Virus.Win32.Virut.CE@87251467 and Huer.Suspicious@86536553

Windows Update (error number: Error number: 0x8024D007) is not working along with internet explorer ("The requested lookup key was not found in any active activation context"). MBAM keeps detecting hijack.windowsupdates.

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

GMER doesnt work correctly in normal or safe mode.

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

• Please download RootRepeal.zip from here.
  
• Extract the program file to your Desktop.
  
• Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
  
  
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  
• When done, click on Save Report
  
• Save it to the Desktop.
  
• Please copy/paste the contents of the report in your next reply.
  

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/04 14:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xEC209000 Size: 749568 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB7FDA000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0646bcc

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06461aa

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0646832

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064734c

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064608c

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064805c

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06482f4

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0645c52

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0646fb6

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0647166

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0645a84

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0647cde

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064642e

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0646a0e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06457b4

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06466be

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064592c

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0647712

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064863a

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0647a7a

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0646db2

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0647e8c

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0647512

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06463c8

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06465b2

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0645f56

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0645e24

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a352

#: 122 Function Name: NtGdiDeleteObjectApp
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064aa76

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a486

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a936

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a5c6

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a6fa

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a1d2

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649424

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649ea2

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a834

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649c10

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649d52

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06498f4

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064915c

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06495a6

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649752

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649ff2

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf0649ab6

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064a0e8

#: 529 Function Name: NtUserSetParent
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf06492cc

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064aadc

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xf064ad10

==EOF==

What is my next step?

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, just let it cure whatever it finds...
  o Now, go to Settings >> Change Settings
  o Go to Actions tab >> under Objects section, change the settings to below
  Infected objects - Cure
  Incurable objects - Report
  Suspicious objects - Report
  o Don't change any other settings
  
• Start the scan again. This time, choose Complete Scan
  
• Click the green arrow button at the right, and the scan will start.
  
• After the scan finished, click Select all
  
• Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  
• When the scan has finished, in the menu, click File and choose Save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
  
• Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
  

Tried the express scan twice and I got this error.

69sbgXP.exe has encountered a problem and needs to close.

Is there a way to get Dr. Web Cureit to work?

Download OTViewIt to your desktop.

• Close all windows and open it
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras.txt. Just post OTViewIt.txt, I don't need to see Extras.txt
  
• You may need to use more than one post to get it all on the forum.
  

The link doesn't work.

Please do the following:

Please download SysProt AntiRootkit v1.0.1.0 by Swatkat

• Next run the file; *Note: If running vista right click and select run as administrator
  
• Once opened, navigate to the log tab and select all the areas including the hȋdden objects only box and click on the create log button
  
• A scan will start and then a window will pop up with two options, select scan all drives
  
• Once finished it will give you a location where it was saved, navigate to that place usually the desktop, and open the log, post all the contents of the log back here.
  

Link doesn't work.

Sorry see if you can download it from here:

http://majorgeeks.com/SysProt_AntiRootkit_d5708.html

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No hȋdden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: EB30B000
Module End: EB3C2000
hȋdden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: EEB07BCC
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwConnectPort
Address: EEB071AA
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateFile
Address: EEB07832
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateKey
Address: EEB0834C
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreatePort
Address: EEB0708C
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSection
Address: EEB0905C
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSymbolicLinkObject
Address: EEB092F4
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateThread
Address: EEB06C52
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteKey
Address: EEB07FB6
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteValueKey
Address: EEB08166
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDuplicateObject
Address: EEB06A84
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwLoadDriver
Address: EEB08CDE
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwMakeTemporaryObject
Address: EEB0742E
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenFile
Address: EEB07A0E
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenProcess
Address: EEB067B4
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenSection
Address: EEB076BE
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenThread
Address: EEB0692C
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRenameKey
Address: EEB08712
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRequestWaitReplyPort
Address: EEB0963A
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSecureConnectPort
Address: EEB08A7A
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSecurityObject
Address: EEB07DB2
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSystemInformation
Address: EEB08E8C
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetValueKey
Address: EEB08512
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwShutdownSystem
Address: EEB073C8
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSystemDebugControl
Address: EEB075B2
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateProcess
Address: EEB06F56
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateThread
Address: EEB06E24
Driver Base: EEB03000
Driver End: EEB22000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: CHADS.BELKIN:64228
Remote Address: 192.168.2.1:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CHADS.BELKIN:2869
Remote Address: 192.168.2.1:13693
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CHADS.BELKIN:2869
Remote Address: 192.168.2.1:13692
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CHADS.BELKIN:2215
Remote Address: YX-IN-F19.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Google\Gmail Notifier\gnotify.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2208
Remote Address: 69.46.19.152:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: CHADS.BELKIN:2197
Remote Address: 209.234.250.195:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2196
Remote Address: 209.234.250.195:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2174
Remote Address: YX-IN-F154.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2171
Remote Address: A96-17-60-20.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2160
Remote Address: YX-IN-F166.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2126
Remote Address: YX-IN-F93.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:2113
Remote Address: GY-IN-F138.1E100.NET:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:1120
Remote Address: A209-8-118-67.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: ESTABLISHED

