Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirects


  • Please log in to reply
12 replies to this topic

#1 nashdude

nashdude

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 28 January 2011 - 01:46 PM

My wife downloads a lot of stuff on this computer, and she wound up catching the inevitable virus. When I use a search engine and click on the resulting link, it redirects me to a site I had no intention of going to---TurboTax, a mortgage broker, wierd stuff. And it happens on both IE and Firefox, so I'm pretty sure it's not the brower's fault.

While running a boot-time scan, I intercepted and deleted a number of these, but there are apparently two very nasty ones---one in explorer.exe and one in winlogon.exe, both infected by win32:winpatch. They couldn't be deleted or repaired.

I've updated my Malwarebytes and run it in safe mode---no dice. I went to Google and researched the virus (as best I could on this jacked up computer hehe), and it seems the virus must be taken out manually. Before I start ripping out programs like my 2-year-old disecting a PB&J, I figured I'd better ask the experts :)

Edited by hamluis, 28 January 2011 - 01:58 PM.
Moved from XP forum to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,796 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:23 AM

Posted 03 February 2011 - 02:27 AM

Hello.

Let's try this.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Blade


In your next reply, please include the following:
TDSSKiller Log

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#3 nashdude

nashdude
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 08 February 2011 - 09:56 AM

Sorry. I've been away from the computer for a few days. I'll be posting the results shortly.

#4 nashdude

nashdude
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 08 February 2011 - 10:36 AM

I just ran the TDSS Rootkill tool, but it found no malicious objects, and didn't give me any log to post.

Edited by nashdude, 08 February 2011 - 10:37 AM.


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,796 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:23 AM

Posted 08 February 2011 - 10:30 PM

Hello.

A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).


TDSSKiller should always generate a log. Please double check the above location to see if a log was placed there. If there is a log there, I would like to see it regardless of whether or not the utility detected any malicious objects.

Additionally, are you using a wireless router in your home?

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#6 nashdude

nashdude
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 08 February 2011 - 11:49 PM

Okay, I found the log at the location you specified. Here's what I got...

