|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
09-21-2009, 09:54 AM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2009
Posts: 1
OS: XP
|
Msa.exe
Hello. I was following along in another thread:
http://www.techsupportforum.com/secu...-mark-2-a.html I have the similar situation. My antispyware/virus/malware programs (avast & mcaffe) detected the virus and when I went to clense my computer started acting similar to the other users computer. I was able to get the windiag32 & sysprot logs, so I wanted to post them here for help, since I was unable to do so in the other forum: WinDiag32: Running from: C:\Documents and Settings\Administrator\My Documents\Downloads\Win32kDiag.exe Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Cache\Cache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\Download Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\SelfUpdate Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2007-06-08 05:00:00 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2007-06-08 05:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\Temp\TestEngDat64\TestEngDat64 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\_avast4_\_avast4_ Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\twain_32\Dell\Dell Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Finished! SysProt: SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** No Hidden Processes found ****************************************************************************************** ****************************************************************************************** Kernel Modules: Module Name: spmj.sys Service Name: --- Module Base: B9EA7000 Module End: B9FA7000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\am9fo0cc.SYS Service Name: --- Module Base: B92C4000 Module End: B932C000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\auebn54c.SYS Service Name: --- Module Base: B82CD000 Module End: B8303000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_nvata.sys Service Name: --- Module Base: B4977000 Module End: B4991000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS Service Name: --- Module Base: BA620000 Module End: BA622000 Hidden: Yes Module Name: \systemroot\win32k.sys:1 Service Name: --- Module Base: BA478000 Module End: BA47D000 Hidden: Yes Module Name: \systemroot\win32k.sys:2 Service Name: --- Module Base: B567C000 Module End: B568B000 Hidden: Yes ****************************************************************************************** ****************************************************************************************** SSDT: Function Name: ZwCreateKey Address: B9EA80E0 Driver Base: B9EA7000 Driver End: B9FA7000 Driver Name: spmj.sys Function Name: ZwEnumerateKey Address: B9EC6CA2 Driver Base: B9EA7000 Driver End: B9FA7000 Driver Name: spmj.sys Function Name: ZwEnumerateValueKey Address: B9EC7030 Driver Base: B9EA7000 Driver End: B9FA7000 Driver Name: spmj.sys Function Name: ZwOpenKey Address: B9EA80C0 Driver Base: B9EA7000 Driver End: B9FA7000 Driver Name: spmj.sys Function Name: ZwQueryKey Address: B9EC7108 Driver Base: B9EA7000 Driver End: B9FA7000 Driver Name: spmj.sys Function Name: ZwQueryValueKey Address: B9EC6F88 Driver Base: B9EA7000 Driver End: B9FA7000 Driver Name: spmj.sys Function Name: ZwSetValueKey Address: B9EC719A Driver Base: B9EA7000 Driver End: B9FA7000 Driver Name: spmj.sys ****************************************************************************************** ****************************************************************************************** Kernel Hooks: Hooked Function: ZwYieldExecution At Address: 805040F8 Jump To: B3DEA3A3 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwUnmapViewOfSection At Address: 805B19D2 Jump To: B3DEA3CF Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwTerminateProcess At Address: 805D13E4 Jump To: B3DEA351 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwRenameKey At Address: 80621CF8 Jump To: B3DEA30F Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwProtectVirtualMemory At Address: 805B6F98 Jump To: B3DEA379 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwMapViewOfSection At Address: 805B0BC4 Jump To: B3DEA3B9 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwDeleteValueKey At Address: 80622932 Jump To: B3DEA325 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwDeleteKey At Address: 80622762 Jump To: B3DEA2F9 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwCreateProcess At Address: 805CFC90 Jump To: B3DEA38F Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: ZwCreateFile At Address: 80577F46 Jump To: B3DEA365 Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys Hooked Function: PsCreateSystemProcess At Address: 805CFC90 Jump To: B3DEA38F Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys ****************************************************************************************** ****************************************************************************************** IRP Hooks: Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_READ Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_WRITE Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_QUERY_INFORMATION Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_SET_INFORMATION Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_QUERY_EA Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_SET_EA Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_DIRECTORY_CONTROL Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_LOCK_CONTROL Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_CREATE_MAILSLOT Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_QUERY_SECURITY Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_SET_SECURITY Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_POWER Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_DEVICE_CHANGE Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_QUERY_QUOTA Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvata.sys Hooked IRP: IRP_MJ_SET_QUOTA Jump To: 8A4541F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\auebn54c.SYS Hooked IRP: IRP_MJ_CREATE Jump To: 8A245238 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\auebn54c.SYS Hooked IRP: IRP_MJ_CLOSE Jump To: 8A245238 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\auebn54c.SYS Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8A245238 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\auebn54c.SYS Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8A245238 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\auebn54c.SYS Hooked IRP: IRP_MJ_POWER Jump To: 8A245238 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\auebn54c.SYS Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8A245238 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_READ Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_WRITE Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_QUERY_INFORMATION Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_SET_INFORMATION Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_QUERY_EA Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_SET_EA Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_DIRECTORY_CONTROL Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_LOCK_CONTROL Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_CREATE_MAILSLOT Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_QUERY_SECURITY Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_SET_SECURITY Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_POWER Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_DEVICE_CHANGE Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_QUERY_QUOTA Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\nvatabus.sys