[ineedsometacoss]

So it started earlier today.
I don’t know how it happened, because I wasn’t downloading anything, or looking at any porn. The first sign of this spyware was when IE closed unexpectedly. I just thought I might have exited by accident or something, nothing big.
Then it happened again. This time though fake windows security center alerts starting popping up. I knew they were fake so I just ignored them. It was pretty bad, but it’s gotten a little better know. It only pops up every 5 minutes or so instead of the every minute it did before.
The next thing it does is it says like different virus (it’s different every time). And it wants me to enable protection. I always exit those too.
It’s just gotten to the point where I can’t even function using my computer.
Here’s another thing. When I restart my computer I get these “IE Shortcuts” I think they are IE shortcuts, because they are for ****.com, ****.com, and ***.com….all porn sites.
Which is very weird since last time I viewed porn was like 2 weeks ago…..
But anyway I just delete the shortcuts. Sometimes it will show up again randomly. However the weird think is though, when I restart my computer at other times (I’ve restarted about 8 times tonight), it won’t show up until my computer has been running for about 30 minutes and it will randomly show up.
Another thing is the music/commercials playing in the background. I have no idea where it’s from because all programs are closed…yet I still hear it. I don’t know where it’s from! Ahhh I have to put my computer on mute and I can’t do anything…..
I tried using Malwarebytes Anti-Malware and did both the Quick and Full Scan. I found 1 threat in Quick and 1 in Full, and removed them both. However I still have the problems of Porn Shortcuts, mystery commercials and fake security center alerts.
What can I do to fix it? Also I’m not very computer savvy so some of the words I might not understand, but I just need this off my laptop.

Thanks!

[Advertisements]

Help???????????? PLEASE

[ineedsometacoss]

Help???????????? PLEASE

[hammerman]

Hello ineedsometacoss and welcome to GeeksToGo
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.

• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
• Please do no attach logs or post them in Quote/Code boxes unless requested.
• When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• If in doubt about anything, please ask.

Please follow these steps. Can you also post the Malwarebytes logs.

-- Step 1 --

To ensure that I get all the information, this log will need to be attached (instructions at the end).

Download OTS to your Desktop

• Close ALL OTHER PROGRAMS.
• Double-click on OTS.exe to start the program.
• Check the box that says Scan All Users
• Under Additional Scans check the following:
  • Reg - Approved Shell Extensions
  • Reg - Desktop Components
  • Reg - Disabled MS Config Items
  • Reg - Drivers32
  • Reg - File Associations
  • Reg - NetSvcs
  • Reg - SafeBoot Minimal
  • Reg - SafeBoot Network
  • Reg - Shell Spawning
  • Reg - Uninstall List
  • File - Lop Check
  • File - Purity Scan
  • Evnt - EvtViewer (last 10)
• Under the Custom Scans box at the bottom left paste the following in
  
  
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %SYSTEMDRIVE%\*.exe
  %SYSTEMDRIVE%\eventlog.dll /s /md5
  %SYSTEMDRIVE%\scecli.dll /s /md5
  %SYSTEMDRIVE%\netlogon.dll /s /md5
  %SYSTEMDRIVE%\cngaudit.dll /s /md5
  %SYSTEMDRIVE%\sceclt.dll /s /md5
  %SYSTEMDRIVE%\ntelogon.dll /s /md5
  %SYSTEMDRIVE%\logevent.dll /s /md5
  %SYSTEMDRIVE%\iaStor.sys /s /md5
  %SYSTEMDRIVE%\nvstor.sys /s /md5
  %SYSTEMDRIVE%\atapi.sys /s /md5
  %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
  %SYSTEMDRIVE%\viasraid.sys /s /md5
  %SYSTEMDRIVE%\AGP440.sys /s /md5
  %SYSTEMDRIVE%\vaxscsi.sys /s /md5
  
  
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

-- Step 2 --

Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Start the Sysprot.exe program.

• Click on the Log tab.
• In the Write to log box select all items.
• Click on the Create Log button on the bottom right.
• After a few seconds a new Window should appear.
• Make sure Scan all drives is selected and click on the Start button.
• When it is complete a new Window will appear to indicate that the scan is finished.
• The log will be created and saved automatically in the same folder. Open the text file and copy/paste the log here.

[ineedsometacoss]

 OTS1.Txt   261.62KB   319 downloads

I don't know if it's suppose to look like that or if I did it right....but that's what I got when I followed the steps.

[hammerman]

hi,

Looks good to me.
That just leaves the Sysprot log to do.

