Jump to content

Followed directions now I'm here.


Recommended Posts

  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

You can try that.

If MBAM still won't run try this.

To Fully Remove and Reinstall a Fresh New Copy of Malwarebytes - Read Carefully

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important !
  • Download and run mbam-clean.exe from Here

It will ask to restart your computer, please allow it to do so, very important

After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from Here

Windows Vista and Windows 7:

  • Click on the Start button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important !
  • Download and run mbam-clean.exe from Here

It will ask to restart your computer, please allow it to do so, very important

After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from Here

Link to post
Share on other sites

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Scan only ran for about a minute and said it scanned 1000 some odd files. Didn't even see it get to 100% but, here's the log:

ESETSmartInstaller@High as downloader log:

all ok

DLL:pipe not connected. attempts=1

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6419

# api_version=3.0.2

# EOSSerial=2be8d3425b87614f82075513f8c63ce5

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-12-30 12:42:39

# local_time=2010-12-29 07:42:39 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5891 16776553 42 87 0 4774563 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=1079

# found=0

# cleaned=0

# scan_time=61

Link to post
Share on other sites

Please download Rootkit Unhooker and save it on your desktop.

  • Disable your security programs
  • Double click RKUnhookerLE.exe to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Please include the following in your next post:

  • RKU log

Link to post
Share on other sites

Ran the scan twice, both times it does the same thing. After selecting the C drive to scan, the scan goes through. After it gets to 100% it starts a new scan, on the bottom of the program it says "Detected hooks", when that scan starts the program closes.

Link to post
Share on other sites

How about OTL?

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Link to post
Share on other sites

I did as you said and tried in both Safe Mode and Safe Mode with Networking. As soon as I hit the scan button the program closes instantly and if I try to reopen I get a message saying "Windows cannot access the specified device, path or file. You may not have the appropriate permission to access the item.". This also happens when I try to run MBAM.

Link to post
Share on other sites

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 5 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. WiNlOgOn.exe
  5. uSeRiNiT.exe

Do not reboot your computer after running rkill as the malware programs will start again.

Try MBAM or the other tools

Link to post
Share on other sites

I followed your instructions and here's what happened: Ran rkill.scr, installed MBAM, updated and clicked Quick Scan, 20-30 seconds later MBAM closed. I went and ran rkill.scr again both times I get the same result. Here's the log:

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 12/30/2010 at 19:09:10.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

\\.\globalroot\Device\svchost.exe\svchost.exe

Rkill completed on 12/30/2010 at 19:09:13.

Link to post
Share on other sites

Do you have your Windows OS CD?

We Need to check for Rootkits with RootRepeal

Please download RootRepeal one of these locations and save it to your desktop

Here

Here

Here

  • Open rootRepealDesktopIcon.png on your desktop.
  • Click the reportTab.png tab.
  • Click the btnScan.png button.
  • Check all seven boxes: checkBoxes2.png
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your post.

Link to post
Share on other sites

My Windows XP CD disappeared years ago, if it would work I can get a hold of my brother's Vista CD. RootRepeal scanned without any issues and here's the log:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/12/31 08:54

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xF2986000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7B6E000 Size: 8192 File Visible: No Signed: -

Status: -

Name: PCI_PNP6752

Image Path: \Driver\PCI_PNP6752

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB8598000 Size: 49152 File Visible: No Signed: -

Status: -

Name: spcb.sys

Image Path: spcb.sys

Address: 0xF73DB000 Size: 1048576 File Visible: No Signed: -

Status: -

Name: sptd

Image Path: \Driver\sptd

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: vbmad7bc.SYS

Image Path: C:\WINDOWS\System32\Drivers\vbmad7bc.SYS

Address: 0x864D7000 Size: 38016 File Visible: - Signed: -

Status: Hidden from the Windows API!

