Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected to mevio.com


  • This topic is locked This topic is locked
14 replies to this topic

#1 JB20

JB20

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 07 May 2011 - 01:13 PM

I have noticed that when I do a google search and click on the first link result that I will occasionally get redirected www.mevio.com. I am assuming this means something is wrong with my computer but it is the only thing I have I noticed. Any ideas what could be wrong?

Thanks

BC AdBot (Login to Remove)

 


#2 JB20

JB20
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 08 May 2011 - 03:15 PM

I just got redirected to the mumclub.com

#3 JB20

JB20
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 12 May 2011 - 08:39 PM

Maybe its just some ad on google?

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:23 PM

Posted 30 May 2011 - 11:54 AM

Hello and :welcome: to BleepingComputer.

Let's see what we're dealing with here.

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
***************************************************

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link

IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from http://data.mbamupdates.com/tools/mbam-rules.exe'>here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

~Blade


In your next reply, please include the following:
Malwarebytes Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 JB20

JB20
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 30 May 2011 - 02:22 PM

I was unable to rename the file before saving. I did find two hidden files using GMER, but I could not delete them.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6725

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

5/30/2011 3:20:44 AM
mbam-log-2011-05-30 (03-20-44).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 260639
Time elapsed: 44 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by JB20, 30 May 2011 - 02:42 PM.


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:23 PM

Posted 30 May 2011 - 03:03 PM

Hello.

Let's get an ARK scan.

Please download Rootkit Unhooker and save it to your Desktop
Alternate Link 1 (.exe file)
Alternate Link 2 (zipped file)
Alternate Link 3 (.rar file)[*]Double-click on RKUnhookerLE to run it
[*]Click the Report tab, then click Scan
[*]Check Drivers, Stealth and uncheck the rest
[*]Click OK
[*]Wait until it's finished and then go to File > Save Report
[*]Save the report to your Desktop
[/list]Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


If you do, please proceed normally.

~Blade


In your next reply, please include the following:
RKU Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 JB20

JB20
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 30 May 2011 - 03:13 PM