[ineedsometacoss]

Step 2:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 500
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 568
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 612
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 624
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 656
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 668
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 676
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 756
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 856
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 920
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 976
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1052
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1120
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1140
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1224
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1248
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1264
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1304
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\DellDock\DockLogin.exe
PID: 1412
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1468
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WLTRYSVC.EXE
PID: 1596
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wlanext.exe
PID: 1604
Hidden: No
Window Visible: No

Name: C:\Windows\System32\BCMWLTRY.EXE
PID: 1644
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1764
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1796
Hidden: No
Window Visible: No

Name: C:\Windows\System32\AEstSrv.exe
PID: 1984
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 2000
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 2020
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PID: 348
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 444
Hidden: No
Window Visible: No

Name: C:\Windows\System32\stacsv.exe
PID: 808
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1964
Hidden: No
Window Visible: No

Name: C:\Program Files\Viewpoint\Common\ViewpointService.exe
PID: 2016
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 2072
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 2100
Hidden: No
Window Visible: No

Name: C:\Windows\System32\drivers\XAudio.exe
PID: 2140
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 2560
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PID: 3552
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 3648
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 3696
Hidden: No
Window Visible: No

Name: C:\Windows\explorer.exe
PID: 3780
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MSASCui.exe
PID: 3912
Hidden: No
Window Visible: No

Name: C:\Program Files\DellTPad\Apoint.exe
PID: 3924
Hidden: No
Window Visible: No

Name: C:\Windows\System32\hkcmd.exe
PID: 3944
Hidden: No
Window Visible: No

Name: C:\Windows\System32\igfxpers.exe
PID: 3956
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PID: 3968
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WLTRAY.EXE
PID: 3976
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\MediaDirect\PCMService.exe
PID: 3988
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PID: 3996
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PID: 4008
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 4024
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 4060
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 4068
Hidden: No
Window Visible: No

Name: C:\Users\Kevin\AppData\Local\Temp\wow64main.exe
PID: 604
Hidden: No
Window Visible: No

Name: C:\Users\Kevin\AppData\Local\Temp\winhbt.exe
PID: 2092
Hidden: No
Window Visible: No

Name: C:\Program Files\Digital Line Detect\DLG.exe
PID: 2168
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\QuickSet\quickset.exe
PID: 2328
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Works\WkCalRem.exe
PID: 2452
Hidden: No
Window Visible: No

Name: C:\Windows\System32\igfxsrvc.exe
PID: 2600
Hidden: No
Window Visible: No

Name: C:\Program Files\DellTPad\ApMsgFwd.exe
PID: 1312
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wbem\WmiPrvSE.exe
PID: 660
Hidden: No
Window Visible: No

Name: C:\Program Files\DellTPad\hidfind.exe
PID: 2728
Hidden: No
Window Visible: No

Name: C:\Program Files\DellTPad\ApntEx.exe
PID: 2712
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 3592
Hidden: No
Window Visible: No

Name: C:\Users\Kevin\Desktop\OTS.exe
PID: 5324
Hidden: No
Window Visible: No

Name: C:\Windows\notepad.exe
PID: 4864
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\taskmgr.exe
PID: 4140
Hidden: No
Window Visible: Yes

Name: C:\Users\Kevin\AppData\Local\Temp\wscsvc32.exe
PID: 3124
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 5056
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4120
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 5540
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 5456
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchFilterHost.exe
PID: 4720
Hidden: No
Window Visible: No

Name: C:\Users\Kevin\Desktop\SysProt\SysProt.exe
PID: 4076
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Users\Kevin\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A9761000
Module End: A976C000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 81C50000
Module End: 8200A000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 81C1D000
Module End: 81C50000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 80404000
Module End: 8040C000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 8040C000
Module End: 8046C000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 8046C000
Module End: 8047D000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 8047D000
Module End: 80485000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 80485000
Module End: 804C6000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 804C6000
Module End: 805A6000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 80606000
Module End: 80682000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 80682000
Module End: 8068F000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 8068F000
Module End: 806D5000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 806D5000
Module End: 806DE000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 806DE000
Module End: 806E6000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 806E6000
Module End: 8070D000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 8070D000
Module End: 8071C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 8071C000
Module End: 8071F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 8071F000
Module End: 80729000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 80729000
Module End: 80738000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 80738000
Module End: 80782000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelide.sys
Service Name: intelide
Module Base: 80782000
Module End: 80789000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: 80789000
Module End: 80797000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 80797000
Module End: 8079E000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 8079E000
Module End: 807AE000
Hidden: No