Hooked IRP: IRP_MJ_SET_QUOTA Jump To: 8A4C41F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8A4C51F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8A4C51F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8A4C51F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8A4C51F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_POWER Jump To: 8A4C51F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8A4C51F8 Hooking Module: _unknown_ Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_CREATE Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_CLOSE Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_READ Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_WRITE Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_QUERY_INFORMATION Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_SET_INFORMATION Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_QUERY_EA Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_SET_EA Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_DIRECTORY_CONTROL Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_SHUTDOWN Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_LOCK_CONTROL Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_CLEANUP Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_CREATE_MAILSLOT Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_QUERY_SECURITY Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_SET_SECURITY Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_POWER Jump To: B9EAFE1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: B9EC4514 Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_DEVICE_CHANGE Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_QUERY_QUOTA Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: \Driver\PCI_PNP2506 Hooked IRP: IRP_MJ_SET_QUOTA Jump To: B9EEBB1C Hooking Module: spmj.sys Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_CREATE Jump To: 896811F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_CLOSE Jump To: 896811F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_READ Jump To: 896811F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_WRITE Jump To: 896811F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 896811F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 896811F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_POWER Jump To: 896811F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 896811F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8A4551F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8A4551F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_READ Jump To: 8A4551F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_WRITE Jump To: 8A4551F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 8A4551F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8A4551F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8A4551F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 8A4551F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_POWER Jump To: 8A4551F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8A4551F8 Hooking Module: _unknown_ Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CREATE Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CLOSE Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_READ Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_WRITE Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_INFORMATION Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_INFORMATION Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_EA Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_EA Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_DIRECTORY_CONTROL Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SHUTDOWN Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_LOCK_CONTROL Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CLEANUP Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CREATE_MAILSLOT Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_SECURITY Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_SECURITY Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_POWER Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_DEVICE_CHANGE Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_QUOTA Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_QUOTA Jump To: B9EA8000 Hooking Module: spmj.sys Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8A3721F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8A3721F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8A3721F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8A3721F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys Hooked IRP: IRP_MJ_POWER Jump To: 8A3721F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8A3721F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8A4C61F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_READ Jump To: 8A4C61F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_WRITE Jump To: 8A4C61F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 8A4C61F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8A4C61F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8A4C61F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 8A4C61F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: 8A4C61F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_POWER Jump To: 8A4C61F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8A4C61F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\am9fo0cc.SYS Hooked IRP: IRP_MJ_CREATE Jump To: 8A396500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\am9fo0cc.SYS Hooked IRP: IRP_MJ_CLOSE Jump To: 8A396500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\am9fo0cc.SYS Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8A396500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\am9fo0cc.SYS Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8A396500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\am9fo0cc.SYS Hooked IRP: IRP_MJ_POWER Jump To: 8A396500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\am9fo0cc.SYS Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8A396500 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_CREATE Jump To: 894D51F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 894D51F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 894D51F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 894D51F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: 894D51F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8A3901F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8A3901F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_READ Jump To: 8A3901F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_WRITE Jump To: 8A3901F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 8A3901F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8A3901F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8A3901F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 8A3901F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_POWER Jump To: 