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x81E5EEF2-->999D17A0 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x81E302F0-->8C78A620 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x81E5CAF3-->999D18E4 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x81E5B033-->999D1980 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0x93EC2D67-->999D0E64 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0x93ECCD21-->999D0DA4 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0x93F2BA4B-->999D0DF8 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0x93EB73F7-->999D0D22 [C:\Windows\system32\DRIVERS\AVGIDSShim.Sys]
==============================================
>Processes
==============================================
0x86745CE8 [12] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x83D02D90 [288] C:\Windows\System32\SearchFilterHost.exe (Microsoft Corporation, Microsoft Windows Search Filter Host)
0x842DC420 [356] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard, hpwuSchd Application)
0x86111020 [452] C:\Windows\System32\smss.exe (Microsoft Corporation, Windows Session Manager)
0x8627D588 [484] C:\PROGRA~1\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o., AVG Cache Server)
0x8430D700 [628] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (-, -)
0x86555420 [664] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x86843020 [684] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x863B3D90 [724] C:\Windows\System32\wininit.exe (Microsoft Corporation, Windows Start-Up Application)
0x86308580 [736] C:\Windows\System32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x863BAD90 [772] C:\Windows\System32\services.exe (Microsoft Corporation, Services and Controller app)
0x863EC020 [812] C:\Windows\System32\lsass.exe (Microsoft Corporation, Local Security Authority Process)
0x863DD3A8 [820] C:\Windows\System32\lsm.exe (Microsoft Corporation, Local Session Manager Service)
0x864F6A80 [848] C:\Windows\System32\winlogon.exe (Microsoft Corporation, Windows Logon Application)
0x840B1AE0 [932] C:\Windows\System32\taskmgr.exe (Microsoft Corporation, Windows Task Manager)
0x843BAD90 [992] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co., HP Digital Imaging Monitor)
0x865217C0 [996] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x83FB6108 [1028] C:\PROGRA~1\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x86527D90 [1040] C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 175.30)
0x8652AD90 [1068] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x865699A0 [1208] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86572020 [1236] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85425D90 [1244] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x8656F4B0 [1264] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x865A9D90 [1384] C:\Windows\System32\SLsvc.exe (Microsoft Corporation, Microsoft Software Licensing Service)
0x865ADD90 [1420] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x865D4988 [1520] C:\Windows\System32\rundll32.exe (Microsoft Corporation, Windows host process (Rundll32))
0x868658E0 [1624] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x865C9730 [1636] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x84041348 [1756] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x866AA8E8 [1876] C:\Windows\System32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8687AAF0 [1912] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x84305020 [1944] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com, SUPERAntiSpyware Application)
0x866C0D90 [1952] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x843B6020 [1972] C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation, Microsoft Office OneNote Quick Launcher)
0x865F7830 [1984] C:\Windows\System32\dwm.exe (Microsoft Corporation, Desktop Window Manager)
0x8438C020 [2020] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation, Windows Sidebar)
0x86779D90 [2024] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x85CF4240 [2036] C:\Windows\explorer.exe (Microsoft Corporation, Windows Explorer)
0x868837A8 [2092] C:\Windows\System32\svchost.exe (Microsoft Corporation, Host Process for Windows Services)
0x86867CE8 [2128] C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x84311980 [2220] C:\Program Files\DivX\DivX Update\DivXUpdate.exe (-, DivX Update)
0x843514B0 [2248] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated, Adobe Reader and Acrobat Manager)
0x843772B0 [2252] C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co., HP CUE Alert Popup Window Objects)
0x859C8428 [2256] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x86561548 [2348] C:\Windows\System32\taskeng.exe (Microsoft Corporation, Task Scheduler Engine)
0x860C5D90 [2380] C:\Windows\System32\LogonUI.exe (Microsoft Corporation, Windows Logon User Interface Host)
0x8692C020 [2456] C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc., Modem Audio Service)
0x868AC7B8 [2552] C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd., Spybot-S&D Security Center integration)
0x86919D90 [2632] C:\Windows\System32\WUDFHost.exe (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Host Process)
0x84365020 [2768] C:\Windows\ehome\ehtray.exe (Microsoft Corporation, Media Center Tray Applet)
0x843A8990 [2812] C:\Windows\System32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x843BA878 [2852] C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org, OpenOffice.org 3.2)
0x84286990 [2892] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd., System settings protector)
0x843F7D90 [2980] C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard, GPCore COM object)
0x86A7BBB8 [3108] C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Online Shield Service)
0x859E1B68 [3124] C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o., AVG E-mail Scanner)
0x84390D90 [3196] C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org, OpenOffice.org 3.2)
0x843E4D90 [3372] C:\Windows\ehome\ehmsas.exe (Microsoft Corporation, Media Center Media Status Aggregator Service)
0x8434F020 [3748] C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co., HP CUE Status Root)
