Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 864F31F8
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: HOME.THE-BEACH.NET:53749
Remote Address: EV1S-209-85-49-76.THEPLANET.COM:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53748
Remote Address: EV1S-209-85-49-76.THEPLANET.COM:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53745
Remote Address: EV1S-209-85-49-76.THEPLANET.COM:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53740
Remote Address: 97.65.135.152:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53737
Remote Address: 97.65.135.152:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53735
Remote Address: 97.65.135.144:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53733
Remote Address: 254.86.233.72.STATIC.REVERSE.LTDOMAINS.COM:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53730
Remote Address: 72.32.154.63:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME.THE-BEACH.NET:53729
Remote Address: YX-IN-F113.GOOGLE.COM:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53722
Remote Address: 97.65.135.144:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53720
Remote Address: 97.65.135.152:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53717
Remote Address: 97.65.135.171:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53707
Remote Address: 97.65.135.163:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53697
Remote Address: 72.32.153.176:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME.THE-BEACH.NET:53692
Remote Address: AD1.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME.THE-BEACH.NET:53689
Remote Address: 97.65.135.147:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53676
Remote Address: 97.65.135.163:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53671
Remote Address: 66.179.234.169:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: CLOSE_WAIT

Local Address: HOME.THE-BEACH.NET:53659
Remote Address: EC2-174-129-4-97.COMPUTE-1.AMAZONAWS.COM:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53647
Remote Address: 97.65.135.168:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53646
Remote Address: 67.201.17.187:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53645
Remote Address: 97.65.135.171:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53644
Remote Address: F37.YMDB.VIP.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME.THE-BEACH.NET:53643
Remote Address: 97.65.135.171:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53631
Remote Address: SPYNETTEST.MICROSOFT.COM:HTTPS
Type: TCP
Process: C:\Program Files\Windows Defender\MSASCui.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53624
Remote Address: 67.201.17.122:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53618
Remote Address: 97.65.135.144:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53617
Remote Address: 97.65.135.144:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53608
Remote Address: 97.65.135.160:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53605
Remote Address: 97.65.135.160:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53599
Remote Address: F37.YMDB.VIP.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME.THE-BEACH.NET:53585
Remote Address: AD1.RTM-1.VIP.RM.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME.THE-BEACH.NET:53581
Remote Address: F37.YMDB.VIP.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME.THE-BEACH.NET:53580
Remote Address: F37.YMDB.VIP.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME.THE-BEACH.NET:53573
Remote Address: F37.YMDB.VIP.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME.THE-BEACH.NET:53572
Remote Address: F37.YMDB.VIP.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME.THE-BEACH.NET:53571
Remote Address: 97.65.135.138:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53566
Remote Address: CYB1.ORB.COM:85
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53556
Remote Address: VIRTUAL.ORB.COM:86
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME.THE-BEACH.NET:53553
Remote Address: F37.YMDB.VIP.AC4.YAHOO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME.THE-BEACH.NET:53499
Remote Address: V-2-DL15-D1231-04.WEBAZILLA.COM:HTTP
Type: TCP
Process: C:\WINDOWS\msa.exe
State: CLOSE_WAIT

Local Address: HOME.THE-BEACH.NET:53471
Remote Address: YW-IN-F137.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53454
Remote Address: GY-IN-F138.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53453
Remote Address: YI-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53452
Remote Address: YW-IN-F113.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53451
Remote Address: YW-IN-F147.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53450
Remote Address: YW-IN-F147.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:53449
Remote Address: YW-IN-F139.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME.THE-BEACH.NET:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HOME:53567
Remote Address: LOCALHOST:49172
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HOME:52457
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: HOME:52456
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: HOME:52455
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: HOME:52454
Remote Address: LOCALHOST:5354
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: HOME:52453
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: ESTABLISHED

Local Address: HOME:51870
Remote Address: LOCALHOST:51869
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME:51869
Remote Address: LOCALHOST:51870
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME:51867
Remote Address: LOCALHOST:51866
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME:51866
Remote Address: LOCALHOST:51867
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HOME:49406
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: HOME:49240
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49230
Remote Address: LOCALHOST:49174
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49229
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49227
Remote Address: LOCALHOST:49174
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49226
Remote Address: LOCALHOST:49174
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49225
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49214
Remote Address: LOCALHOST:49174
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49213
Remote Address: LOCALHOST:49187
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49209
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49207
Remote Address: LOCALHOST:49196
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49204
Remote Address: LOCALHOST:49196
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49203
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49202
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49198
Remote Address: LOCALHOST:49196
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:49197
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49196
Remote Address: LOCALHOST:49207
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49196
Remote Address: LOCALHOST:49204
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49196
Remote Address: LOCALHOST:49198
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49195
Remote Address: LOCALHOST:49187
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49194
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49192
Remote Address: LOCALHOST:49174
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49191
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49190
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49188
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49187
Remote Address: LOCALHOST:49213
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49187
Remote Address: LOCALHOST:49195
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49185
Remote Address: LOCALHOST:49174
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49184
Remote Address: LOCALHOST:49174
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:49183
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:49179
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49177
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49175
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49174
Remote Address: LOCALHOST:49230
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49174
Remote Address: LOCALHOST:49227
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49174
Remote Address: LOCALHOST:49226
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49174
Remote Address: LOCALHOST:49214
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49174
Remote Address: LOCALHOST:49192
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49174
Remote Address: LOCALHOST:49185
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49174
Remote Address: LOCALHOST:49184
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: ESTABLISHED