Local Address: CHADS.BELKIN:1119
Remote Address: VIP1.ANYCAST.CACHEFLY.COM:HTTP
Type: TCP
Process: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
State: CLOSE_WAIT

Local Address: CHADS.BELKIN:1118
Remote Address: 208.116.56.171:HTTP
Type: TCP
Process: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
State: CLOSE_WAIT

Local Address: CHADS.BELKIN:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CHADS:27015
Remote Address: LOCALHOST:1040
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: CHADS:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: CHADS:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: CHADS:5152
Remote Address: LOCALHOST:2079
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: CHADS:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: CHADS:1085
Remote Address: LOCALHOST:1084
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS:1084
Remote Address: LOCALHOST:1085
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS:1082
Remote Address: LOCALHOST:1081
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS:1081
Remote Address: LOCALHOST:1082
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: CHADS:1045
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: CHADS:1040
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: CHADS:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: CHADS:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: CHADS:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: CHADS:CHARGEN
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: CHADS:QOTD
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: CHADS:DAYTIME
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: CHADS:DISCARD
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: CHADS:ECHO
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: LISTENING

Local Address: CHADS.BELKIN:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CHADS.BELKIN:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS.BELKIN:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CHADS.BELKIN:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CHADS.BELKIN:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1064
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\explorer.exe
State: NA

Local Address: CHADS:1059
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1038
Remote Address: NA
Type: UDP
Process: C:\Program Files\Google\Gmail Notifier\gnotify.exe
State: NA

Local Address: CHADS:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:57311
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CHADS:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: CHADS:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA

Local Address: CHADS:1102
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1101
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1100
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1099
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1095
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1094
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1093
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1037
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: CHADS:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: CHADS:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: CHADS:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: CHADS:CHARGEN
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: CHADS:QOTD
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: CHADS:DAYTIME
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: CHADS:DISCARD
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

Local Address: CHADS:ECHO
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\tcpsvcs.exe
State: NA

******************************************************************************************
******************************************************************************************
hȋdden files/folders:
Object: C:\Documents and Settings\Chad\Application Data\Macromedia\Flash Player\#SharedObjects\LCL42XJ4\www.strandvision.com.\flash\sign.swf\SV_Kiosk.sol
Status: hȋdden

Object: C:\Documents and Settings\Chad\Application Data\Macromedia\Flash Player\#SharedObjects\LCL42XJ4\www.strandvision.com.\flash\sign.swf
Status: hȋdden

Object: C:\Documents and Settings\Chad\Application Data\Macromedia\Flash Player\#SharedObjects\LCL42XJ4\www.strandvision.com.\flash
Status: hȋdden

Object: C:\Documents and Settings\Chad\Application Data\Macromedia\Flash Player\#SharedObjects\LCL42XJ4\www.strandvision.com.
Status: hȋdden

Object: C:\Documents and Settings\Chad\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.strandvision.com.\settings.sol
Status: hȋdden

Object: C:\Documents and Settings\Chad\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.strandvision.com.
Status: hȋdden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}
Status: Access denied

Object: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}(2)
Status: Access denied