0x842331F8 [3904] C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x85651C68 [3968] C:\Users\Anna Cruikshank\Downloads\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x843325A0 [4028] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0x86FF03F0 [5168] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x85C7D020 [5600] C:\Windows\System32\SearchProtocolHost.exe (Microsoft Corporation, Microsoft Windows Search Protocol Host)
0x8397CBD8 [4] System
0x843818B0 [1324] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
0x8655E698 [1352] C:\Windows\System32\audiodg.exe (Microsoft Corporation, Windows Audio Device Graph Isolation )
0x867DD2B0 [1800] C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x8604B940 [2960] C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o., AVG Identity Protection Service)
==============================================
>Drivers
==============================================
0x8BE01000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7471104 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.30 )
0x81C4D000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81C4D000 PnpManager 3903488 bytes
0x81C4D000 RAW 3903488 bytes
0x81C4D000 WMIxWDM 3903488 bytes
0x93E80000 Win32k 2109440 bytes
0x93E80000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x87608000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)
0x87276000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8B681000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x87408000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x8066F000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9AE0A000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8B801000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8CB3F000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8C521000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8074F000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x87205000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9980A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9997A000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8B60B000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x822AA000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8C701000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8C688000 C:\Windows\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x8220E000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8062E000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8234C000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8B7B8000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x875A0000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8CA08000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x8C7A8000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x873AC000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x99901000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x87717000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B784000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81C1A000 ACPI_HAL 208896 bytes
0x81C1A000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x9AF68000 C:\Users\ANNACR~1\AppData\Local\Temp\Jid1P5P9.sys 208896 bytes
0x8238D000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8C6CF000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B908000 C:\Windows\system32\drivers\windrvr6.sys 196608 bytes (Jungo, WinDriver Device Driver 9.21)
0x8C5CD000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x823CF000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x87381000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B657000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x99952000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x87767000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x82265000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8CA7F000 C:\Windows\system32\DRIVERS\Dot4.sys 151552 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
0x807D8000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8B95A000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8C780000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8779F000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8C60B000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9AF32000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x998C2000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x998E2000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82321000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x99877000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x874F2000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8CB24000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x87531000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x99894000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8B8E5000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9993A000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x87555000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x873E6000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B938000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8CA44000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9AF52000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8C749000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8C65E000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x998AD000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B9A0000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9AEFE000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8B98C000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8C674000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8756D000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x877D4000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8C76D000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8B8D3000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8CAAD000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9AF13000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8778E000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8B9DC000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80615000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x87521000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x823BF000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8CAC8000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8CBEE000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82309000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8B8C3000 C:\Windows\system32\DRIVERS\Rtnicxp.sys 65536 bytes (Realtek Semiconductor Corporation , Realtek 10/100 NDIS 5.1 Driver )