8A3901F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8A3901F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8A2741F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8A2741F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8A2741F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8A2741F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_POWER Jump To: 8A2741F8 Hooking Module: _unknown_ Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8A2741F8 Hooking Module: _unknown_ ****************************************************************************************** ****************************************************************************************** Ports: Local Address: EXPERIENCE.BELKIN:44713 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe State: LISTENING Local Address: EXPERIENCE.BELKIN:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: EXPERIENCE:27015 Remote Address: LOCALHOST:1065 Type: TCP Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe State: ESTABLISHED Local Address: EXPERIENCE:27015 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe State: LISTENING Local Address: EXPERIENCE:5354 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: LISTENING Local Address: EXPERIENCE:5152 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: LISTENING Local Address: EXPERIENCE:3476 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe State: LISTENING Local Address: EXPERIENCE:1065 Remote Address: LOCALHOST:27015 Type: TCP Process: C:\Program Files\iTunes\iTunesHelper.exe State: ESTABLISHED Local Address: EXPERIENCE:1038 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\alg.exe State: LISTENING Local Address: EXPERIENCE:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: EXPERIENCE:3476 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe State: LISTENING Local Address: EXPERIENCE:3389 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: EXPERIENCE:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: EXPERIENCE:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: EXPERIENCE.BELKIN:5353 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: EXPERIENCE.BELKIN:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: EXPERIENCE.BELKIN:1069 Remote Address: NA Type: UDP Process: C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe State: NA Local Address: EXPERIENCE.BELKIN:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: EXPERIENCE.BELKIN:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: EXPERIENCE.BELKIN:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: EXPERIENCE:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: EXPERIENCE:1074 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: EXPERIENCE:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: EXPERIENCE:5353 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: EXPERIENCE:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: EXPERIENCE:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: EXPERIENCE:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: EXPERIENCE:123 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: EXPERIENCE:58887 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: EXPERIENCE:39019 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lxdwcoms.exe State: NA Local Address: EXPERIENCE:4500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: EXPERIENCE:1035 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: EXPERIENCE:1025 Remote Address: NA Type: UDP Process: C:\Program Files\Bonjour\mDNSResponder.exe State: NA Local Address: EXPERIENCE:500 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\lsass.exe State: NA Local Address: EXPERIENCE:MICROSOFT-DS Remote Address: NA Type: UDP Process: System State: NA ****************************************************************************************** ****************************************************************************************** Hidden files/folders: Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\AŽlbum desconocido Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Bjošrk Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Family Tree CD1 {Roots}\1-01 SiŽdasta EŽg [1984].mp3 Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Family Tree CD1 {Roots}\1-02 GloŽra [1980].mp3 Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Family Tree CD2 {Roots}\2-04 JoŽga (Strings & Vocals).mp3 Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Gling*GloŽ Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Homogenic\02 JoŽga.mp3 Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Hunter CDL\2-03 Hunter (Skothu`s Mix).mp3 Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Jo`ga CD Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Jo`ga CDL Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Jo`ga CDX Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Live Box CD3 [Homogenic Live]\3-01 ViŽsur Vatnsenda RoŽsu.mp3 Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Live Box CD3 [Homogenic Live]\3-14 JoŽga.mp3 Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\MeduŽlla Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Triumph Of A Heart CD2\2-02 VoškuroŽ [vv mix].m4a Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\BJORK_megadiscography\BJORK_the_music\Who Is It DVD\02 Mouth's Cradle [Cortejo Affro_IleŽ AiyeŽ Mix].m4a Status: Hidden Object: C:\Documents and Settings\Administrator\My Documents\Downloads\Chopin - Complete Piano Music- by Idil Biret (15 CD Box Set)\Disc 15\10 - Variations on 'La ci darem la mano' from Mozart's Don Giovanni - Op.2 - in Bb - Variation II - Veloce, ma accuratament Status: Hidden What does this all mean? How can I get my computer to function correctly? My antispyware/virus/malware programs (avast & mcaffe) detected the virus and when I went to clense my computer started acting similar to the other users computer. I appreciate all and any help! :) |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
09-21-2009, 06:56 PM
|
#2 (permalink) | |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: Msa.exe
Hi missmoxie,
Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. ** Note: Please stick with me until I declare that your system is free from malware. Even though your system may not have any symptoms of malware, it may still be infected. ** -------------------------------------------------------------- Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. -------------------------------------------------------------- Quote:
 )2. It appears that you are running two antivirus programs from your above post: 1) Avast 2) McAfee It does not provide you with any extra protection though it may seem so. On the contrary these two programs may interfere with each other creating serious problems regarding security vulnerability as well as system stability. Uninstall one of these two and keep the other of your choice. 3. Restart your machine after uninstalling only one of the Antivirus programs. 4. Go to Start->Run, Copy and paste the following in bold below: "C:\Documents and Settings\Administrator\My Documents\Downloads\Win32kDiag.exe" -F -R Click OK. Reply back with the results
__________________
 Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
|
09-29-2009, 06:38 PM
|
#3 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: Msa.exe
Hi missmoxie,
Do you still require assistance?
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
| Thread Tools | |
|
|
