Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

webpages keep being redirected and random webpages pop up


  • Please log in to reply
1 reply to this topic

#1 Shallhayward

Shallhayward

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 26 September 2010 - 09:16 PM

I am not sure what is wrong with my computer. It has been acting funny for weeks but Avira can't seem to fix it. My Google searches keep being redirected to incorrect website (unless I use the cached version) and randomly web pages open up on their own. These pages aren't blocked by my pop up blockers and I believe its because they open up as a web page not a pop up. They are usually those fake news articles that use the logo off of websites like Good Morning America, WWAM news etc talking about some miracle remedy or get rich quick scheme. When I try to X out of the page a series of pop-ups come up saying "if I close this page I will lose out on my chance, Click OK to close or cancel to remain on this page". If I click OK another one pops up continuing to try to convince me to stay and so on. I use task manager to end the window instead up that closes all of the pages I have open at the time. Reading through other Bleeping computer forums I see that it is commonly recommended that users with similiar issues download an app RKUnhookerLE.exe and post a log. I did that but don't know what they mean. I'm posting the log below.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x830E2C66-->80548394 [Unknown module filename]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x83089571-->80548380 [Unknown module filename]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x83087EC8-->80548385 [Unknown module filename]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x83069B7D-->8054838F [Unknown module filename]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x885A3460 [108] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited, RIM Auto Update)
0x85B5D400 [236] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x8734ED40 [304] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x88A95490 [360] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x88A61710 [380] C:\Windows\System32\agrsmsvc.exe (Agere Systems, Agere Soft Modem Call Progress Service)
0x87389D40 [420] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x88A6B4A0 [444] C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH, Antivirus On-Access Service)
0x88ABED40 [496] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation, GrooveMonitor Utility)
0x88447668 [500] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x884C4600 [512] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x88506720 [552] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x88509B90 [576] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x885234A8 [584] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x88ACCD40 [648] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc., IDT PC Audio)
0x8856E530 [668] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x88638030 [736] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8865E498 [836] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88ABD030 [852] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation, Event Monitor User Notification Tool)
0x88682558 [884] C:\Windows\System32\atiesrxx.exe (AMD, AMD External Events Service Module)
0x88697D40 [968] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x886D5790 [1004] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88ACB848 [1048] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0x886795E0 [1052] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x884375D0 [1100] C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe (IDT, Inc., IDT PC Audio)
0x88764538 [1208] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x860D3D40 [1272] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x8875B6A0 [1324] C:\Windows\System32\atieclxx.exe (AMD, AMD External Events Client Module)
0x88791438 [1412] C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc., Validity Sensors Fingerprint Service)
0x88270D40 [1512] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x882882D0 [1588] C:\Windows\System32\wlanext.exe (Microsoft Corporation, Windows Wireless LAN 802.11 Extensibility Framework)
0x8828B870 [1620] C:\Windows\System32\conhost.exe (Microsoft Corporation, Console Window Host)
0x88AD0898 [1624] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp., MSN® Toolbar)
0x8829CD40 [1644] C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH, Antivirus Scheduler)
0x88DB83E0 [1652] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x882CE660 [1756] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x882DA030 [1768] C:\Windows\System32\taskhost.exe (Microsoft Corporation, Host Process for Windows Tasks)
0x882EF3F8 [1824] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x882F8D40 [1900] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x88B18D40 [1920] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated, Adobe Reader and Acrobat Manager)
0x88B05030 [1964] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation, Windows Mobile Device Center)
0x882A8030 [1992] C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe (Andrea Electronics Corporation, Andrea filters APO access service (32-bit))
0x88B1ED40 [2056] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc., Citrix online plug-in Connection Center)
0x88B2B3A8 [2068] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x88B4C398 [2132] C:\Windows\System32\StikyNot.exe (Microsoft Corporation, Sticky Notes)
0x88B36D40 [2140] C:\Program Files\AIM\aim.exe (AOL LLC, AOL Instant Messenger)
0x877D3288 [2164] C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation, Microsoft Office OneNote Quick Launcher)
0x88B7B538 [2284] C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc., Citrix)
0x8596B030 [2412] C:\Users\Shallamar\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x88EBA030 [2444] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88C17D40 [2728] C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation, SQL Server Windows NT)
0x88189030 [2768] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation, Microsoft SeaPort Search Enhancement Broker)
0x88BE5D40 [2828] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation, SQL Server VSS Writer)
0x88C777A8 [2888] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88BFB9C0 [2980] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service)
0x88782030 [3004] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x887A5030 [3040] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation, RAID Monitor)
0x887E6D40 [3312] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation, Microsoft® Windows Live ID Service Monitor)
0x886DF100 [3344] C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe (Microsoft Corporation, Microsoft Search Client Server)
0x88E777A0 [3804] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88A56540 [4008] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x88A8A4A8 [4060] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x87FA0D40 [4148] C:\Windows\System32\dllhost.exe (Microsoft Corporation, COM Surrogate)
