Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sudden severe slowdown of computer


  • This topic is locked This topic is locked
16 replies to this topic

#1 Xwsx777

Xwsx777

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 13 March 2010 - 12:27 PM

I am currently attempting to go through the steps in "Slow Computer?"

Yesterday (March 12, 2010) I woke up and a family member asked me, "whats wrong with the computer it won't start up?" I checked it out and it wouldn't load up the log-in screen of windows. I also noticed that when I turned it on, it showed me the option to start it in Safe Mode. After 2 failed attempts at starting normally once and Safe Mode once, I decided to choose the option "Start up windows with last known working settings" (something like that). It took over an hour but it worked, but it also loaded up all the start up programs and such VERY slowly. Before it would take about 5-10 mins (yes it seems too long, but that's pretty much how it always started), but now it takes up to 30 mins! Then when i tried to right click program icons (the ones next to the time) in order to close some, it took about one minute in order to show the options. Also, all the printers were deleted and now our Microsoft Office programs are expired. Whenever it tries to run the start-up program for Netzero, it says it's unable to because it has been corrupted (we no longer use netzero, so I'd like this removed completely).

I don't know who was on the computer last, what they were doing, whether they went to untrustworthy sites, or whether they downloaded anything. I have already Defragmented both C and D drives, no significant changes. I did attempt to virus scan, but it stopped due to unknown reasons. Avast! said it was "Unable to scan certain files" or something like if it couldn't go any further, but a relative may have ended the virus scan early (because comp was working to slow for them to enjoy it).

There was a virus in another user but we stopped using that user because it was getting annoying. The virus was labeled as "b.exe" and it would play random noises from videos or interactive ads. We noticed that it only affected that specific user so we refrained from using it. I would also like this virus removed, hopefully it hasn't come back to bite me in the butt a different way.

Please let me know if you need any more information, but this is all I could remember. Please help us with these two problems the slowdown is getting to be a headache (My parents do not wait for the computer to catch up, they keep clicking things so it can go faster :thumbsup: ).
Posted Image

BC AdBot (Login to Remove)

 


#2 trollocks

trollocks

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:52 PM

Posted 13 March 2010 - 12:40 PM

Please download Malwarebytes from Here or Here
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report

#3 Xwsx777

Xwsx777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 13 March 2010 - 01:27 PM

It says to restart, so I'm restarting now. Amazingly it found some stuff in the first few minutes even though yesterday I tried a full scan and after 4 hours it still didn't show anything so I stopped it. Here is the log...

-------------------------------------------------------------

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/13/2010 1:23:41 PM
mbam-log-2010-03-13 (13-23-41).txt

Scan type: Quick Scan
Objects scanned: 138065
Time elapsed: 16 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Posted Image

#4 trollocks

trollocks

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:52 PM

Posted 13 March 2010 - 01:34 PM

Your database is very old.it shows 3510.It is now 3863.Update and run another scan.Post the log

#5 Xwsx777

Xwsx777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 13 March 2010 - 01:52 PM

I updated it before scanning but I will do it again , although it did seem strange that the date said 01/07/2010. Currently waiting for computer to load up (using ps3 browser).

EDIT: Updating

Edited by Xwsx777, 13 March 2010 - 02:01 PM.

Posted Image

#6 Xwsx777

Xwsx777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 13 March 2010 - 02:35 PM

Ok, it's done. It took longer this time. Should I restart it because it takes a long time for it to load up? Here is the log...

------------------------------------

Malwarebytes' Anti-Malware 1.44
Database version: 3863
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/13/2010 2:31:50 PM
mbam-log-2010-03-13 (14-31-50).txt

Scan type: Quick Scan
Objects scanned: 149372
Time elapsed: 30 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xzT7VrlS.exe.part (Adware.Hotbar) -> Quarantined and deleted successfully.
Posted Image

#7 trollocks

trollocks

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:52 PM

Posted 13 March 2010 - 02:51 PM

No need to reboot yet.


Clean out your temp files.
Download Attribune's ATF Cleaner and save to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

Download Superantispyware free version and save to desktop.Double click to install.

Open superantispyware from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.