2011/02/08 09:34:11.0734 1348 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/08 09:34:11.0953 1348 ================================================================================
2011/02/08 09:34:11.0968 1348 SystemInfo:
2011/02/08 09:34:11.0968 1348
2011/02/08 09:34:11.0968 1348 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/08 09:34:11.0968 1348 Product type: Workstation
2011/02/08 09:34:11.0968 1348 ComputerName: BULLARD-N8KW2WA
2011/02/08 09:34:11.0968 1348 UserName: Jeremy & Mary
2011/02/08 09:34:11.0968 1348 Windows directory: C:\WINDOWS
2011/02/08 09:34:11.0968 1348 System windows directory: C:\WINDOWS
2011/02/08 09:34:11.0968 1348 Processor architecture: Intel x86
2011/02/08 09:34:11.0968 1348 Number of processors: 1
2011/02/08 09:34:11.0968 1348 Page size: 0x1000
2011/02/08 09:34:11.0968 1348 Boot type: Normal boot
2011/02/08 09:34:11.0968 1348 ================================================================================
2011/02/08 09:34:12.0515 1348 Initialize success
2011/02/08 09:34:21.0718 4068 ================================================================================
2011/02/08 09:34:21.0718 4068 Scan started
2011/02/08 09:34:21.0718 4068 Mode: Manual;
2011/02/08 09:34:21.0718 4068 ================================================================================
2011/02/08 09:34:22.0375 4068 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/02/08 09:34:22.0515 4068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/08 09:34:22.0562 4068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/08 09:34:22.0656 4068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/08 09:34:22.0734 4068 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/08 09:34:22.0781 4068 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/08 09:34:23.0156 4068 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/02/08 09:34:23.0187 4068 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/02/08 09:34:23.0218 4068 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/02/08 09:34:23.0265 4068 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/02/08 09:34:23.0312 4068 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/02/08 09:34:23.0375 4068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/08 09:34:23.0421 4068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/08 09:34:23.0562 4068 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/08 09:34:23.0640 4068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/08 09:34:23.0703 4068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/08 09:34:23.0875 4068 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
2011/02/08 09:34:23.0968 4068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/08 09:34:24.0046 4068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/08 09:34:24.0140 4068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/08 09:34:24.0203 4068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/08 09:34:24.0234 4068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/08 09:34:24.0453 4068 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/02/08 09:34:24.0578 4068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/08 09:34:24.0656 4068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/08 09:34:24.0718 4068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/08 09:34:24.0781 4068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/08 09:34:24.0828 4068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/08 09:34:24.0921 4068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/08 09:34:24.0968 4068 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/08 09:34:25.0046 4068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/08 09:34:25.0109 4068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/08 09:34:25.0140 4068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/08 09:34:25.0171 4068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/08 09:34:25.0250 4068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/08 09:34:25.0375 4068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/08 09:34:25.0437 4068 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys
2011/02/08 09:34:25.0500 4068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/08 09:34:25.0546 4068 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\WINDOWS\system32\drivers\ftser2k.sys
2011/02/08 09:34:25.0593 4068 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/02/08 09:34:25.0656 4068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/08 09:34:25.0687 4068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/08 09:34:25.0828 4068 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/08 09:34:25.0859 4068 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/08 09:34:25.0890 4068 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/08 09:34:25.0968 4068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/08 09:34:26.0093 4068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/08 09:34:26.0156 4068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/08 09:34:26.0250 4068 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/08 09:34:26.0296 4068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/08 09:34:26.0343 4068 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/08 09:34:26.0406 4068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/08 09:34:26.0453 4068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/08 09:34:26.0500 4068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/08 09:34:26.0625 4068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/08 09:34:26.0671 4068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/08 09:34:26.0734 4068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/08 09:34:26.0781 4068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/08 09:34:26.0843 4068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/08 09:34:26.0890 4068 km_filter (097ba59ba201c9270a704cc04670b553) C:\WINDOWS\system32\drivers\km_filter.sys
2011/02/08 09:34:26.0921 4068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/08 09:34:27.0062 4068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/08 09:34:27.0109 4068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/08 09:34:27.0171 4068 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/02/08 09:34:27.0218 4068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/08 09:34:27.0250 4068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/08 09:34:27.0328 4068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/08 09:34:27.0406 4068 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/08 09:34:27.0484 4068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/08 09:34:27.0546 4068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/08 09:34:27.0593 4068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/08 09:34:27.0625 4068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/08 09:34:27.0687 4068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/08 09:34:27.0734 4068 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/08 09:34:27.0781 4068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/08 09:34:27.0843 4068 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/08 09:34:27.0890 4068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/08 09:34:27.0937 4068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/08 09:34:28.0062 4068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/08 09:34:28.0125 4068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/08 09:34:28.0171 4068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/08 09:34:28.0281 4068 NielGfx (dc810d3a9c6ffa0d265776b72fe82cd1) C:\WINDOWS\system32\drivers\nielgfx.sys
2011/02/08 09:34:28.0328 4068 nielprt (7cd1343788a92427f273ad5cc8bc272b) C:\WINDOWS\system32\DRIVERS\nielprt.sys
2011/02/08 09:34:28.0406 4068 nnrnstdi (c6cd620d974e58bb5e93acb67d08db01) C:\WINDOWS\system32\drivers\nnrnstdi.sys
2011/02/08 09:34:28.0437 4068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/08 09:34:28.0500 4068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/08 09:34:28.0593 4068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/08 09:34:28.0640 4068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/08 09:34:28.0687 4068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/08 09:34:28.0734 4068 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/02/08 09:34:28.0812 4068 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/02/08 09:34:28.0906 4068 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys
2011/02/08 09:34:29.0015 4068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/08 09:34:29.0046 4068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/08 09:34:29.0093 4068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/08 09:34:29.0187 4068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/08 09:34:29.0312 4068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/08 09:34:29.0375 4068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/08 09:34:29.0437 4068 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/02/08 09:34:29.0718 4068 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys
2011/02/08 09:34:29.0843 4068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/08 09:34:29.0875 4068 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/08 09:34:29.0921 4068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/08 09:34:29.0984 4068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/08 09:34:30.0203 4068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/08 09:34:30.0250 4068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/08 09:34:30.0296 4068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/08 09:34:30.0328 4068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/08 09:34:30.0375 4068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/08 09:34:30.0421 4068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/08 09:34:30.0484 4068 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/08 09:34:30.0531 4068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/08 09:34:30.0640 4068 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/02/08 09:34:30.0703 4068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/08 09:34:30.0765 4068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/08 09:34:30.0875 4068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/08 09:34:30.0953 4068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/08 09:34:31.0093 4068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/08 09:34:31.0140 4068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/08 09:34:31.0218 4068 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/08 09:34:31.0265 4068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/08 09:34:31.0312 4068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/08 09:34:31.0515 4068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/08 09:34:31.0593 4068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/08 09:34:31.0671 4068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/08 09:34:31.0718 4068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/08 09:34:31.0765 4068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/08 09:34:31.0875 4068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/08 09:34:31.0953 4068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/08 09:34:32.0062 4068 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/08 09:34:32.0109 4068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/08 09:34:32.0156 4068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/08 09:34:32.0187 4068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/08 09:34:32.0234 4068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/08 09:34:32.0281 4068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/08 09:34:32.0421 4068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/08 09:34:32.0468 4068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/08 09:34:32.0515 4068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/08 09:34:32.0593 4068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/08 09:34:32.0656 4068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/08 09:34:32.0734 4068 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/02/08 09:34:32.0828 4068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/08 09:34:33.0140 4068 ================================================================================
2011/02/08 09:34:33.0140 4068 Scan finished
2011/02/08 09:34:33.0140 4068 ================================================================================
2011/02/08 09:35:18.0796 1288 Deinitialize success