0x8B9B5000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8CB15000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x87758000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8228C000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B97D000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x875DE000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8229B000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x940C0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8C75F000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C647000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x822FB000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8CAE7000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8CA72000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
0x8CAFE000 C:\Windows\System32\Drivers\dump_nvstor.sys 53248 bytes
0x8B8B6000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8233F000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIAŽ nForce™ Sata Performance Driver)
0x8B9CF000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8CA5B000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x8C5C0000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x807CB000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8B9ED000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x9AEF2000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x875ED000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8758B000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x87580000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8C63C000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B94F000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B8FD000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8750D000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8CAF4000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8CB0B000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8B9C5000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8C7E4000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9AEE8000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8754B000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x87596000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8CA68000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x877C0000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8CAA4000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
0x8B7F7000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8CABF000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9AFB3000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8C655000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x940A0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x87518000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x82254000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82319000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80626000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8060D000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9AFAB000 C:\Windows\system32\drivers\mbamswissarmy.sys 32768 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x8CADF000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8225D000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C62C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C634000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x87750000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9AF25000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x877C9000 C:\Windows\system32\DRIVERS\avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x8B600000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8CAD8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8B9F9000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x999C9000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x822F4000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x999D0000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 24576 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x8C7A2000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x9AF2D000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x877D0000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0x999D6000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8C5FD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8C5FB000 C:\Windows\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x84120158 unknown_irp_handler 3752 bytes
0x84011170 unknown_irp_handler 3728 bytes
0x8460A5A0 unknown_irp_handler 2656 bytes
0x84229618 unknown_irp_handler 2536 bytes
0x8422E7E8 unknown_irp_handler 2072 bytes
0x83F12858 unknown_irp_handler 1960 bytes
0x84246D70 unknown_irp_handler 656 bytes
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000B4E6A, Type: Inline - RelativeJump 0x81D01E6A-->81D01E71 [ntkrnlpa.exe]
[1520]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[1520]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]
[1520]rundll32.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x080E1414-->00000000 [shimeng.dll]
[1520]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[1520]rundll32.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[1756]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x76F61417-->00000000 [xul.dll]
[5168]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x777679B3-->00000000 [firefox.exe]
[684]svchost.exe-->advapi32.dll-->GetTokenInformation, Type: IAT modification 0x010010FC-->00000000 [kernel32.dll]
[684]svchost.exe-->advapi32.dll-->InitializeSecurityDescriptor, Type: IAT modification 0x01001100-->00000000 [kernel32.dll]
[684]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: IAT modification 0x0100113C-->00000000 [ntdll.dll]
[684]svchost.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x01001130-->00000000 [kernel32.dll]
[684]svchost.exe-->advapi32.dll-->RegDisablePredefinedCacheEx, Type: IAT modification 0x01001118-->00000000 [kernel32.dll]