#8 Xwsx777

Xwsx777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 13 March 2010 - 05:07 PM

The computer still takes the same amount of time to start up. Also I noticed that after the scan, when I minimized Firefox (it was lagging because it just finished scan), but for a second a blue screen flashed with some white text on it but it quickly disappeared so I didn't get a chance to read it. Other than that, besides the start up, it seems as though the computer is getting faster. I can't really tell because most of the time it lags while I'm playing games which, before this incident played without any lag (So if there is lag after start up, I wouldn't really know yet).

EDIT: Parents want me to go somewhere (I don't want to go), but I'll be back later please post what else I may need to do.

---------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/13/2010 at 04:11 PM

Application Version : 4.34.1000

Core Rules Database Version : 4671
Trace Rules Database Version: 2483

Scan type : Complete Scan
Total Scan Time : 01:06:53

Memory items scanned : 508
Memory threats detected : 0
Registry items scanned : 8227
Registry threats detected : 10
File items scanned : 35426
File threats detected : 121

Adware.MyWebSearch
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-2954400660-1623874938-1004999022-1009\SOFTWARE\FunWebProducts
HKU\.DEFAULT\SOFTWARE\MyWebSearch
HKU\S-1-5-18\SOFTWARE\MyWebSearch

Rogue.AdvancedVirusRemover
HKU\S-1-5-21-2954400660-1623874938-1004999022-1009\Software\Microsoft\Windows\CurrentVersion\Run#Advanced Virus Remover [ C:\Program Files\AdvancedVirusRemover\PAVRM.exe ]