As to the wireless router, yes I do, but my desktop isn't wireless. As I have the system set up now, the line comes out from the cable modem into the router, and then have another line coming out of the wireless into my desktop.

#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,796 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:23 AM

Posted 09 February 2011 - 06:17 AM

As to the wireless router, yes I do, but my desktop isn't wireless. As I have the system set up now, the line comes out from the cable modem into the router, and then have another line coming out of the wireless into my desktop.


So. . . your desktop is connected by wire to the router right? If this is correct please proceed with the below.

You need to reset your router back to factory settings. The exact process varies from model to model, but usually involves pressing in a 'RESET' button with a pin for about 15-30 seconds. The button should be located somewhere on the device. You should consult your router documentation for details.

Note that you will need to reconfigure the router after performing the reset. Additionally, make sure that you secure the router config with a strong password. Again, consult your router documentation for details on this process.

After resetting the router, let me know if the redirects continue.

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#8 nashdude

nashdude
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 09 February 2011 - 09:28 AM

I tried to reset my wireless router (Netgear WPN824v3), but it wouldn't restore to factory settings.

1) According to the documentation, it should have reset by pushing the pinhole button for 20 seconds, until the test light came on. I did this, but the username and password remained the same, so I assume that the router did not reset.

2) According to some internet self-help, I could also reset by unplugging the power, pushing and holding the pinhole reset, replugging the power, and holding the reset for 20 seconds until the test light came on. Again, the username and password remained the same.

3) Finally, I powered down the router, then the cable modem, waited for 30 seconds, repowered the cable modem, then followed the sequence in the above step 2. STILL the username and password are the same.

Just in case some kind of reset slipped by me, I tried the search engine. Still getting the redirects.

#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,796 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:23 AM

Posted 09 February 2011 - 11:57 AM

Hello.

When you say the username and password remained the same, you are referring to a username and password which you set, correct?

If so:

Please try disconnecting the power, and holding down the reset button for at least one minute. Be sure that you are applying firm pressure the entire time.

If this doesn't work you may have a defective router, and should contact netgear support.

Let me know how things go.

~Blade

Edited by Blade Zephon, 09 February 2011 - 11:58 AM.

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#10 nashdude

nashdude
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 09 February 2011 - 12:37 PM

When you say the username and password remained the same, you are referring to a username and password which you set, correct?


Correct.

I did as you suggested. The first way I tried it (the way I thought you meant)---pressing and holding the reset, plugging in the power to the router, and then continuing to hold the reset for one minute before releasing---locked the router up so that the power light blinks and the router never makes it out of the test mode.

The second way I tried it, I went through the steps of booting up the entire system---cable modem first, then router, then computer last---holding the reset on the router for a minute prior to plugging in the power, and continuing to hold it until the test light came on.

Either way I went, the router did not restore to factory default.

I can accept that my router is defective, but it's still curious to me how the desktop---which is WIRED into the router---is suffering search engine redirects while the other computers which are wireless are not. Also, upon startup, my Avast continues to warn me of "Threat has been detected", referencing and blocking a Win32:winlogon.exe---again, something that my wireless computers are not suffering.

***EDIT***

Going on a hunch, I just bypassed the wireless router completely, going straight from my cable modem into my computer. Again, I started from scratch, powering everything down and then booting up in sequence. As soon as my Avast loaded upon startup, I got another Win32:winlogon.exe warning. This time I had time to catch the location of the threat before the warning box disappeared---c:program files/google/update/googleupdate.exe

My router probably does have issues, but [a] my wireless computers still work fine, and [b] my desktop still gives warnings even when the router has been taken out of the equation.

