Jump to content

HELP PLEASE! NOTHING IS WORKING RIGHT!


ph3nom
 Share

Recommended Posts

I tried to run malwarebytes but its not loading right. so i delete it and try to reinstall but it wont let me. i also delete hijack this, because it wont open right so i delete it and try to reinstall but it wont let me. this is what happen. i think my computer was slow, so i try to scan. halfway in scan, my program detected something and it just close on me and wont open up anymore. so i try reinstalling but it wont let me. i only have avg on but its not doing the trick. so basically where can i download malewarebytes and hijack this so u guys can help me fix my problem. PLEASE HELP. also the avg resident shield is down, so i try to turn it on but i cant. so how i fix that and it wont let me uninstall and reinstall. please help me asap!!

Link to post
Share on other sites

  • Replies 70
  • Created
  • Last Reply

Top Posters In This Topic

Hi ph3nom, Welcome to Malwarebytes :(

We Need to check for Rootkits with RootRepeal

  1. Download RootRepeal from the following location and save it to your desktop.

[*]Rar Mirrors - Only if you know what a RAR is and can extract it.

[*]Extract RootRepeal.exe from the archive.

[*]Open rootRepealDesktopIcon.png on your desktop.

[*]Click the reportTab.png tab.

[*]Click the btnScan.png button.

[*]Check all seven boxes: checkBoxes2.png

[*]Push Ok

[*]Check the box for your main system drive (Usually C:), and press Ok.

[*]Allow RootRepeal to run a scan of your system. This may take some time.

[*]Once the scan completes, push the saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Link to post
Share on other sites

i did what u told me. then all of a sudden, the program close down on me when it was finish. then i try to reopen it and it wont let me like it did with malwarebytes. it said windows cannot access the specified device, path, or file. you may not have the appropriate permissions to access the item. what is this. whats going on..

Link to post
Share on other sites

here you go.

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D1.tmp\ZAP2D1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP380.tmp\ZAP380.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP490.tmp\ZAP490.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ERDNT\ERDNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Resources\Cursors\Cursors

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\10

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\attrib.exe

[1] 2008-04-13 19:12:12 12288 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\attrib.exe (Microsoft Corporation)

[1] 2004-08-04 07:00:00 11264 C:\WINDOWS\system32\attrib.exe ()

[1] 2004-08-04 07:00:00 11264 C:\WINDOWS\system32\dllcache\attrib.exe (Microsoft Corporation)

Link to post
Share on other sites

heres the whole scan sorry it stop for a minute. so what i do next?

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D1.tmp\ZAP2D1.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP380.tmp\ZAP380.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP490.tmp\ZAP490.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ERDNT\ERDNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Resources\Cursors\Cursors

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\10

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\Adobe\update\update

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\attrib.exe

[1] 2008-04-13 19:12:12 12288 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\attrib.exe (Microsoft Corporation)

[1] 2004-08-04 07:00:00 11264 C:\WINDOWS\system32\attrib.exe ()

[1] 2004-08-04 07:00:00 11264 C:\WINDOWS\system32\dllcache\attrib.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2008-04-13 19:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll (Microsoft Corporation)

[1] 2004-08-04 07:00:00 55808 C:\WINDOWS\system32\dllcache\eventlog.dll (Microsoft Corporation)

[1] 2004-08-04 07:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()

Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\findstr.exe

[1] 2008-04-13 19:12:20 27136 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\findstr.exe (Microsoft Corporation)

[1] 2004-08-04 07:00:00 27136 C:\WINDOWS\system32\dllcache\findstr.exe (Microsoft Corporation)

[1] 2004-08-04 07:00:00 27136 C:\WINDOWS\system32\findstr.exe ()

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Finished!

Link to post
Share on other sites

im just curious. i know u are hard at work and im glad u helping me fix my problem. but i need it fix asap and was wondering how long this might take to fix? like i cant really do nothing like i mention earlier. all programs wont work right. and i cant reinstall malwarebytes. so plz let me know asap when this can be fix thanks for ur help and im patiently await for ur help.

Link to post
Share on other sites

Sorry for the delay.