Module Name: C:\Windows\system32\drivers\iastor.sys
Service Name: iaStor
Module Base: 8220D000
Module End: 822D4000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 822D4000
Module End: 822DC000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 822DC000
Module End: 822FA000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 822FA000
Module End: 8232C000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 8232C000
Module End: 8233C000
Hidden: No

Module Name: C:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 8233C000
Module End: 82345000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 82345000
Module End: 823B6000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 89C05000
Module End: 89D10000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 89D3B000
Module End: 89D75000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 89E02000
Module End: 89F11000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 89F11000
Module End: 89F4A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 89F4A000
Module End: 89F52000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 89F52000
Module End: 89F61000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 89F61000
Module End: 89F88000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 89F88000
Module End: 89F99000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 89F99000
Module End: 89FBA000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 89FBA000
Module End: 89FC3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 8D6CE000
Module End: 8D6D9000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 8D6D9000
Module End: 8D6E2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 8D6E2000
Module End: 8D6F1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\igdkmd32.sys
Service Name: igfx
Module Base: 8E00C000
Module End: 8E659000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8E659000
Module End: 8E6F8000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 8E6F8000
Module End: 8E705000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: 8E705000
Module End: 8E710000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8E710000
Module End: 8E74E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8E74E000
Module End: 8E75D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8E75D000
Module End: 8E76F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\yk60x86.sys
Service Name: yukonwlh
Module Base: 8E76F000
Module End: 8E7B5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bcmwl6.sys
Service Name: BCM43XX
Module Base: 8DA0D000
Module End: 8DB37000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 8DB37000
Module End: 8DB47000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 8DB47000
Module End: 8DB55000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: 8DB55000
Module End: 8DB6F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimmptsk.sys
Service Name: rimmptsk
Module Base: 8DB6F000
Module End: 8DB7E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimsptsk.sys
Service Name: rimsptsk
Module Base: 8DB7E000
Module End: 8DB92000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rixdptsk.sys
Service Name: rismxdp
Module Base: 8DB92000
Module End: 8DBE3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 8DBE3000
Module End: 8DBF6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\Apfiltr.sys
Service Name: ApfiltrService
Module Base: 8E7B5000
Module End: 8E7E1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8DA00000
Module End: 8DA0B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8E7E1000
Module End: 8E7EC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8D6F1000
Module End: 8D709000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: 8DBF6000
Module End: 8DBFC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 8DBFC000
Module End: 8DC00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 8E7EC000
Module End: 8E7F5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8D709000
Module End: 8D737000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 8D737000
Module End: 8D778000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 8E7F5000
Module End: 8E800000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8D778000
Module End: 8D78F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8E000000
Module End: 8E00B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8D78F000
Module End: 8D7B2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8D7B2000
Module End: 8D7C1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8D7C1000
Module End: 8D7D5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8D7D5000
Module End: 8D7EA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8D7EA000
Module End: 8D7FA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8DA0B000
Module End: 8DA0D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 89FD0000
Module End: 89FFA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 89D75000
Module End: 89D7F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 89D7F000
Module End: 89D8C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 89D8C000
Module End: 89DC1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 89DC1000
Module End: 89DD2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Service Name: HSXHWAZL
Module Base: 823B6000
Module End: 823F3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Service Name: HSF_DPV
Module Base: 8DC01000
Module End: 8DD03000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsf
Module Base: 8DD03000
Module End: 8DDB8000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 8DDB8000
Module End: 8DDC5000
Hidden: No

Module Name: C:\Windows\system32\drivers\IntcHdmi.sys
Service Name: IntcHdmiAddService
Module Base: 8DDC5000
Module End: 8DDE6000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 89DD2000
Module End: 89DFF000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 807AE000
Module End: 807D3000
Hidden: No