Edited by nashdude, 09 February 2011 - 01:17 PM.


#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,796 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:23 AM

Posted 10 February 2011 - 04:07 PM

Hello.

it's still curious to me how the desktop---which is WIRED into the router---is suffering search engine redirects while the other computers which are wireless are not.


Whether a machine is wired into the router or uses the wireless signal doesn't matter; the data still passes through the router. However, the fact that you have other computers on your network which are not being redirected does matter. I didn't realize this was the case, and it effectively eliminates the router as a possible cause, as does the test you performed. I would still get the router checked out on the side. . . not being able to reset the router can turn into a huge problem if it's ever compromised.

***************************************************

Let's get an ARK scan.

Please download Rootkit Unhooker and save it to your Desktop
Alternate Link 1 (.exe file)
Alternate Link 2 (zipped file)
Alternate Link 3 (.rar file)[*]Double-click on RKUnhookerLE to run it
[*]Click the Report tab, then click Scan
[*]Check Drivers, Stealth and uncheck the rest
[*]Click OK
[*]Wait until it's finished and then go to File > Save Report
[*]Save the report to your Desktop
[/list]Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


If you do, please proceed normally.

~Blade


In your next reply, please include the following:
RKU Log

Edited by Blade Zephon, 10 February 2011 - 04:09 PM.

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#12 nashdude

nashdude
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 10 February 2011 - 09:22 PM

Thanks for the reply about the router, and the advice :)

Okay, here's the report...

