Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting links


  • Please log in to reply
5 replies to this topic

#1 mateojack100

mateojack100

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 16 December 2009 - 06:32 PM

So I've got this problem with being redirected to random sites. I've looked at other topics here and I have followed instructions and ran both MBAM and RootRepeal and have logs for both. here are both of the logs. Please help.

MBAM

Malwarebytes' Anti-Malware 1.42
Database version: 3378
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12/16/2009 6:13:24 PM
mbam-log-2009-12-16 (18-13-24).txt

Scan type: Quick Scan
Objects scanned: 119212
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\NeoChronos (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Margotte (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


RootRepeal

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/12/16 18:27
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x91E6B000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x91E60000 Size: 45056 File Visible: No Signed: -
Status: -

Name: kymmx.sys
Image Path: C:\Windows\System32\drivers\kymmx.sys
Address: 0x8A1AB000 Size: 54016 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA45B1000 Size: 49152 File Visible: No Signed: -
Status: -

Name: splv.sys
Image Path: C:\Windows\System32\Drivers\splv.sys
Address: 0x8A238000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\$RECYCLE.BIN
Status: Visible to the Windows API, but not on disk.

Path: C:\-20070716.log
Status: Visible to the Windows API, but not on disk.

Path: C:\.jagex_cache_32
Status: Visible to the Windows API, but not on disk.

Path: C:\Acer
Status: Visible to the Windows API, but not on disk.

Path: C:\ATI
Status: Visible to the Windows API, but not on disk.

Path: C:\autoexec.bat
Status: Visible to the Windows API, but not on disk.

Path: C:\bdlog.txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Book
Status: Visible to the Windows API, but not on disk.

Path: C:\Boot
Status: Visible to the Windows API, but not on disk.

Path: C:\bootmgr
Status: Visible to the Windows API, but not on disk.

Path: C:\BOOTSECT.BAK
Status: Visible to the Windows API, but not on disk.

Path: C:\CLMS.log
Status: Visible to the Windows API, but not on disk.

Path: C:\config.sys
Status: Visible to the Windows API, but not on disk.

Path: C:\Cucu_Video_log.txt
Status: Visible to the Windows API, but not on disk.

Path: C:\data.uha
Status: Visible to the Windows API, but not on disk.

Path: C:\data1.uha
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings
Status: Visible to the Windows API, but not on disk.

Path: C:\DRV
Status: Visible to the Windows API, but not on disk.

Path: C:\dvdsanta
Status: Visible to the Windows API, but not on disk.

Path: C:\Fraps
Status: Visible to the Windows API, but not on disk.

Path: C:\Intel
Status: Visible to the Windows API, but not on disk.

Path: C:\IO.SYS
Status: Visible to the Windows API, but not on disk.

Path: C:\IPH.PH
Status: Visible to the Windows API, but not on disk.

Path: C:\Keys
Status: Visible to the Windows API, but not on disk.

Path: C:\MDisc.log
Status: Visible to the Windows API, but not on disk.

Path: C:\MDR.log
Status: Visible to the Windows API, but not on disk.

Path: C:\MP4debug.log
Status: Visible to the Windows API, but not on disk.

Path: C:\MSDOS.SYS
Status: Visible to the Windows API, but not on disk.

Path: C:\MSOCache
Status: Visible to the Windows API, but not on disk.

Path: C:\mythxuha.exe
Status: Visible to the Windows API, but not on disk.

Path: C:\NVIDIA
Status: Visible to the Windows API, but not on disk.

Path: C:\pagefile.sys
Status: Visible to the Windows API, but not on disk.

Path: C:\playboy_-_the_mansion.exe
Status: Visible to the Windows API, but not on disk.

Path: C:\PMovie.log
Status: Visible to the Windows API, but not on disk.

Path: C:\PnR.log
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files
Status: Visible to the Windows API, but not on disk.

Path: C:\ProgramData
Status: Visible to the Windows API, but not on disk.

Path: C:\Programs
Status: Visible to the Windows API, but not on disk.

Path: C:\PSD.log
Status: Visible to the Windows API, but not on disk.

Path: C:\PSFONTS
Status: Visible to the Windows API, but not on disk.

Path: C:\RHDSetup.log
Status: Visible to the Windows API, but not on disk.

Path: C:\SDMA.log
Status: Visible to the Windows API, but not on disk.

Path: C:\setup.bat
Status: Visible to the Windows API, but not on disk.

Path: C:\setup.log
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information
Status: Visible to the Windows API, but not on disk.

Path: C:\Temp
Status: Visible to the Windows API, but not on disk.

Path: C:\TempDVD
Status: Visible to the Windows API, but not on disk.

Path: C:\Users
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows
Status: Visible to the Windows API, but not on disk.

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1316 Status: Locked to the Windows API!

SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x86b70400

#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x86c04150

#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x86bc4738

#: 054 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x86b18310

#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x86bcd5a8

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x86bc4908

#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x86bc4558

#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x86b25088

#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x86c67628

#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x86bc4458

#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x86bcd4c8

#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x86bc4828

#: 202 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x86bc4198

#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x86bc9e88

#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x86bc40b8

#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x86bc4288

#: 306 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x86bcdf38

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x86bcd428

#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x86bcd960

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x86bc49e8

#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x86bcde58

#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x86bc4378

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x86bc4648

Stealth Objects
-------------------
Object: Hidden Module [Name: msgsres.dll]
Process: msnmsgr.exe (PID: 3812) Address: 0x68680000 Size: 11403264

Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll]
Process: msnmsgr.exe (PID: 3812) Address: 0x69c60000 Size: 315392

Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 3812) Address: 0x6a760000 Size: 20480

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8502a1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x850291f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x850291f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x850291f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x850291f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x850291f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x850291f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x850291f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System Address: 0x861eb1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x861eb1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System Address: 0x861eb1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System Address: 0x861eb1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x861eb1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x861eb1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x861eb1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x861eb1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System Address: 0x861eb1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x861eb1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System Address: 0x861eb1f8 Size: 121

Object: Hidden Code [Driver: adxxubc2Ѕ灓摴�訩�訩쁴誕, IRP_MJ_CREATE]
Process: System Address: 0x861ac500 Size: 121

Object: Hidden Code [Driver: adxxubc2Ѕ灓摴�訩�訩쁴誕, IRP_MJ_CLOSE]
Process: System Address: 0x861ac500 Size: 121

Object: Hidden Code [Driver: adxxubc2Ѕ灓摴�訩�訩쁴誕, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x861ac500 Size: 121

Object: Hidden Code [Driver: adxxubc2Ѕ灓摴�訩�訩쁴誕, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x861ac500 Size: 121

Object: Hidden Code [Driver: adxxubc2Ѕ灓摴�訩�訩쁴誕, IRP_MJ_POWER]
Process: System Address: 0x861ac500 Size: 121

Object: Hidden Code [Driver: adxxubc2Ѕ灓摴�訩�訩쁴誕, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x861ac500 Size: 121

Object: Hidden Code [Driver: adxxubc2Ѕ灓摴�訩�訩쁴誕, IRP_MJ_PNP]
Process: System Address: 0x861ac500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x86be61f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x86be61f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x86be61f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x86be61f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86be61f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86be61f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x86be61f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86be61f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x86be61f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x861f7500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x861f7500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x861f7500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x861f7500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x861f7500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x861f7500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x861f7500 Size: 121

Object: Hidden Code [Driver: SmbЅ晖呉倨誻戄舲, IRP_MJ_CREATE]
Process: System Address: 0x86b811f8 Size: 121

Object: Hidden Code [Driver: SmbЅ晖呉倨誻戄舲, IRP_MJ_CLOSE]
Process: System Address: 0x86b811f8 Size: 121

Object: Hidden Code [Driver: SmbЅ晖呉倨誻戄舲, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b811f8 Size: 121

Object: Hidden Code [Driver: SmbЅ晖呉倨誻戄舲, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b811f8 Size: 121

Object: Hidden Code [Driver: SmbЅ晖呉倨誻戄舲, IRP_MJ_CLEANUP]
Process: System Address: 0x86b811f8 Size: 121

Object: Hidden Code [Driver: SmbЅ晖呉倨誻戄舲, IRP_MJ_PNP]
Process: System Address: 0x86b811f8 Size: 121

Object: Hidden Code [Driver: netbt蚐ā, IRP_MJ_CREATE]
Process: System Address: 0x867b11f8 Size: 121

Object: Hidden Code [Driver: netbt蚐ā, IRP_MJ_CLOSE]
Process: System Address: 0x867b11f8 Size: 121

Object: Hidden Code [Driver: netbt蚐ā, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867b11f8 Size: 121

Object: Hidden Code [Driver: netbt蚐ā, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x867b11f8 Size: 121

Object: Hidden Code [Driver: netbt蚐ā, IRP_MJ_CLEANUP]
Process: System Address: 0x867b11f8 Size: 121

Object: Hidden Code [Driver: netbt蚐ā, IRP_MJ_PNP]
Process: System Address: 0x867b11f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt潉†Ј浗剩톘蘠㣰蘠誣, IRP_MJ_CREATE]
Process: System Address: 0x8631f1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt潉†Ј浗剩톘蘠㣰蘠誣, IRP_MJ_CLOSE]
Process: System Address: 0x8631f1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt潉†Ј浗剩톘蘠㣰蘠誣, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8631f1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt潉†Ј浗剩톘蘠㣰蘠誣, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8631f1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt潉†Ј浗剩톘蘠㣰蘠誣, IRP_MJ_POWER]
Process: System Address: 0x8631f1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt潉†Ј浗剩톘蘠㣰蘠誣, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8631f1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt潉†Ј浗剩톘蘠㣰蘠誣, IRP_MJ_PNP]
Process: System Address: 0x8631f1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x850271f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x850271f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x850271f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x850271f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x850271f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x850271f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x850271f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x850271f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x850271f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x850271f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x850271f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x861f41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x861f41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x861f41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x861f41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x861f41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x861f41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x861f41f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]
Process: System Address: 0x87799500 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_CREATE]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_CLOSE]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_READ]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_WRITE]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_CLEANUP]
Process: System Address: 0x86c6e1f8 Size: 121

Object: Hidden Code [Driver: cdfsБ浍慃磨黶蛄讬蘱, IRP_MJ_PNP]
Process: System Address: 0x86c6e1f8 Size: 121

==EOF==


Edited by mateojack100, 16 December 2009 - 06:33 PM.


BC AdBot (Login to Remove)

 


#2 mateojack100

mateojack100
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 16 December 2009 - 08:03 PM

bump

#3 mateojack100

mateojack100
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 16 December 2009 - 11:45 PM

bump. i realize i bumped it 2x today but it got moved to the 2nd page and nobody has replied yet.

#4 mateojack100

mateojack100
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 17 December 2009 - 08:32 PM

BUMP

#5 mateojack100

mateojack100
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 18 December 2009 - 12:22 AM

bump, someone please help. need this looked at asap.

#6 mateojack100

mateojack100
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 19 December 2009 - 10:36 PM

bump, help please.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users