Module Name: C:\Windows\system32\drivers\stwrt.sys
Service Name: STHDA
Module Base: 805A6000
Module End: 805FB000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8DDF6000
Module End: 8DDFD000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 823F3000
Module End: 823FF000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 807D3000
Module End: 807F4000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 82200000
Module End: 82208000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 807F4000
Module End: 807FC000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8E817000
Module End: 8E825000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8E825000
Module End: 8E82E000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8E82E000
Module End: 8E917000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 8E917000
Module End: 8E932000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 8E932000
Module End: 8E93B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: 8E93B000
Module End: 8E94B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: 8E94B000
Module End: 8E952000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 8E952000
Module End: 8E954000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8E954000
Module End: 8E96A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8E96A000
Module End: 8E97E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 8E97E000
Module End: 8E986000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8E986000
Module End: 8E9CE000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8E9CE000
Module End: 8EA00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8EA06000
Module End: 8EA1C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8EA1C000
Module End: 8EA2A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8EA2A000
Module End: 8EA3D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8EA3D000
Module End: 8EA79000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8EA79000
Module End: 8EA83000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8EA83000
Module End: 8EA9A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 8EA9A000
Module End: 8EAA7000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 8EAA7000
Module End: 8EB6E000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 8EB6E000
Module End: 8EB78000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 8EB78000
Module End: 8EB87000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 8EB87000
Module End: 8EBA2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 8EBA2000
Module End: 8EBB2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 8EBB2000
Module End: 8EBDC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 8EBDC000
Module End: 8EBE6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 8EBE6000
Module End: 8EBF9000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: 8D600000
Module End: 8D6AF000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 81606000
Module End: 81671000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 81671000
Module End: 8168E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 8168E000
Module End: 816A7000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 816A7000
Module End: 816BC000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 816BC000
Module End: 816DC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 816DC000
Module End: 816FB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 816FB000
Module End: 81734000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 81734000
Module End: 8174C000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 8174C000
Module End: 81773000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: 81773000
Module End: 817BF000
Hidden: No

Module Name: C:\Windows\System32\Drivers\adfs.SYS
Service Name: adfs
Module Base: 817D7000
Module End: 817E8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: 817E8000
Module End: 817EC000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: A9609000
Module End: A96E7000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: A96E7000
Module End: A96F1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\fastfat.SYS
Service Name: fastfat
Module Base: A96F1000
Module End: A9719000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: A9719000
Module End: A9725000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\xaudio.sys
Service Name: XAudio
Module Base: A9725000
Module End: A972D000
Hidden: No

Module Name: C:\Windows\system32\drivers\BCM42RLY.sys
Service Name: BCM42RLY
Module Base: A972D000
Module End: A9735000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: A9735000
Module End: A974B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8DDEF000
Module End: 8DDF6000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8E80C000
Module End: 8E817000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: KEVIN-PC.NYCAP.RR.COM:50028
Remote Address: A24-24-52-104.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: KEVIN-PC.NYCAP.RR.COM:50027
Remote Address: WINDOWSLIVETRANSLATOR.COM:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: KEVIN-PC.NYCAP.RR.COM:50026
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: KEVIN-PC.NYCAP.RR.COM:50024
Remote Address: QY-IN-F101.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: ESTABLISHED

Local Address: KEVIN-PC.NYCAP.RR.COM:50023
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: KEVIN-PC.NYCAP.RR.COM:50022
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: KEVIN-PC.NYCAP.RR.COM:50021
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: KEVIN-PC.NYCAP.RR.COM:50020
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: KEVIN-PC.NYCAP.RR.COM:50019
Remote Address: GEEK15.GEEKSTOGO.COM:HTTP
Type: TCP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: CLOSE_WAIT

Local Address: KEVIN-PC.NYCAP.RR.COM:49163
Remote Address: 69.65.63.121:HTTP
Type: TCP
Process: C:\Users\Kevin\AppData\Local\Temp\winhbt.exe
State: CLOSE_WAIT

Local Address: KEVIN-PC.NYCAP.RR.COM:ICSLAP
Remote Address: 192.168.0.1:1124
Type: TCP
Process: System
State: CLOSE_WAIT

Local Address: KEVIN-PC.NYCAP.RR.COM:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: KEVIN-PC:49167
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: KEVIN-PC:27015
Remote Address: LOCALHOST:49167
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: KEVIN-PC:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: KEVIN-PC:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: KEVIN-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: KEVIN-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: KEVIN-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: KEVIN-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: KEVIN-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: KEVIN-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: KEVIN-PC:ICSLAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: KEVIN-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: KEVIN-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: KEVIN-PC.NYCAP.RR.COM:61041
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: KEVIN-PC.NYCAP.RR.COM:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: KEVIN-PC.NYCAP.RR.COM:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: KEVIN-PC.NYCAP.RR.COM:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: KEVIN-PC.NYCAP.RR.COM:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: KEVIN-PC:65186
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: KEVIN-PC:61042
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: KEVIN-PC:58310
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: KEVIN-PC:50264
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: KEVIN-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: KEVIN-PC:63326
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: KEVIN-PC:63000
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: KEVIN-PC:49152
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: KEVIN-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: KEVIN-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: KEVIN-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: KEVIN-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: KEVIN-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: KEVIN-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: D:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\SystemRestore
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\{02528ba9-c6f6-11de-9664-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{067422be-cba8-11de-93c0-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{1f6b8f1f-bdc9-11de-baac-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{1f6b8f60-bdc9-11de-baac-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{1f6b8f85-bdc9-11de-baac-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{6bdca3a0-c7a3-11de-bafd-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{6bdca3a6-c7a3-11de-bafd-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{791095fd-c86a-11de-8a65-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{7910960c-c86a-11de-8a65-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{a04f0936-c40b-11de-b8c7-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{a04f0955-c40b-11de-b8c7-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{a04f09a2-c40b-11de-b8c7-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{ac2dba1f-cd7f-11de-a503-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{d50b23bc-c9fc-11de-9468-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information\{ef316be6-c343-11de-b6f4-0023ae1c3f7b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied

[ineedsometacoss]

Is this right?

[hammerman]

Yes, that's just the ticket.
I'll need some time to put a fix together. Could be tomorrow now.

[ineedsometacoss]

Yes, that's just the ticket.
I'll need some time to put a fix together. Could be tomorrow now.

Thank you very much!!!! =]

[hammerman]

Hi,

Please follow these steps.

-- Step 1 --

I notice you are running one or more Peer-to-Peer (P2P) programs. The files shared by P2P programs are often infected with viruses and malware, even though they may appear to be legitimate. For this reason, I would recommend you uninstall them. If you decide to keep them, I ask that you do not use them while we are fixing your problem.

An article indicating the Dangers of P2P can be found here

-- Step 2 --

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\] > -> HKEY_USERS\S-1-5-21-2936409604-201983693-1490182340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "AntiMalware" -> C:\Program Files\AntiMalware\antimalware.exe ["C:\Program Files\AntiMalware\antimalware.exe" -noscan]
YY -> "winhbt.exe" -> C:\Users\Kevin\AppData\Local\Temp\winhbt.exe [C:\Users\Kevin\AppData\Local\Temp\winhbt.exe]
YY -> "wow64main.exe" -> C:\Users\Kevin\AppData\Local\Temp\wow64main.exe [C:\Users\Kevin\AppData\Local\Temp\wow64main.exe]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{49567e99-68c6-11de-9d23-0023ae1c3f7b} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49567e99-68c6-11de-9d23-0023ae1c3f7b}\shell\AutoRun\command ->
YN -> \{49567e99-68c6-11de-9d23-0023ae1c3f7b}\shell\AutoRun\command\\"" -> F:\setupSNK.exe [F:\setupSNK.exe]
[Files/Folders - Created Within 30 Days]
NY -> C:\Program Files\AntiMalware -> C:\Program Files\AntiMalware
[Files/Folders - Modified Within 30 Days]
NY -> ezsidmv.dat -> C:\Windows\System32\ezsidmv.dat
[Purity]
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

-- Step 3 --

Run Malwarebytes' Anti-Malware.

• Select the Update tab and then click Check for Updates. If an update is found, it will download and install the latest version.
• Select the Scanner tab, select "Perform full scan", then click Scan
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[ineedsometacoss]

I did Step 3....but my computer restarted....and I don't know where the Notepad with the log comes from.....


Edit: But I guess good news....I don't have all those fake alerts anymore....

Good sign? =]

Edited by ineedsometacoss, 09 November 2009 - 07:36 PM.

[ineedsometacoss]

alwarebytes' Anti-Malware 1.41
Database version: 3137
Windows 6.0.6001 Service Pack 1

11/9/2009 9:36:26 PM
mbam-log-2009-11-09 (21-36-26).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 273951
Time elapsed: 1 hour(s), 0 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CoreGuard (Rogue.CoreguardAV) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\_OTS\MovedFiles\11092009_202919\C_Program Files\AntiMalware\amext.dll (Malware.Packer) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\11092009_202919\C_Program Files\AntiMalware\uninstall.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\11092009_202919\C_Users\Kevin\AppData\Local\Temp\winhbt.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\_OTS\MovedFiles\11092009_202919\C_Users\Kevin\AppData\Local\Temp\wow64main.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

[hammerman]

Hi,

You will find the log in the folder C:\_OTS\MovedFiles.

Please follow these steps and then give me an update on how your computer's running.

-- Step 1 --

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

-- Step 2 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on View Report and then Save Report
• Save the file to your desktop as a text file.
• Copy and paste that information in your next post.

[hammerman]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.