[684]svchost.exe-->advapi32.dll-->RegisterServiceCtrlHandlerW, Type: IAT modification 0x01001134-->00000000 [kernel32.dll]
[684]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0100112C-->00000000 [kernel32.dll]
[684]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x01001128-->00000000 [kernel32.dll]
[684]svchost.exe-->advapi32.dll-->SetEntriesInAclW, Type: IAT modification 0x0100110C-->00000000 [kernel32.dll]
[684]svchost.exe-->advapi32.dll-->SetSecurityDescriptorDacl, Type: IAT modification 0x01001110-->00000000 [kernel32.dll]
[684]svchost.exe-->advapi32.dll-->SetSecurityDescriptorGroup, Type: IAT modification 0x01001108-->00000000 [ntdll.dll]
[684]svchost.exe-->advapi32.dll-->SetSecurityDescriptorOwner, Type: IAT modification 0x01001104-->00000000 [kernel32.dll]
[684]svchost.exe-->advapi32.dll-->SetServiceStatus, Type: IAT modification 0x01001138-->00000000 [ntdll.dll]
[684]svchost.exe-->advapi32.dll-->StartServiceCtrlDispatcherW, Type: IAT modification 0x01001114-->00000000 [kernel32.dll]
[684]svchost.exe-->kernel32.dll-->ActivateActCtx, Type: IAT modification 0x0100109C-->00000000 [kernel32.dll]
[684]svchost.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x01001074-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->CreateActCtxW, Type: IAT modification 0x01001008-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->DeactivateActCtx, Type: IAT modification 0x01001090-->00000000 [kernel32.dll]
[684]svchost.exe-->kernel32.dll-->DelayLoadFailureHook, Type: IAT modification 0x01001018-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->ExitProcess, Type: IAT modification 0x01001050-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->ExpandEnvironmentStringsW, Type: IAT modification 0x01001004-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x01001084-->00000000 [kernel32.dll]
[684]svchost.exe-->kernel32.dll-->GetCommandLineW, Type: IAT modification 0x0100104C-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->GetCurrentProcess, Type: IAT modification 0x01001044-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x01001038-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x01001034-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->GetLastError, Type: IAT modification 0x01001098-->00000000 [kernel32.dll]
[684]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x01001028-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0100108C-->00000000 [kernel32.dll]
[684]svchost.exe-->kernel32.dll-->GetProcessHeap, Type: IAT modification 0x0100105C-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x0100103C-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->GetTickCount, Type: IAT modification 0x01001030-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->HeapFree, Type: IAT modification 0x01001068-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->HeapSetInformation, Type: IAT modification 0x01001000-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->InterlockedCompareExchange, Type: IAT modification 0x01001080-->00000000 [kernel32.dll]
[684]svchost.exe-->kernel32.dll-->InterlockedExchange, Type: IAT modification 0x0100101C-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->LCMapStringW, Type: IAT modification 0x01001010-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0100107C-->00000000 [kernel32.dll]
[684]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x01001094-->00000000 [kernel32.dll]
[684]svchost.exe-->kernel32.dll-->LocalAlloc, Type: IAT modification 0x01001078-->00000000 [unknown_code_page]
[684]svchost.exe-->kernel32.dll-->LocalFree, Type: IAT modification 0x01001070-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->lstrcmpiW, Type: IAT modification 0x010010AC-->00000000 [kernel32.dll]
[684]svchost.exe-->kernel32.dll-->lstrcmpW, Type: IAT modification 0x010010A4-->00000000 [ntdll.dll]
[684]svchost.exe-->kernel32.dll-->lstrlenW, Type: IAT modification 0x01001014-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x0100102C-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->RegisterWaitForSingleObject, Type: IAT modification 0x01001020-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->ReleaseActCtx, Type: IAT modification 0x0100100C-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->SetErrorMode, Type: IAT modification 0x01001060-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->SetProcessAffinityUpdateMode, Type: IAT modification 0x01001054-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x01001024-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x01001088-->00000000 [ntdll.dll]
[684]svchost.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x01001040-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->UnhandledExceptionFilter, Type: IAT modification 0x01001048-->00000000 [advapi32.dll]
[684]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: IAT modification 0x0100106C-->00000000 [advapi32.dll]
[684]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: IAT modification 0x01001158-->00000000 [kernel32.dll]
[684]svchost.exe-->ntdll.dll-->RtlCopySid, Type: IAT modification 0x0100114C-->00000000 [kernel32.dll]
[684]svchost.exe-->ntdll.dll-->RtlFreeHeap, Type: IAT modification 0x01001148-->00000000 [kernel32.dll]
[684]svchost.exe-->ntdll.dll-->RtlImageNtHeader, Type: IAT modification 0x01001160-->00000000 [kernel32.dll]
[684]svchost.exe-->ntdll.dll-->RtlInitializeCriticalSection, Type: IAT modification 0x0100116C-->00000000 [user32.dll]
[684]svchost.exe-->ntdll.dll-->RtlInitializeSid, Type: IAT modification 0x0100115C-->00000000 [kernel32.dll]
[684]svchost.exe-->ntdll.dll-->RtlLengthRequiredSid, Type: IAT modification 0x01001154-->00000000 [kernel32.dll]
[684]svchost.exe-->ntdll.dll-->RtlSetProcessIsCritical, Type: IAT modification 0x01001164-->00000000 [kernel32.dll]
[684]svchost.exe-->ntdll.dll-->RtlSubAuthorityCountSid, Type: IAT modification 0x01001150-->00000000 [kernel32.dll]
[684]svchost.exe-->ntdll.dll-->RtlSubAuthoritySid, Type: IAT modification 0x01001144-->00000000 [kernel32.dll]
[684]svchost.exe-->ntdll.dll-->RtlUnhandledExceptionFilter, Type: IAT modification 0x01001168-->00000000 [unknown_code_page]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:23 PM