1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad:

MD "%USERPROFILE%"\desktop\malware.zip

xcopy C:\WINDOWS\addins\addins\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\AppPatch\Custom\Custom\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D1.tmp\ZAP2D1.tmp "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP380.tmp\ZAP380.tmp "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP490.tmp\ZAP490.tmp "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\assembly\temp\temp\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\assembly\tmp\tmp "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\Config\Config\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\Debug\UserMode\UserMode\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\Connection Wizard\Connection Wizard\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\ERDNT\ERDNT\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\ime\imejp\applets\applets\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\ime\imejp98\imejp98\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\1041\1041\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\1042\1042\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\1054\1054\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\2052\2052\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\3076\3076\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\3com_dmi\3com_dmi\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\Adobe\update\update\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Recent\Recent\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\dhcp\dhcp\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\system32\drivers\disdn\disdn\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\BATCH\BATCH\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\Config\News\News\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\System\DFS\DFS\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\Temp\Temp\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\10\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware.zip /c /q /r /h /y

Attrib -s -r -h "%USERPROFILE%"\desktop\malware\*.*

3. Save the file as "Upload.bat". Make sure to save it with the quotation marks.

4. Double click Upload.bat.

It should create a Zipped Folder on your desktop called Malware.zip

Then go to

http://www.malwarebytes.org/forums/index.php?showforum=55

and Attach the Malware.zip folder in a new post. Please add this into your post "Files for SpySentinel"

Link to post
Share on other sites

i did exactly what you told me to do. the problem now is, when i click the upload batch file it made the malware.zip folder. only thing is, it didnt come out as a zip folder but came out as a normal folder and nothing is in it. its empty, and when i try to upload it, it wont let me, and when i try to zip it with nothing in it, it wont let me. by chance did you do something wrong on your end? i didn't post on the link u told me yet, because i couldn't complete the task you ask me to do, or better put, it didn't work like u intended.

Link to post
Share on other sites

hey, i figure what i did wrong. i dont know why but i have two hard drive. when i use root repeal to scan both hard drive C: and D: it would shut down on me. But this time i tried C: and it work. Here is the root repeal log if you still need it and it will help. but my other programs, malwarebytes and hijack this still dont work and avg dont work as well.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/20 10:55

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name:

Image Path:

Address: 0xBA609000 Size: 98304 File Visible: No Signed: -

Status: -

Name:

Image Path:

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xB3251000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBADF0000 Size: 8192 File Visible: No Signed: -

Status: -

Name: PCI_NTPNP0558

Image Path: \Driver\PCI_NTPNP0558

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB1A55000 Size: 49152 File Visible: No Signed: -

Status: -

Name: win32k.sys:1

Image Path: C:\WINDOWS\win32k.sys:1

Address: 0xBAB78000 Size: 20480 File Visible: No Signed: -

Status: -

Name: win32k.sys:2

Image Path: C:\WINDOWS\win32k.sys:2

Address: 0xB3416000 Size: 61440 File Visible: No Signed: -

Status: -

Stealth Objects

-------------------

Object: Hidden Module [Name: UACabtlnskukp.dll]

Process: svchost.exe (PID: 992) Address: 0x00860000 Size: 77824

Object: Hidden Module [Name: UACturrtqlten.dll]

Process: svchost.exe (PID: 992) Address: 0x00c10000 Size: 73728

Object: Hidden Module [Name: UACc3dc.tmppkmsrs.dll]

Process: svchost.exe (PID: 992) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACabtlnskukp.dll]

Process: Explorer.EXE (PID: 2440) Address: 0x10000000 Size: 77824

Object: Hidden Module [Name: UACqttlpkmsrs.dll]

Process: Iexplore.exe (PID: 2548) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACqttlpkmsrs.dll]

Process: Iexplore.exe (PID: 4764) Address: 0x10000000 Size: 217088

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x8adb0938 Size: 11

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_CREATE]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_CLOSE]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_READ]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_WRITE]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_QUERY_EA]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SET_EA]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_CLEANUP]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_POWER]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_PNP]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLOSE]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_READ]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_WRITE]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_EA]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_EA]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLEANUP]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_POWER]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_PNP]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System Address: 0x8a3c3790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System Address: 0x8a3c3790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3c3790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3c3790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System Address: 0x8a3c3790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System Address: 0x8a3c3790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]