Adware.Tracking Cookie
C:\Documents and Settings\Alex\Cookies\alex@www.greatteengirl[2].txt
C:\Documents and Settings\Alex\Cookies\alex@revsci[2].txt
C:\Documents and Settings\Alex\Cookies\alex@teenporntale[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ad.flux[2].txt
C:\Documents and Settings\Alex\Cookies\alex@interclick[2].txt
C:\Documents and Settings\Alex\Cookies\alex@pornfuze[2].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.bootcampmedia[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.nascar[1].txt
C:\Documents and Settings\Alex\Cookies\alex@www.consumersdiscountrx[1].txt
C:\Documents and Settings\Alex\Cookies\alex@adserver.adtechus[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.cnn[1].txt
C:\Documents and Settings\Alex\Cookies\alex@findabsolutely[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.localadlink[2].txt
C:\Documents and Settings\Alex\Cookies\alex@ad1.clickhype[1].txt
C:\Documents and Settings\Alex\Cookies\alex@richmedia.yahoo[1].txt
C:\Documents and Settings\Alex\Cookies\alex@redirect.clickshield[1].txt
C:\Documents and Settings\Alex\Cookies\alex@www.findnumerous[1].txt
C:\Documents and Settings\Alex\Cookies\alex@mediatraffic[1].txt
C:\Documents and Settings\Alex\Cookies\alex@shefinds[1].txt
C:\Documents and Settings\Alex\Cookies\alex@theclickcheck[2].txt
C:\Documents and Settings\Alex\Cookies\alex@ad.zanox[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.addesktop[1].txt
C:\Documents and Settings\Alex\Cookies\alex@incentaclick[2].txt
C:\Documents and Settings\Alex\Cookies\alex@eyewonder[1].txt
C:\Documents and Settings\Alex\Cookies\alex@www.apartmentfinder[2].txt
C:\Documents and Settings\Alex\Cookies\alex@apartmentfinder[1].txt
C:\Documents and Settings\Alex\Cookies\alex@findtarget.ftadsrvr[1].txt
C:\Documents and Settings\Alex\Cookies\alex@tsprotraffic[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.mail[2].txt
C:\Documents and Settings\Alex\Cookies\alex@adprotraffic[1].txt
C:\Documents and Settings\Alex\Cookies\alex@tubepornstars[2].txt
C:\Documents and Settings\Alex\Cookies\alex@toseeka[1].txt
C:\Documents and Settings\Alex\Cookies\alex@dc.tremormedia[2].txt
C:\Documents and Settings\Alex\Cookies\alex@www.incentaclick[2].txt
C:\Documents and Settings\Alex\Cookies\alex@www.justclicklocal[2].txt
C:\Documents and Settings\Alex\Cookies\alex@optimize.indieclick[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\Alex\Cookies\alex@www.shefinds[1].txt
C:\Documents and Settings\Alex\Cookies\alex@clickshift[1].txt
C:\Documents and Settings\Alex\Cookies\alex@tracking.realtor[1].txt
C:\Documents and Settings\Alex\Cookies\alex@feed.validclick[1].txt
C:\Documents and Settings\Alex\Cookies\alex@link.mercent[2].txt
C:\Documents and Settings\Alex\Cookies\alex@click[1].txt
C:\Documents and Settings\Alex\Cookies\alex@admarketplace[1].txt
C:\Documents and Settings\Alex\Cookies\alex@counter.surfcounters[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ero-advertising[2].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.lucidmedia[1].txt
C:\Documents and Settings\Alex\Cookies\alex@www.bigfind[1].txt
C:\Documents and Settings\Alex\Cookies\alex@liveperson[2].txt
C:\Documents and Settings\Alex\Cookies\alex@traffic[2].txt
C:\Documents and Settings\Alex\Cookies\alex@fastclick[2].txt
C:\Documents and Settings\Alex\Cookies\alex@specificmedia[1].txt
C:\Documents and Settings\Alex\Cookies\alex@tracking.the7thchamber[2].txt
C:\Documents and Settings\Alex\Cookies\alex@www.liveperson[1].txt
C:\Documents and Settings\Alex\Cookies\alex@clubxxxcams[2].txt
C:\Documents and Settings\Alex\Cookies\alex@www.naked-nature-girls[2].txt
C:\Documents and Settings\Alex\Cookies\alex@media.mtvnservices[2].txt
C:\Documents and Settings\Alex\Cookies\alex@www.bonusfind[1].txt
C:\Documents and Settings\Alex\Cookies\alex@media.adfrontiers[1].txt
C:\Documents and Settings\Alex\Cookies\alex@www.clubxxxcams[2].txt
C:\Documents and Settings\Alex\Cookies\alex@clickthrough.kanoodle[1].txt
C:\Documents and Settings\Alex\Cookies\alex@xml.trafficengine[2].txt
C:\Documents and Settings\Alex\Cookies\alex@media6degrees[2].txt
C:\Documents and Settings\Alex\Cookies\alex@clickbank[1].txt
C:\Documents and Settings\Alex\Cookies\alex@insightexpressai[2].txt
C:\Documents and Settings\Alex\Cookies\alex@www.findstuff[1].txt
C:\Documents and Settings\Alex\Cookies\alex@www.directnetadvertising[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.financialcontent[2].txt
C:\Documents and Settings\Alex\Cookies\alex@bridge1.admarketplace[1].txt
C:\Documents and Settings\Alex\Cookies\alex@icityfind[2].txt
C:\Documents and Settings\Alex\Cookies\alex@track.search-bio[1].txt
C:\Documents and Settings\Alex\Cookies\alex@www.sexvideos-x[1].txt
C:\Documents and Settings\Alex\Cookies\alex@adultadworld[1].txt
C:\Documents and Settings\Alex\Cookies\alex@www.sexxsexx[1].txt
C:\Documents and Settings\Alex\Cookies\alex@clicksor[2].txt
C:\Documents and Settings\Alex\Cookies\alex@yourclick[1].txt
C:\Documents and Settings\Alex\Cookies\alex@www.find-facts[1].txt
C:\Documents and Settings\Alex\Cookies\alex@invitemedia[2].txt
C:\Documents and Settings\Alex\Cookies\alex@ad.spreety[1].txt
C:\Documents and Settings\Alex\Cookies\alex@www.icityfind[1].txt
C:\Documents and Settings\Alex\Cookies\alex@www.700xxx[1].txt
C:\Documents and Settings\Alex\Cookies\alex@myroitracking[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ts.protraffic[1].txt
C:\Documents and Settings\Alex\Cookies\alex@linksynergy[2].txt
C:\Documents and Settings\Alex\Cookies\alex@amateurslutsporn[2].txt
C:\Documents and Settings\Alex\Cookies\alex@freepornsecret[2].txt
C:\Documents and Settings\Alex\Cookies\alex@clicks.smartbizsearch[1].txt
C:\Documents and Settings\Alex\Cookies\alex@cp.findsumpin[2].txt
C:\Documents and Settings\Alex\Cookies\alex@snip.wwww.findstuff[1].txt
C:\Documents and Settings\Alex\Cookies\alex@6917.53480.clickshield[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.us.e-planning[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.tcmdb[1].txt
C:\Documents and Settings\Alex\Cookies\alex@teeniesmile[2].txt
C:\Documents and Settings\Alex\Cookies\alex@beacon.dmsinsights[2].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.undertone[2].txt
C:\Documents and Settings\Alex\Cookies\alex@yoursexyteens[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.nexon[2].txt
C:\Documents and Settings\Alex\Cookies\alex@eas.apm.emediate[2].txt
C:\Documents and Settings\Alex\Cookies\alex@fargo.apartmentfinder[1].txt
C:\Documents and Settings\Alex\Cookies\alex@wwww.findstuff[2].txt
C:\Documents and Settings\Alex\Cookies\alex@snip.www.findstuff[1].txt
C:\Documents and Settings\Alex\Cookies\alex@a1.interclick[2].txt
C:\Documents and Settings\Alex\Cookies\alex@934453209.finditquickad[2].txt
C:\Documents and Settings\Alex\Cookies\alex@adbrite[2].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.audxch[2].txt
C:\Documents and Settings\Alex\Cookies\alex@atlas.entrepreneur[1].txt
C:\Documents and Settings\Alex\Cookies\alex@banner_js[2].txt
C:\Documents and Settings\Alex\Cookies\alex@banner_js[3].txt
C:\Documents and Settings\Alex\Cookies\alex@base.liveperson[1].txt
C:\Documents and Settings\Alex\Cookies\alex@chitika[1].txt
C:\Documents and Settings\Alex\Cookies\alex@collective-media[1].txt
C:\Documents and Settings\Alex\Cookies\alex@crackle[2].txt
C:\Documents and Settings\Alex\Cookies\alex@dallas.apartmentfinder[1].txt
C:\Documents and Settings\Alex\Cookies\alex@dr.findlinks[1].txt
C:\Documents and Settings\Alex\Cookies\alex@findaccurate[1].txt
C:\Documents and Settings\Alex\Cookies\alex@intermundomedia[2].txt
C:\Documents and Settings\Alex\Cookies\alex@kontera[2].txt
C:\Documents and Settings\Alex\Cookies\alex@pureteen[2].txt
C:\Documents and Settings\Alex\Cookies\alex@sales.liveperson[1].txt
C:\Documents and Settings\Alex\Cookies\alex@www.onesextube[1].txt
C:\Documents and Settings\Alex\Cookies\alex@xxxymovies[1].txt