Hidden/Locked Files

-------------------

Path: c:\program files\cabal online (us)\data\language\english\cabal_msg.enc

Status: Size mismatch (API: 344732, Raw: 343680)

Path: c:\program files\cabal online (us)\data\language\english\caz_msg.enc

Status: Size mismatch (API: 1776, Raw: 1757)

Path: c:\program files\cabal online (us)\data\language\english\cont2_msg.enc

Status: Size mismatch (API: 3392, Raw: 3359)

Path: c:\program files\cabal online (us)\data\language\english\keymap_msg.enc

Status: Size mismatch (API: 1906, Raw: 1885)

Path: c:\program files\cabal online (us)\data\language\english\msg.enc

Status: Size mismatch (API: 53466, Raw: 53174)

Path: c:\program files\cabal online (us)\data\language\english\ui.dts

Status: Size mismatch (API: 45796, Raw: 45818)

Path: c:\program files\cabal online (us)\data\monster\dx3\dx3_reaperboss.ebm

Status: Size mismatch (API: 2906741, Raw: 2906738)

Path: c:\program files\cabal online (us)\data\monster\dx4\dx4_dragonboss.ebm

Status: Size mismatch (API: 2790840, Raw: 2790836)

Path: c:\program files\cabal online (us)\data\monster\dx4\dx4_dragonboss_sleep.ebm

Status: Size mismatch (API: 1691819, Raw: 1691816)

Path: c:\program files\cabal online (us)\data\monster\dx4\dx4_firegate.ebm

Status: Size mismatch (API: 23010, Raw: 23031)

Path: c:\program files\cabal online (us)\data\object\character\man_pshop02.ebm

Status: Size mismatch (API: 385170, Raw: 385166)

Path: c:\program files\cabal online (us)\data\object\character\woman_pshop02.ebm

Status: Size mismatch (API: 391456, Raw: 391452)

Path: c:\program files\cabal online (us)\data\ui\icon\social_64.dds

Status: Size mismatch (API: 16512, Raw: 6528)

Path: C:\Program Files\CABAL Online (US)\Data\UI\Icon\social_247.dds

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\CABAL Online (US)\Data\UI\Icon\social_248.dds

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\CABAL Online (US)\Data\UI\Icon\social_249.dds

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\CABAL Online (US)\Data\UI\Icon\social_250.dds

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\CABAL Online (US)\Data\UI\Icon\social_251.dds

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\CABAL Online (US)\Data\UI\Icon\social_252.dds

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\CABAL Online (US)\Data\UI\Icon\social_253.dds

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\CABAL Online (US)\Data\UI\Icon\social_254.dds

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\CABAL Online (US)\Data\UI\Icon\social_67.dds

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Shane Mascho\Local Settings\Apps\2.0\XLQVHZMJ.WXR\KAVWNBDV.O0V\manifests\clickonce_bootstrap.exe.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Shane Mascho\Local Settings\Apps\2.0\XLQVHZMJ.WXR\KAVWNBDV.O0V\manifests\clickonce_bootstrap.exe.manifest

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Shane Mascho\Local Settings\Apps\2.0\XLQVHZMJ.WXR\KAVWNBDV.O0V\manifests\InstallIQ.exe.cdf-ms

Status: Locked to the Windows API!

Path: C:\Documents and Settings\Shane Mascho\Local Settings\Apps\2.0\XLQVHZMJ.WXR\KAVWNBDV.O0V\manifests\InstallIQ.exe.manifest

Status: Locked to the Windows API!

SSDT

-------------------

#: 041 Function Name: NtCreateKey

Status: Hooked by "spcb.sys" at address 0xf73dc0e0

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "spcb.sys" at address 0xf73faca2

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "spcb.sys" at address 0xf73fb030

#: 119 Function Name: NtOpenKey

Status: Hooked by "spcb.sys" at address 0xf73dc0c0

#: 160 Function Name: NtQueryKey

Status: Hooked by "spcb.sys" at address 0xf73fb108

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "spcb.sys" at address 0xf73faf88

#: 247 Function Name: NtSetValueKey

Status: Hooked by "spcb.sys" at address 0xf73fb19a

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x8676c1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]