Posted 30 May 2011 - 05:22 PM

Hello.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Blade


In your next reply, please include the following:
TDSSKiller Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 JB20

JB20
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 30 May 2011 - 06:02 PM

2011/05/30 07:01:57.0355 5368 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 07:01:57.0793 5368 ================================================================================
2011/05/30 07:01:57.0793 5368 SystemInfo:
2011/05/30 07:01:57.0793 5368
2011/05/30 07:01:57.0793 5368 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/30 07:01:57.0793 5368 Product type: Workstation
2011/05/30 07:01:57.0793 5368 ComputerName: ANNACRUIKSHA-PC
2011/05/30 07:01:57.0794 5368 UserName: Anna Cruikshank
2011/05/30 07:01:57.0794 5368 Windows directory: C:\Windows
2011/05/30 07:01:57.0794 5368 System windows directory: C:\Windows
2011/05/30 07:01:57.0794 5368 Processor architecture: Intel x86
2011/05/30 07:01:57.0794 5368 Number of processors: 2
2011/05/30 07:01:57.0794 5368 Page size: 0x1000
2011/05/30 07:01:57.0794 5368 Boot type: Normal boot
2011/05/30 07:01:57.0794 5368 ================================================================================
2011/05/30 07:01:58.0918 5368 Initialize success
2011/05/30 07:02:00.0449 5572 ================================================================================
2011/05/30 07:02:00.0449 5572 Scan started
2011/05/30 07:02:00.0449 5572 Mode: Manual;
2011/05/30 07:02:00.0449 5572 ================================================================================
2011/05/30 07:02:01.0313 5572 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/30 07:02:01.0360 5572 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/30 07:02:01.0396 5572 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/30 07:02:01.0423 5572 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/30 07:02:01.0456 5572 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/30 07:02:01.0514 5572 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/30 07:02:01.0553 5572 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/30 07:02:01.0579 5572 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/30 07:02:01.0614 5572 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/30 07:02:01.0635 5572 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/30 07:02:01.0667 5572 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/30 07:02:01.0717 5572 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/30 07:02:01.0745 5572 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/30 07:02:01.0794 5572 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/30 07:02:01.0891 5572 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/30 07:02:01.0929 5572 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/30 07:02:01.0963 5572 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/30 07:02:02.0034 5572 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/30 07:02:02.0063 5572 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/05/30 07:02:02.0099 5572 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/30 07:02:02.0123 5572 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/05/30 07:02:02.0167 5572 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/05/30 07:02:02.0188 5572 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/05/30 07:02:02.0244 5572 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/05/30 07:02:02.0274 5572 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/05/30 07:02:02.0326 5572 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/30 07:02:02.0372 5572 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/30 07:02:02.0415 5572 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/30 07:02:02.0449 5572 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/30 07:02:02.0468 5572 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/30 07:02:02.0504 5572 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/30 07:02:02.0528 5572 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/30 07:02:02.0555 5572 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/30 07:02:02.0573 5572 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/30 07:02:02.0602 5572 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/30 07:02:02.0803 5572 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/30 07:02:02.0848 5572 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/30 07:02:02.0880 5572 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/30 07:02:02.0934 5572 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/30 07:02:02.0992 5572 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/30 07:02:03.0016 5572 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/05/30 07:02:03.0048 5572 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/30 07:02:03.0071 5572 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/30 07:02:03.0130 5572 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/30 07:02:03.0182 5572 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/30 07:02:03.0277 5572 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/30 07:02:03.0335 5572 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/30 07:02:03.0368 5572 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/30 07:02:03.0422 5572 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/30 07:02:03.0465 5572 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/30 07:02:03.0515 5572 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/30 07:02:03.0563 5572 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/30 07:02:03.0617 5572 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/30 07:02:03.0656 5572 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/30 07:02:03.0706 5572 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/30 07:02:03.0737 5572 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/30 07:02:03.0768 5572 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/30 07:02:03.0818 5572 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/30 07:02:03.0842 5572 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/30 07:02:03.0867 5572 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/30 07:02:03.0896 5572 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/30 07:02:03.0930 5572 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/30 07:02:03.0956 5572 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/30 07:02:03.0993 5572 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/30 07:02:04.0025 5572 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/30 07:02:04.0049 5572 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/30 07:02:04.0074 5572 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/30 07:02:04.0130 5572 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/30 07:02:04.0162 5572 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/30 07:02:04.0229 5572 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/30 07:02:04.0273 5572 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/05/30 07:02:04.0325 5572 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/05/30 07:02:04.0365 5572 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/30 