Edited by Xwsx777, 13 March 2010 - 05:45 PM.

Posted Image

#9 trollocks

trollocks

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:52 PM

Posted 13 March 2010 - 06:01 PM

Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode".
If you cannot boot into safe mode or complete a scan, then try doing it in normal mode. Be aware, this scan could take a very long time to complete.
-- Post the log in your next reply. If you can't find the log, try to write down what was detected/removed before exiting Dr.WebCureIt so you can provide that information.

#10 Xwsx777

Xwsx777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 13 March 2010 - 09:32 PM

It went through Express Scan just fine, it found no viruses. 1st time I tried to do a Complete Scan it stopped saying it couldnt continue due to a virus, the name of it was just as random as the Dr Web name. I tried again...the 2nd time it just restarted by itself without me doing anything. I turned it off (pressing power button) cause I wasnt sure if I should start it again.

PS- My mom is getting pissy. D:
EDIT: I'm going to sleep, since I imagine you did the same. Please post again in the morning.

Edited by Xwsx777, 13 March 2010 - 10:09 PM.

Posted Image

#11 trollocks

trollocks

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:52 PM

Posted 14 March 2010 - 03:27 AM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


#12 Xwsx777

Xwsx777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 15 March 2010 - 02:10 AM

It is done, here is the report...

-----------------------------------------

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/03/15 02:47
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF1FA1000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7BD6000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP2508
Image Path: \Driver\PCI_PNP2508
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEE649000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spnn.sys
Image Path: spnn.sys
Address: 0xF745D000 Size: 1040384 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x84b25568

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1fe4c56

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1fe4b12

#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x84b25a90

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x84b25a18

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x84b25838

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1fe50c6

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1fe4ff0

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1fe46e8

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spnn.sys" at address 0xf747bca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spnn.sys" at address 0xf747c030

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1fe4bec

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1fe4628

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1fe468c

#: 160 Function Name: NtQueryKey
Status: Hooked by "spnn.sys" at address 0xf747c108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1fe4d0c

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x84b255e0

#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x84b25478

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1fe5194

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1fe4ccc

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x84b256d0

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x84b25bf8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x84b25928