Process: System Address: 0x8a3da830 Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]

Process: System Address: 0x8a1f0e48 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System Address: 0x8a2fc2d8 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: NpfsЅఆ剒敬￀, IRP_MJ_READ]

Process: System Address: 0x8a473a40 Size: 11

Object: Hidden Code [Driver: Msfsȅఆ剒敬ᄐ, IRP_MJ_READ]

Process: System Address: 0x8aabb650 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]

Process: System Address: 0x8a4608b8 Size: 11

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_CREATE]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_CLOSE]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_READ]

Process: System Address: 0x8a3c0340 Size: 11

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_CLEANUP]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_PNP]

Process: System Address: 0x8a2e71e8 Size: 121

==EOF==

Link to post
Share on other sites

im sorry for posting so much but im trying to help by giving you as much information as i can so we can resolve this problem. i did what you told me before on the rootrepeal, and for some odd reason it works now. and this time i was able to scan both my hard drives. here is the root repeal log you told me to do first. so can we resolve my issue with the infection i have. thanks a lot again for for helping me.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/20 11:03

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name:

Image Path:

Address: 0xBA609000 Size: 98304 File Visible: No Signed: -

Status: -

Name:

Image Path:

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xB3251000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBADF0000 Size: 8192 File Visible: No Signed: -

Status: -

Name: PCI_NTPNP0558

Image Path: \Driver\PCI_NTPNP0558

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB2792000 Size: 49152 File Visible: No Signed: -

Status: -

Name: win32k.sys:1

Image Path: C:\WINDOWS\win32k.sys:1

Address: 0xBAB78000 Size: 20480 File Visible: No Signed: -

Status: -

Name: win32k.sys:2

Image Path: C:\WINDOWS\win32k.sys:2

Address: 0xB3416000 Size: 61440 File Visible: No Signed: -

Status: -

Stealth Objects

-------------------

Object: Hidden Module [Name: UACabtlnskukp.dll]

Process: svchost.exe (PID: 992) Address: 0x00860000 Size: 77824

Object: Hidden Module [Name: UACturrtqlten.dll]

Process: svchost.exe (PID: 992) Address: 0x00c10000 Size: 73728

Object: Hidden Module [Name: UACc3dc.tmppkmsrs.dll]

Process: svchost.exe (PID: 992) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACabtlnskukp.dll]

Process: Explorer.EXE (PID: 2440) Address: 0x10000000 Size: 77824

Object: Hidden Module [Name: UACqttlpkmsrs.dll]

Process: Iexplore.exe (PID: 4764) Address: 0x10000000 Size: 217088

Object: Hidden Module [Name: UACqttlpkmsrs.dll]

Process: Iexplore.exe (PID: 2580) Address: 0x10000000 Size: 217088

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x8adb0938 Size: 11

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x8ae7b1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_CREATE]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_CLOSE]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_READ]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_WRITE]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_QUERY_EA]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SET_EA]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_CLEANUP]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_POWER]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: nvata, IRP_MJ_PNP]

Process: System Address: 0x8ae0a1e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]

Process: System Address: 0x8abd6830 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System Address: 0x8abd8370 Size: 99

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]

Process: System Address: 0x8ac3f1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System Address: 0x8ae0b1e8 Size: 121

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLOSE]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_READ]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_WRITE]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_EA]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_EA]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CLEANUP]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_POWER]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: d347prt, IRP_MJ_PNP]

Process: System Address: 0x8ac41820 Size: 99

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System Address: 0x8a3c3790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System Address: 0x8a3c3790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a3c3790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a3c3790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System Address: 0x8a3c3790 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System Address: 0x8a3c3790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x8ac3e1e8 Size: 121

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]

Process: System Address: 0x8a3da830 Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]

Process: System Address: 0x8a1f0e48 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System Address: 0x8a2fc2d8 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System Address: 0x8a2fc608 Size: 121

Object: Hidden Code [Driver: NpfsЅఆ剒敬￀, IRP_MJ_READ]

Process: System Address: 0x8a473a40 Size: 11

Object: Hidden Code [Driver: Msfsȅఆ剒敬ᄐ, IRP_MJ_READ]