07:02:04.0404 5572 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/30 07:02:04.0439 5572 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/30 07:02:04.0473 5572 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/30 07:02:04.0530 5572 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/30 07:02:04.0562 5572 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/30 07:02:04.0605 5572 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/30 07:02:04.0657 5572 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/30 07:02:04.0685 5572 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/30 07:02:04.0707 5572 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/30 07:02:04.0734 5572 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/30 07:02:04.0763 5572 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/30 07:02:04.0791 5572 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/30 07:02:04.0811 5572 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/30 07:02:04.0832 5572 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/30 07:02:04.0856 5572 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/05/30 07:02:04.0910 5572 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/30 07:02:04.0961 5572 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/30 07:02:05.0010 5572 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/30 07:02:05.0037 5572 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/30 07:02:05.0063 5572 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/30 07:02:05.0081 5572 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/30 07:02:05.0127 5572 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/05/30 07:02:05.0181 5572 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/30 07:02:05.0231 5572 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/30 07:02:05.0264 5572 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/30 07:02:05.0301 5572 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/30 07:02:05.0322 5572 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/30 07:02:05.0343 5572 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/30 07:02:05.0367 5572 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/30 07:02:05.0387 5572 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/30 07:02:05.0427 5572 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/30 07:02:05.0591 5572 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/30 07:02:05.0634 5572 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/30 07:02:05.0666 5572 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/30 07:02:05.0717 5572 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/30 07:02:05.0777 5572 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/30 07:02:05.0802 5572 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/30 07:02:05.0838 5572 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/30 07:02:05.0867 5572 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/30 07:02:05.0921 5572 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/30 07:02:05.0962 5572 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/30 07:02:06.0016 5572 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/30 07:02:06.0043 5572 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/30 07:02:06.0070 5572 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/30 07:02:06.0097 5572 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/30 07:02:06.0127 5572 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/30 07:02:06.0148 5572 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/30 07:02:06.0175 5572 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/30 07:02:06.0237 5572 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/30 07:02:06.0282 5572 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/30 07:02:06.0306 5572 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/30 07:02:06.0330 5572 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/30 07:02:06.0367 5572 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/30 07:02:06.0387 5572 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/30 07:02:06.0432 5572 NetBIOS (30eeb75ea6dd31cd813ae0500284455c) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/30 07:02:06.0456 5572 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/30 07:02:06.0510 5572 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/30 07:02:06.0535 5572 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/30 07:02:06.0567 5572 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/30 07:02:06.0625 5572 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/30 07:02:06.0651 5572 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/30 07:02:06.0669 5572 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/30 07:02:06.0858 5572 nvlddmkm (ff58c7a7da6116c1f71e883cb088d598) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/30 07:02:06.0987 5572 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/30 07:02:07.0035 5572 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/30 07:02:07.0072 5572 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/30 07:02:07.0154 5572 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/30 07:02:07.0210 5572 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/05/30 07:02:07.0238 5572 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/30 07:02:07.0259 5572 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/30 07:02:07.0293 5572 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/30 07:02:07.0331 5572 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/30 07:02:07.0357 5572 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/30 07:02:07.0402 5572 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/30 07:02:07.0506 5572 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/30 07:02:07.0529 5572 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/30 07:02:07.0581 5572 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/30 07:02:07.0680 5572 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/30 07:02:07.0712 5572 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/30 07:02:07.0745 5572 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/30 07:02:07.0771 5572 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/30 07:02:07.0806 5572 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/30 07:02:07.0829 5572 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/30 07:02:07.0855 5572 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/30 07:02:07.0887 5572 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/30 07:02:07.0906 5572 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/30 07:02:07.0951 5572 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/30 07:02:07.0969 5572 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/30 07:02:08.0019 5572 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/30 07:02:08.0082 5572 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/30 07:02:08.0128 5572 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/05/30 07:02:08.0215 5572 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/30 07:02:08.0240 5572 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/30 