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x84b25748

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf1fe4e4c

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x84b258b0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x84b25658

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xf20f0320

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x84b257c0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x84b254f0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x84b6f1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x846a0500 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x84bde1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x84bde1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84bde1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x84bde1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84bde1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x84bde1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x84754500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x84754500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x84754500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x84754500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84754500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84754500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84754500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84754500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x84754500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84754500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x84754500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System Address: 0x84665500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System Address: 0x84665500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System Address: 0x84665500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System Address: 0x84665500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84665500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System Address: 0x84665500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84665500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System Address: 0x84665500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x847771f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x847771f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x847771f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x847771f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x847771f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x847771f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x847771f8 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE]
Process: System Address: 0x84b711f8 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_CLOSE]
Process: System Address: 0x84b711f8 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84b711f8 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84b711f8 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_POWER]
Process: System Address: 0x84b711f8 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84b711f8 Size: 121

Object: Hidden Code [Driver: iaStor, IRP_MJ_PNP]
Process: System Address: 0x84b711f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x84bdf1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x84bdf1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x84bdf1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84bdf1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84bdf1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84bdf1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84bdf1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x84bdf1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x84bdf1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84bdf1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x84bdf1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8439d1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8439d1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8439d1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8439d1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8439d1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8439d1f8 Size: 121

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x846e76f8 Size: 2313

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x846e7680 Size: 2433

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x846e7608 Size: 2553

Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x845fad18 Size: 745

Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x845faca0 Size: 865

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x845fac28 Size: 985

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x845fabb0 Size: 1105

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x8461f978 Size: 1185

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x8461f900 Size: 1305

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8461f888 Size: 1425

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8461f810 Size: 1545

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8465ce10 Size: 314

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8465cd98 Size: 434

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8465cd20 Size: 554

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8465cca8 Size: 674

Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8469e770 Size: 2193

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8469e6f8 Size: 2313

Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8469e680 Size: 2433

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x8469e608 Size: 2553

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8469ec08 Size: 1017

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8469eb90 Size: 1137

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8469eb18 Size: 1257

Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x8469eaa0 Size: 1377

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8468bc08 Size: 1017

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8468bb90 Size: 1137

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8468bb18 Size: 1257

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8468baa0 Size: 1377

Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0x846f3790 Size: 614

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x847601f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x847601f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x847601f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x847601f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x847601f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x847601f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x847601f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x843261f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0x845fb500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0x845fb500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_READ]
Process: System Address: 0x845fb500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x845fb500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x845fb500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x845fb500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x845fb500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x845fb500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x845fb500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_SHUTDOWN]
Process: System Address: 0x845fb500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x845fb500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_CLEANUP]
Process: System Address: 0x845fb500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ瑎晦븸䟠Ȃఉ䵃慖, IRP_MJ_PNP]
Process: System Address: 0x845fb500 Size: 121

==EOF==
Posted Image

#13 trollocks

trollocks

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:52 PM

Posted 15 March 2010 - 05:31 AM

Looks like you will need stronger tools than i am able to help you with.

Go here and complete steps 6-9

Then post your logs here

There maybe a few days wait for help so be patient and don't bump your topic.

Any problems doing the above post back here.

#14 Xwsx777

Xwsx777
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 15 March 2010 - 05:09 PM

The GEMR scan is taking extremely long. I started it at around 9:30AM EST & it's now 5:45PM EST. It seems to be progrssin higher numbers for a file name. It's scanning:
SOFTWARE\Classes\Interface\(Insert alot of numbers & letters/TypeLib...
SOFTWARE\Classes\Interface\(Insert alot of numbers & letters/ProxyStut...
SOFTWARE\Classes\Interface\(Insert alot of numbers & letters/NumMe...
The numbers are going up so it seems like it's progressing. Does it usually take insanely long for a GEMR scan? Should I post what I have minus the GEMR scan on a new thread? I'll understand if it's recommended/necessary/essential though.

Edited by Xwsx777, 15 March 2010 - 05:11 PM.

Posted Image

#15 trollocks

trollocks

  • Members
  • 370 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:05:52 PM

Posted 15 March 2010 - 05:32 PM

It shouldn't take that long but it can happen.Give it a bit longer.If you have the dds logs that will be enough to start your new thread if it doesnt finish.You can also post the rootrepeal log as a substitute for GMER.Mention in your new thread about GMER taking so long.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users