Process: System Address: 0x8aabb650 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]

Process: System Address: 0x8a4608b8 Size: 11

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_CREATE]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_CLOSE]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_READ]

Process: System Address: 0x8a3c0340 Size: 11

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_CLEANUP]

Process: System Address: 0x8a2e71e8 Size: 121

Object: Hidden Code [Driver: Cdfsȅం扏济DR0, IRP_MJ_PNP]

Process: System Address: 0x8a2e71e8 Size: 121

==EOF==

Link to post
Share on other sites

Please try this:

1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad:

MD "%USERPROFILE%"\desktop\malware

xcopy C:\WINDOWS\addins\addins\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\AppPatch\Custom\Custom\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D1.tmp\ZAP2D1.tmp "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP380.tmp\ZAP380.tmp "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP490.tmp\ZAP490.tmp "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\assembly\temp\temp\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\assembly\tmp\tmp "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\Config\Config\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\Debug\UserMode\UserMode\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\Connection Wizard\Connection Wizard\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\ERDNT\ERDNT\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\ime\imejp\applets\applets\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\ime\imejp98\imejp98\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\1041\1041\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\1042\1042\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\1054\1054\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\2052\2052\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\3076\3076\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\3com_dmi\3com_dmi\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\Adobe\update\update\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\config\systemprofile\Recent\Recent\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\dhcp\dhcp\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\system32\drivers\disdn\disdn\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\Installer\$PatchCache$\Managed\00002109411090400000000000F01FEC\12.0.4518\12.0.4518\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\BATCH\BATCH\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\Config\News\News\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\System\DFS\DFS\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\pchealth\helpctr\Temp\Temp\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\10\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

xcopy C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup\Device\__max++>\^ "%USERPROFILE%"\desktop\malware /c /q /r /h /y

Attrib -s -r -h "%USERPROFILE%"\desktop\malware\*.*

3. Save the file as "Upload.bat". Make sure to save it with the quotation marks.

4. Double click Upload.bat.

It should create a Zipped Folder on your desktop called Malware

Right click on your desktop and Choose New .zip/compressed folder. Then call it Malware2. Drag the Malware Folder in the Malware2.zip folder.

Then go to

http://www.malwarebytes.org/forums/index.php?showforum=55

and Attach the Malware folder in a new post. Please add this into your post "Files for SpySentinel"

Link to post
Share on other sites

i did what u said again. this is what happen. i click the batch file. it make the malware folder. i make a malware 2 folder that is a zip file. drag it over and then it says....

The specified directory C:\documents and settings\anthony\desktop\malware is empty, so compressed (zipped) folders cannot add it to the archive.

same thing that happen before. what should i do? also did u get my post about the root repeal log?. it work but it said....

could not read system registry

so what now? i hope this isnt a advance problem that cant be fix...whats going on... omg...

Link to post
Share on other sites

This is a new variant of a new infection. The reason that folder was empty is because those files are empty.

Step #1

1. Go to Start->Run and type in notepad and hit OK.

2. Then copy and paste the content of the following codebox into Notepad:

@echo off

copy C:\WINDOWS\system32\dllcache\scecli.dll c:\scecli.dll

Exit

3. Save the file as "fixes.bat". Make sure to save it with the quotation marks.

4. Double click fixes.bat.

Step #2

We need to execute an Avenger2 script

Note to users reading this topic! This script was created specificly for the particular infection on this specific machine! If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  1. Please download The Avenger2 by SwanDog46.
  2. Unzip avenger.exe to your desktop.
  3. Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
    Files to move:
    c:\scecli.dll | C:\WINDOWS\system32\scecli.dll


  4. Now start The Avenger2 by double clicking avenger.exe on your desktop.
  5. Read the prompt that appears, and press OK.
  6. Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  7. Press the "Execute" button.
  8. You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  9. Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

Step #3

Now try running Malwarebytes, then post the log here.

Link to post
Share on other sites

Here is my Avenger's log...

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File move operation "c:\scecli.dll|C:\WINDOWS\system32\scecli.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

and i trying to boot up malwarebytes. it still wont boot up.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.