07:02:08.0305 5572 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/30 07:02:08.0367 5572 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/30 07:02:08.0422 5572 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/30 07:02:08.0450 5572 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/30 07:02:08.0477 5572 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/30 07:02:08.0529 5572 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/30 07:02:08.0550 5572 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/30 07:02:08.0574 5572 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/30 07:02:08.0648 5572 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/30 07:02:08.0687 5572 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/30 07:02:08.0718 5572 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/30 07:02:08.0744 5572 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/30 07:02:08.0785 5572 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/30 07:02:08.0826 5572 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/30 07:02:08.0872 5572 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/05/30 07:02:08.0905 5572 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/30 07:02:08.0943 5572 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/30 07:02:08.0995 5572 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/30 07:02:09.0030 5572 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/30 07:02:09.0050 5572 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/30 07:02:09.0070 5572 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/30 07:02:09.0150 5572 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
2011/05/30 07:02:09.0200 5572 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/30 07:02:09.0235 5572 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/30 07:02:09.0258 5572 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/30 07:02:09.0278 5572 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/30 07:02:09.0307 5572 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/30 07:02:09.0333 5572 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/30 07:02:09.0413 5572 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/30 07:02:09.0470 5572 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/30 07:02:09.0489 5572 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/30 07:02:09.0513 5572 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/30 07:02:09.0542 5572 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/30 07:02:09.0586 5572 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/30 07:02:09.0656 5572 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/30 07:02:09.0685 5572 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/30 07:02:09.0713 5572 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/30 07:02:09.0738 5572 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/30 07:02:09.0789 5572 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/30 07:02:09.0814 5572 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/30 07:02:09.0851 5572 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/30 07:02:09.0874 5572 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/30 07:02:09.0897 5572 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/30 07:02:09.0915 5572 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/30 07:02:09.0957 5572 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/30 07:02:09.0978 5572 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/30 07:02:10.0006 5572 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/30 07:02:10.0039 5572 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/30 07:02:10.0059 5572 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/30 07:02:10.0085 5572 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/30 07:02:10.0107 5572 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/30 07:02:10.0130 5572 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/30 07:02:10.0151 5572 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/30 07:02:10.0181 5572 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/30 07:02:10.0202 5572 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/30 07:02:10.0231 5572 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/30 07:02:10.0280 5572 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/30 07:02:10.0307 5572 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 07:02:10.0324 5572 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 07:02:10.0365 5572 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/30 07:02:10.0396 5572 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/30 07:02:10.0483 5572 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/30 07:02:10.0552 5572 WinDriver6 (451f905bc7bff9e1cff2e7ae76196b2c) C:\Windows\system32\drivers\windrvr6.sys
2011/05/30 07:02:10.0661 5572 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/30 07:02:10.0725 5572 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/30 07:02:10.0784 5572 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/30 07:02:10.0823 5572 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/30 07:02:10.0874 5572 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/05/30 07:02:10.0892 5572 ================================================================================
2011/05/30 07:02:10.0892 5572 Scan finished
2011/05/30 07:02:10.0892 5572 ================================================================================
2011/05/30 07:02:10.0909 0972 Detected object count: 0
2011/05/30 07:02:10.0909 0972 Actual detected object count: 0

#10 JB20

JB20
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 03 June 2011 - 11:37 AM

I am still getting redirected to mevio.com

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:23 PM

Posted 03 June 2011 - 07:45 PM

Cripes. . . I apologize for the delay.

Are you using a router in your home? If so, are any other computers on your network having issues?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 JB20

JB20
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 03 June 2011 - 10:23 PM

No, just this computer.

#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:23 PM

Posted 03 June 2011 - 10:43 PM

Hi JB20.

unfortunately, you've an advanced infection variant that requires advanced analysis.

It appears that the issues on your system will require a more in-depth examination than can be performed in this forum. Please read the information in this guide, and follow all the steps beginning with step 6. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The MRT is very busy, so it could be several days (3-5 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#14 JB20

JB20
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 PM

Posted 04 June 2011 - 11:03 AM

Thanks for your help

#15 hamluis

hamluis

    Moderator


  • Moderator
  • 55,406 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:23 PM

Posted 04 June 2011 - 11:52 AM

Reference: http://www.bleepingcomputer.com/forums/topic401686.html

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Now that you have are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users