0x89094D40 [4168] C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation, Windows Media Player Network Sharing Service)
0x874BA030 [4544] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x88D435C0 [4908] C:\Windows\System32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x858F8030 [5696] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85BA2830 [5784] C:\Windows\System32\taskmgr.exe (Microsoft Corporation, Windows Task Manager)
0x85748AB0 [4] System
==============================================
>Drivers
==============================================
0x91C35000 C:\Windows\system32\DRIVERS\atikmdag.sys 5328896 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82E08000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82E08000 PnpManager 4259840 bytes
0x82E08000 RAW 4259840 bytes
0x82E08000 WMIxWDM 4259840 bytes
0x97910000 Win32k 2400256 bytes
0x97910000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8BC07000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x91229000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1343488 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x8B82F000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x92212000 C:\Windows\system32\DRIVERS\AGRSM.sys 1204224 bytes (Agere Systems, SoftModem Device Driver)
0x90E00000 C:\Windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x8B603000 C:\Windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x910DB000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BA39000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8B303000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9E127000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9E0A2000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8B230000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8B432000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9275E000 C:\Windows\system32\DRIVERS\stwrt.sys 425984 bytes (IDT, Inc., IDT PC Audio)
0x8D42B000 C:\Windows\System32\Drivers\bthport.sys 409600 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x91014000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8B99C000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x90FA6000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA2883000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0xA2834000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x921AD000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8B573000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B4B1000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8D551000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x926A5000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8B2C1000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B7B8000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8BD8A000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8BAF0000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9E02F000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x9214A000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83218000 ACPI_HAL 225280 bytes
0x83218000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8B72A000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x92655000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x91192000 C:\Windows\system32\DRIVERS\SynTP.sys 208896 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x8BB6B000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8BA00000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8BD50000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x91371000 C:\Windows\system32\DRIVERS\Rt86win7.sys 200704 bytes (Realtek , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x92716000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8BDD1000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x913A2000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8B95E000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B50A000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x91200000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8BBAE000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8BB2E000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8D49A000 C:\Windows\system32\DRIVERS\rfcomm.sys 147456 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x923B7000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x8B6E6000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8D400000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8B3D8000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9E1C8000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x910A4000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x90F25000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x90EEC000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x92183000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x913CE000 C:\Windows\system32\DRIVERS\jmcr.sys 126976 bytes (JMicron Technology Corporation, JMicron JMB38X Flash Media Controller Driver)
0x8BBE0000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x97BA0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x926FA000 C:\Windows\system32\drivers\AtiHdmi.sys 114688 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0x91086000 C:\Windows\system32\DRIVERS\avipbb.sys 114688 bytes (Avira GmbH, Avira Driver for RootKit Detection)
0x8D4CB000 C:\Windows\system32\DRIVERS\bthpan.sys 110592 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x8D4F8000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9E06A000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D527000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8D5BA000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x92745000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x911C5000 C:\Windows\system32\DRIVERS\enecir.sys 102400 bytes (ENE TECHNOLOGY INC., ENE CIR Driver for eHome)
0x8B400000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x91C0F000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8B3C0000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8B200000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8B218000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9262B000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x90F84000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x92396000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8B5BE000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8D513000 C:\Windows\system32\DRIVERS\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)
0x8B418000 C:\Windows\system32\DRIVERS\ctxusbm.sys 81920 bytes (Citrix Systems, Inc., Citrix USB Filter Driver)
0x92347000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8B989000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8D5A7000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8B795000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8B3AE000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8D4E6000 C:\Windows\system32\DRIVERS\bthmodem.sys 73728 bytes (Microsoft Corporation, Bluetooth Communications Driver)