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF108000 C:\WINDOWS\System32\ati3duag.dll 2240512 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7A38000 C:\WINDOWS\system32\drivers\P16X.sys 1331200 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xF7BA0000 C:\WINDOWS\system32\DRIVERS\BCMSM.sys 1101824 bytes (Broadcom Corporation, Modem Device Driver)
0xF7CE5000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 897024 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF834D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF084000 C:\WINDOWS\System32\atikvmag.dll 540672 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF845A000 wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xBF32B000 C:\WINDOWS\System32\ativvaxx.dll 479232 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB24EF000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF786B000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB26EA000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB1821000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB24A8000 C:\WINDOWS\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)
0xBF3A0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB1308000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF04A000 C:\WINDOWS\System32\ati2cqag.dll 237568 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 229376 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF84E7000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB1AA9000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8320000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF79E8000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB25FF000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB269C000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB26C4000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB0B05000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF7A14000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7CAD000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF79A5000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 143360 bytes (Intel Corporation, NDIS 5 driver)
0xF7B7D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB267A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF79C8000 C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 131072 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xF8403000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF843B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF8306000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF8423000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB2468000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB2109000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF83DA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF797A000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB1DFE000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7991000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7CD1000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB2743000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF83F1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF84D6000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7969000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7929000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8746000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8736000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8716000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8756000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB2120000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8606000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8666000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xF8586000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7939000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF8726000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8776000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8566000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8546000 C:\WINDOWS\System32\Drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF85B6000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF8796000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8596000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF8686000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8766000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8556000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8786000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8626000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF8536000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF85F6000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF85C6000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8576000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8706000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF87A6000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8646000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB1C86000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF8636000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF887E000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8826000 C:\WINDOWS\System32\Drivers\nnrnstdi.SYS 32768 bytes (The Nielsen Company, NNRNSTDI helper driver)
0xF8806000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8896000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF8866000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF88A6000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF87B6000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF88AE000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB0B89000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF884E000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF88D6000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF88CE000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF88B6000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF88BE000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF87C6000 nielprt.sys 24576 bytes (The Nielsen Company, Nielsen Portcls Patch Driver)
0xF885E000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF87E6000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF881E000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF8936000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF87F6000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF87BE000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8906000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8916000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF88F6000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF891E000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB2652000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF89C6000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7DD8000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB2290000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB2772000 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 16384 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF8A12000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB2656000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xB2394000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF8946000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB263A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8A0A000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF8A02000 C:\WINDOWS\system32\drivers\km_filter.sys 12288 bytes (The Nielsen Company, Audio Filter Driver)
0xF8A2A000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF89DE000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8A60000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8A88000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8A5C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A3A000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8A36000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8A64000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8A42000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8A76000 C:\WINDOWS\System32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xF8A68000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8A54000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8A58000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A38000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8BB8000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8C70000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8BEC000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8AFE000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x05E30000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 102400 bytes
0x068F0000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 1150976 bytes
0x00D70000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0xFC9DBDA0 ] PID: 1256, 118784 bytes
0x038F0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 118784 bytes
0x07050000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 118784 bytes
0x05D20000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 135168 bytes
0x055F0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 151552 bytes
0x060B0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 1740800 bytes
0x05E90000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 217088 bytes
0x05620000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 233472 bytes
0x00F40000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0xFC9DBDA0 ] PID: 1256, 28672 bytes
0x01170000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0xFC9DBDA0 ] PID: 1256, 28672 bytes
0x00DA0000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x00DD0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x039B0000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x03D30000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x03EB0000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x03EE0000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x03F00000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x04330000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x04350000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x04CE0000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x04BC0000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x04BE0000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x04C90000 Hidden Image-->DEM.OS.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x04C80000 Hidden Image-->DEM.OS.I0602.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x04CB0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x04E50000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x04E30000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x04EC0000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05150000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05040000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05160000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05190000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x057A0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05260000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x052B0000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05290000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x052C0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05580000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x055A0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x055E0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05670000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05960000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x058B0000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05B30000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05AB0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05B50000 Hidden Image-->Branding.dll [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05B80000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05C50000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x05E80000 Hidden Image-->atixclib.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 28672 bytes
0x04C10000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 299008 bytes
0x07000000 Hidden Image-->CLI.Aspect.SmartGart.Graphics.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 299008 bytes
0x01180000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0xFC9DBDA0 ] PID: 1256, 307200 bytes
0x00E10000 Hidden Image-->System.Runtime.Remoting.dll [ EPROCESS 0x81B0F5C0 ] PID: 2640, 307200 bytes
0x03810000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0xFC9DBDA0 ] PID: 1256, 36864 bytes
0x03840000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0xFC9DBDA0 ] PID: 1256, 36864 bytes
0x05250000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x00D70000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x03930000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x03980000 Hidden Image-->AxInterop.WBOCXLib.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x039D0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x03D40000 Hidden Image-->Interop.WBOCXLib.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x04BB0000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x04C70000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x051C0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x05270000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x05310000 Hidden Image-->CLI.Aspect.SmartGart.Graphics.Runtime.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x05320000 Hidden Image-->CLI.Aspect.SmartGart.Graphics.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x05B40000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 36864 bytes
0x06460000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 372736 bytes
0x06FA0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 372736 bytes
0x05AC0000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 413696 bytes
0x06D10000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 446464 bytes
0x00DA0000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0xFC9DBDA0 ] PID: 1256, 45056 bytes
0x00E10000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0xFC9DBDA0 ] PID: 1256, 45056 bytes
0x039C0000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 45056 bytes
0x00D90000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 45056 bytes
0x00E70000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 45056 bytes
0x04EE0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 45056 bytes
0x05180000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 45056 bytes
0x051B0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 45056 bytes
0x04410000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x81B0F5C0 ] PID: 2640, 454656 bytes
0x06F20000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 462848 bytes
0x05D50000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 503808 bytes
0x05500000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 512000 bytes
0x039A0000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 53248 bytes
0x03970000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 53248 bytes
0x039E0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 53248 bytes
0x03D20000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 53248 bytes
0x03F20000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 53248 bytes
0x051D0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 53248 bytes
0x05E20000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 53248 bytes
0x05B60000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 53248 bytes
0x05950000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 53248 bytes
0x058C0000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 552960 bytes
0x051F0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 61440 bytes
0x05200000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 61440 bytes
0x05350000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 61440 bytes
0x00E20000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0xFC9DBDA0 ] PID: 1256, 69632 bytes
0x00DE0000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 69632 bytes
0x03910000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 69632 bytes
0x04BF0000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 69632 bytes
0x05020000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 69632 bytes
0x05330000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 69632 bytes
0x05C60000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 724992 bytes
0x05120000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 77824 bytes
0x05230000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 77824 bytes
0x06E50000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 806912 bytes
0x00DB0000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 86016 bytes
0x05100000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 86016 bytes
0x055C0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 86016 bytes
0x03950000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 94208 bytes
0x04CF0000 Hidden Image-->ATIDEMOS.DLL [ EPROCESS 0x81B0F5C0 ] PID: 2640, 94208 bytes



#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,796 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:23 AM

Posted 13 February 2011 - 09:58 PM

Shoot! I thought I replied to this already.

I apologize for the delay.

It appears that the issues on your system will require a more in-depth examination than can be performed in this forum. Please read the information in this guide, and follow all the steps beginning with step 6. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The MRT is very busy, so it could be several days (3-5 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users