Local Address: HOME:49173
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:49171
Remote Address: LOCALHOST:29831
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49240
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49229
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49225
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49209
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49203
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49202
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49197
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49194
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49191
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49190
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49188
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49183
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49179
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49177
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49175
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49173
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:29831
Remote Address: LOCALHOST:49171
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: ESTABLISHED

Local Address: HOME:27015
Remote Address: LOCALHOST:52453
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: HOME:27015
Remote Address: LOCALHOST:49406
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: HOME:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: HOME:5354
Remote Address: LOCALHOST:52457
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED

Local Address: HOME:5354
Remote Address: LOCALHOST:52456
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED

Local Address: HOME:5354
Remote Address: LOCALHOST:52455
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED

Local Address: HOME:5354
Remote Address: LOCALHOST:52454
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: ESTABLISHED

Local Address: HOME:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: HOME:954
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:64089
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: LISTENING

Local Address: HOME:60828
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: LISTENING

Local Address: HOME:49239
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:49224
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:49208
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:49201
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:49200
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:49196
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:49193
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:49189
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:49187
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:49182
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: LISTENING

Local Address: HOME:49178
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:49176
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:49174
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:49172
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: LISTENING

Local Address: HOME:49158
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\services.exe
State: LISTENING

Local Address: HOME:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\spoolsv.exe
State: LISTENING

Local Address: HOME:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: HOME:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: HOME:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\lsass.exe
State: LISTENING

Local Address: HOME:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: HOME:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\wininit.exe
State: LISTENING

Local Address: HOME:29831
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: LISTENING

Local Address: HOME:9500
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: LISTENING

Local Address: HOME:3689
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\iTunes\iTunes.exe
State: LISTENING

Local Address: HOME:3306
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\xampp\mysql\bin\mysqld-nt.exe
State: LISTENING

Local Address: HOME:3261
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
State: LISTENING

Local Address: HOME:3260
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
State: LISTENING

Local Address: HOME:HTTPS
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\xampp\apache\bin\apache.exe
State: LISTENING

Local Address: HOME:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: HOME:HTTP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\xampp\apache\bin\apache.exe
State: LISTENING

Local Address: HOME.THE-BEACH.NET:51110
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: HOME.THE-BEACH.NET:30006
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: HOME.THE-BEACH.NET:30005
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: HOME.THE-BEACH.NET:30004
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: HOME.THE-BEACH.NET:30003
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: HOME.THE-BEACH.NET:30002
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: HOME.THE-BEACH.NET:30001
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: HOME.THE-BEACH.NET:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: HOME.THE-BEACH.NET:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: HOME.THE-BEACH.NET:SSDP
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: HOME.THE-BEACH.NET:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HOME.THE-BEACH.NET:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HOME:64159
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: HOME:56046
Remote Address: NA
Type: UDP
Process: C:\Users\duneglow\AppData\Local\Temp\b.exe
State: NA

Local Address: HOME:54807
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: HOME:51111
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: HOME:51076
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\msa.exe
State: NA

Local Address: HOME:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: HOME:SSDP
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: HOME:63991
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: NA

Local Address: HOME:63351
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: HOME:60828
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: NA

Local Address: HOME:9370
Remote Address: NA
Type: UDP
Process: C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
State: NA

Local Address: HOME:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: HOME:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: NA

Local Address: HOME:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\OrbTray.exe
State: NA

Local Address: HOME:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Winamp Remote\bin\Orb.exe
State: NA

Local Address: HOME:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
No hidden files/folders found

Log was too big for posting here so I had to split it.

any help would be appreciated
Thank you

JenniferC

duneglow

2009-08-08, 04:10

I'm running windows Vista by the way with expired kaspersky and Norton antivirus I'm basically just using windows firewall for protection.

duneglow

2009-08-08, 19:51

can somebody help me please?

tashi

2009-08-11, 20:12

Hello duneglow,

Apparently you missed this forum's FAQS. :eek:

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count. For that reason we may merge such posts if there is time but please do not count on it.

The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)

Best regards.