0x923DB000 C:\Windows\System32\Drivers\BTHUSB.sys 73728 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x910C5000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x8D5D3000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8BB9D000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x92385000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8B75E000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x926E9000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8B53F000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8B2A8000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8B817000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x8D541000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8BB53000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8D597000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8B7A8000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8B563000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x92338000 C:\Windows\system32\DRIVERS\hidir.sys 61440 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x8B76F000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x91C00000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x91078000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x92689000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x8B787000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x90F76000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B713000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B800000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x92697000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8B4A3000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8D4BE000 C:\Windows\system32\DRIVERS\BthEnum.sys 53248 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x911E7000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x92378000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x913F2000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x91000000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x91C27000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9E1E9000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x90F46000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8B5E8000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x92361000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x90F19000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B558000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x8D48F000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x9236D000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x90F6B000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B5F4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x90F9B000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x921A2000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8B534000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x923AD000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B709000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8B5DE000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8B5D4000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x92649000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x9E1BE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8B721000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA293E000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8B6DD000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8B80E000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA2947000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x97B70000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B77E000 C:\Windows\system32\DRIVERS\vfilter.sys 36864 bytes (Shrew Soft Inc, Shrew Lightweight Filter Driver)
0x8BD81000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x911DE000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8B4F9000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8B2B9000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B550000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8BB63000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80B96000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8B502000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x90F53000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90F5B000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x90F63000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x911F4000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x8BDC9000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x90F12000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x9235A000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x90F0B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x92642000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x8BC00000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x921F8000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8BA32000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0x9E09D000 C:\Program Files\ASTRA32\ASTRA32.sys 20480 bytes (Licensed for Sysinfo Lab, Astra Generic Device Driver)
0x913ED000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0x910D7000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x910A2000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0x92653000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x91226000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
!!!!!!!!!!!Hidden driver: 0x86F22AEA ?_empty_? 1302 bytes
0x86F22EC5 unknown_irp_handler 315 bytes
!!!!!!!!!!!Hidden driver: 0x87331CD8 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0x8B603000 WARNING: suspicious driver modification [iaStor.sys::0x86F22AEA]
0x6BCA0000 Hidden Image-->System.Windows.dll [ EPROCESS 0x88AD0898 ] PID: 1624, 1069056 bytes
0x6C380000 Hidden Image-->System.Windows.Browser.dll [ EPROCESS 0x88AD0898 ] PID: 1624, 143360 bytes
0x6BC60000 Hidden Image-->System.Net.dll [ EPROCESS 0x88AD0898 ] PID: 1624, 200704 bytes
0x6BDB0000 Hidden Image-->system.dll [ EPROCESS 0x88AD0898 ] PID: 1624, 241664 bytes
0x6BC10000 Hidden Image-->System.Core.dll [ EPROCESS 0x88AD0898 ] PID: 1624, 290816 bytes
0x6BB40000 Hidden Image-->System.Xml.dll [ EPROCESS 0x88AD0898 ] PID: 1624, 331776 bytes
0x6BBA0000 Hidden Image-->System.Runtime.Serialization.dll [ EPROCESS 0x88AD0898 ] PID: 1624, 421888 bytes
0xA28FEF2E Unknown thread object [ ETHREAD 0x882F0870 ] , 600 bytes
0x6C360000 Hidden Image-->System.ServiceModel.Web.dll [ EPROCESS 0x88AD0898 ] PID: 1624, 77824 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
[1052]svchost.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x75852BBC-->00000000 [unknown_code_page]
[1052]svchost.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x758544B1-->00000000 [unknown_code_page]
[1052]svchost.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x758546B7-->00000000 [unknown_code_page]
[1052]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77CD6448-->00000000 [unknown_code_page]
[1052]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77CD5360-->00000000 [unknown_code_page]