Process: System Address: 0x86149500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_CREATE]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_CLOSE]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_READ]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_WRITE]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_CLEANUP]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: Udfs?-????????ocumen, IRP_MJ_PNP]

Process: System Address: 0x85dc7500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]

Process: System Address: 0x862da500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]

Process: System Address: 0x862da500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]

Process: System Address: 0x862da500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]

Process: System Address: 0x862da500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x862da500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x862da500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]

Process: System Address: 0x862da500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x862da500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]

Process: System Address: 0x862da500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System Address: 0x8649d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x8649d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System Address: 0x8649d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System Address: 0x8649d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8649d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8649d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8649d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8649d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System Address: 0x8649d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8649d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System Address: 0x8649d1f8 Size: 121

Object: Hidden Code [Driver: aujxex40????Cdrom???????, IRP_MJ_CREATE]

Process: System Address: 0x8640d1f8 Size: 121

Object: Hidden Code [Driver: aujxex40????Cdrom???????, IRP_MJ_CLOSE]

Process: System Address: 0x8640d1f8 Size: 121

Object: Hidden Code [Driver: aujxex40????Cdrom???????, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8640d1f8 Size: 121

Object: Hidden Code [Driver: aujxex40????Cdrom???????, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8640d1f8 Size: 121

Object: Hidden Code [Driver: aujxex40????Cdrom???????, IRP_MJ_POWER]

Process: System Address: 0x8640d1f8 Size: 121

Object: Hidden Code [Driver: aujxex40????Cdrom???????, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8640d1f8 Size: 121

Object: Hidden Code [Driver: aujxex40????Cdrom???????, IRP_MJ_PNP]

Process: System Address: 0x8640d1f8 Size: 121

Object: Hidden Code [Driver: Hard, IRP_MJ_CREATE]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_CLOSE]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_READ]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_WRITE]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_EA]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_SET_EA]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_SHUTDOWN]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_CLEANUP]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_SET_SECURITY]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_POWER]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_SET_QUOTA]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: Hard, IRP_MJ_PNP]

Process: System Address: 0x864d9109 Size: 3160

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x864a3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x864a3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x864a3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x864a3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x864a3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x864a3500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x864a3500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System Address: 0x86569500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System Address: 0x86569500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x86569500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x86569500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System Address: 0x86569500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x86569500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System Address: 0x86569500 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System Address: 0x867db1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System Address: 0x867db1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System Address: 0x867db1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x867db1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x867db1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x867db1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x867db1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System Address: 0x867db1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System Address: 0x867db1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x867db1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System Address: 0x867db1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System Address: 0x862ae500 Size: 121

Object: Hidden Code [Driver: as0ybu3w?????, IRP_MJ_CREATE]

Process: System Address: 0x8652b1f8 Size: 121

Object: Hidden Code [Driver: as0ybu3w?????, IRP_MJ_CLOSE]

Process: System Address: 0x8652b1f8 Size: 121

Object: Hidden Code [Driver: as0ybu3w?????, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8652b1f8 Size: 121

Object: Hidden Code [Driver: as0ybu3w?????, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8652b1f8 Size: 121

Object: Hidden Code [Driver: as0ybu3w?????, IRP_MJ_POWER]

Process: System Address: 0x8652b1f8 Size: 121

Object: Hidden Code [Driver: as0ybu3w?????, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8652b1f8 Size: 121

Object: Hidden Code [Driver: as0ybu3w?????, IRP_MJ_PNP]

Process: System Address: 0x8652b1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System Address: 0x862b0500 Size: 121

Object: Hidden Code [Driver: Cdfs?????????????

Link to post
Share on other sites

You have Microsoft Windows XP Home Edition so that's what you'd need.

This is the issue but from what I know you'd need access to the recovery console with your Windows OS.

\\.\globalroot\Device\svchost.exe\svchost.exe

Try rKill followed by Combofix

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.