[1052]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77CD5EE0-->00000000 [unknown_code_page]
[1052]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7792C198-->00000000 [unknown_code_page]
[1208]iexplore.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x75852BBC-->00000000 [unknown_code_page]
[1208]iexplore.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x758544B1-->00000000 [unknown_code_page]
[1208]iexplore.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x758546B7-->00000000 [unknown_code_page]
[1208]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77CD6448-->00000000 [unknown_code_page]
[1208]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77CD5360-->00000000 [unknown_code_page]
[1208]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77CD5EE0-->00000000 [unknown_code_page]
[1208]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77930E51-->00000000 [ieframe.dll]
[1208]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7796D29C-->00000000 [ieframe.dll]
[1208]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x77954AA7-->00000000 [ieframe.dll]
[1208]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7796CF6A-->00000000 [ieframe.dll]
[1208]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7795564A-->00000000 [ieframe.dll]
[1208]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7797EA29-->00000000 [ieframe.dll]
[1208]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7797EA4D-->00000000 [ieframe.dll]
[1208]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7797E8C9-->00000000 [ieframe.dll]
[1208]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7797E9C3-->00000000 [ieframe.dll]
[1900]explorer.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x75852BBC-->00000000 [unknown_code_page]
[1900]explorer.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x758544B1-->00000000 [unknown_code_page]
[1900]explorer.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x758546B7-->00000000 [unknown_code_page]
[1900]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77CD6448-->00000000 [unknown_code_page]
[1900]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77CD5360-->00000000 [unknown_code_page]
[1900]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77CD5EE0-->00000000 [unknown_code_page]
[2140]aim.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C617BC-->00000000 [tbdiag.dll]
[2140]aim.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77C6180C-->00000000 [tbdiag.dll]
[2140]aim.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C61768-->00000000 [tbdiag.dll]
[2140]aim.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C617D0-->00000000 [tbdiag.dll]
[2140]aim.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77C6181C-->00000000 [tbdiag.dll]
[2140]aim.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B61144-->00000000 [tbdiag.dll]
[2140]aim.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61138-->00000000 [tbdiag.dll]
[2140]aim.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B611A0-->00000000 [tbdiag.dll]
[2140]aim.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77B610E0-->00000000 [tbdiag.dll]
[2140]aim.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x738021BC-->00000000 [tbdiag.dll]
[2140]aim.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x73802248-->00000000 [tbdiag.dll]
[2140]aim.exe-->user32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77D11490-->00000000 [tbdiag.dll]
[2140]aim.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D11398-->00000000 [tbdiag.dll]
[2140]aim.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D114E4-->00000000 [tbdiag.dll]
[2140]aim.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77D114A0-->00000000 [tbdiag.dll]
[2140]aim.exe-->wininet.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x71201268-->00000000 [aim.exe]
[2140]aim.exe-->wininet.dll-->advapi32.dll-->RegQueryValueExA, Type: IAT modification 0x71201290-->00000000 [aim.exe]
[2140]aim.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71201450-->00000000 [tbdiag.dll]
[2140]aim.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x712013D4-->00000000 [tbdiag.dll]
[2140]aim.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71201398-->00000000 [tbdiag.dll]
[2140]aim.exe-->wininet.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x712013C8-->00000000 [tbdiag.dll]
[2140]aim.exe-->wsock32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x3FD11040-->00000000 [tbdiag.dll]
[236]iexplore.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x75852BBC-->00000000 [unknown_code_page]
[236]iexplore.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x758544B1-->00000000 [unknown_code_page]
[236]iexplore.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x758546B7-->00000000 [unknown_code_page]
[236]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77CD6448-->00000000 [unknown_code_page]
[236]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77CD5360-->00000000 [unknown_code_page]
[236]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77CD5EE0-->00000000 [unknown_code_page]
[236]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7792CC8F-->00000000 [ieframe.dll]
[236]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x77930E51-->00000000 [ieframe.dll]
[236]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7796D29C-->00000000 [ieframe.dll]
[236]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x77954AA7-->00000000 [ieframe.dll]
[236]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7796CF6A-->00000000 [ieframe.dll]
[236]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7795564A-->00000000 [ieframe.dll]
[236]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7797EA29-->00000000 [ieframe.dll]
[236]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7797EA4D-->00000000 [ieframe.dll]
[236]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7797E8C9-->00000000 [ieframe.dll]
[236]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7797E9C3-->00000000 [ieframe.dll]
[236]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7793210A-->00000000 [ieframe.dll]
[236]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7792CC7B-->00000000 [ieframe.dll]
[4908]wuauclt.exe-->mswsock.dll+0x00002BBC, Type: Inline - RelativeJump 0x75852BBC-->00000000 [unknown_code_page]
[4908]wuauclt.exe-->mswsock.dll+0x000044B1, Type: Inline - RelativeJump 0x758544B1-->00000000 [unknown_code_page]
[4908]wuauclt.exe-->mswsock.dll+0x000046B7, Type: Inline - RelativeJump 0x758546B7-->00000000 [unknown_code_page]
[4908]wuauclt.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x77CD6448-->00000000 [unknown_code_page]
[4908]wuauclt.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x77CD5360-->00000000 [unknown_code_page]
[4908]wuauclt.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x77CD5EE0-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)




I'm not sure what any of that means but that last line def doesn't sound good. Please help!!!

Thank you!
~Shall

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:37 PM

Posted 27 September 2010 - 12:37 AM

Hello,

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users