 Slow computer & warning from Threat fire about root kit |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
 Jun 25 2009, 10:21 AM
Post
#1
|
|
 Member  Group: Members Posts: 33 Joined: 28-March 09 From: Sweden Member No.: 313,885  |
and today i installed Threat fire. a manual scan with it didn't find any rootkit but when my computer has been on and i have been doing regular stuff it has popped up twice with a rootkit warning and i both times have successfully killed it and quarantined them. but the computer is still relatively slow. so what should i do? Running on Windows XP pro sp 3 This post has been edited by Epsynus: Jun 25 2009, 10:23 AM -------------------- Hello :D
|
 |
 
|
|
Jun 25 2009, 10:38 AM
Post
#2
|
|
 To INSANITY and BEYOND !! Group: Moderator Posts: 25,411 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
Hello and welcome please run these next. Perhaps something else has got thru.
If you have Spybot installed temporarily disable it. Next run ATF: Please download ATF Cleaner by Atribune & save it to your desktop.
Next run MBAM (MalwareBytes): NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop. Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
-------------------- How do I get help? Who is helping me?
Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... Become a BleepingComputer fan: Facebook |
|
|
|
|
Jun 25 2009, 11:25 AM
Post
#3
|
|
|
Member Group: Members Posts: 33 Joined: 28-March 09 From: Sweden Member No.: 313,885 |
Had both on my computer ^^
cleaned with ATF Cleaner updated malware bytes and scanned log QUOTE Malwarebytes' Anti-Malware 1.38 Database version: 2333 Windows 5.1.2600 Service Pack 3 2009-06-25 18:27:00 mbam-log-2009-06-25 (18-27-00).txt Scan type: Full Scan (C:\|) Objects scanned: 130539 Time elapsed: 45 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) the performance has increased a bit but still slower than a computer normally should be -------------------- Hello :D
|
|
|
|
|
Jun 25 2009, 11:32 AM
Post
#4
|
|
|
To INSANITY and BEYOND !! Group: Moderator Posts: 25,411 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
Hi, we can run further malware scans if needed. First take a look thru this topic as it may prove helpful.. Let us know.
Slow Computer/browser? Check Here First; It May Not Be Malware -------------------- How do I get help? Who is helping me?
Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... Become a BleepingComputer fan: Facebook |
|
|
|
|
Jun 26 2009, 02:32 AM
Post
#5
|
|
|
Member Group: Members Posts: 33 Joined: 28-March 09 From: Sweden Member No.: 313,885 |
Hello.
yes it did speed up it a bit (almost to what it was) but to be on the safe side. can you take a look at this ROOT REPEAL log? QUOTE ROOTREPEAL © AD, 2007-2009
================================================== Scan Time: 2009/06/26 09:20 Program Version: Version 1.3.0.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF3623000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7AE3000 Size: 8192 File Visible: No Signed: - Status: - Name: mchInjDrv.sys Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys Address: 0xF7C5F000 Size: 2560 File Visible: No Signed: - Status: - Name: PCI_PNP3124 Image Path: \Driver\PCI_PNP3124 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF1343000 Size: 49152 File Visible: No Signed: - Status: - Name: sihtdtw.sys Image Path: sihtdtw.sys Address: 0xF75AF000 Size: 61440 File Visible: No Signed: - Status: - Name: spbo.sys Image Path: spbo.sys Address: 0xF748D000 Size: 1052672 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\z8x8krrv.default\sessionstore.js Status: Size mismatch (API: 28981, Raw: 27184) Path: C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\SXSBKUF3\s.ytimg.com\soundData.sol Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\SXSBKUF3\s.ytimg.com\videostats.sol Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Status: Visible to the Windows API, but not on disk. SSDT ------------------- #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370e790 #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370edb0 #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf366b6b8 #: 031 Function Name: NtConnectPort Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370d2a0 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf371b890 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf366b574 #: 046 Function Name: NtCreatePort Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370cf50 #: 047 Function Name: NtCreateProcess Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370a220 #: 048 Function Name: NtCreateProcessEx Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370a5f0 #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3709d40 #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370b6d0 #: 057 Function Name: NtDebugActiveProcess Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370c230 #: 062 Function Name: NtDeleteFile Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf371c320 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf371a160 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf366ba52 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf366b14c #: 071 Function Name: NtEnumerateKey Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf371b830 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf371b860 #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370e260 #: 098 Function Name: NtLoadKey Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf371af00 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf371bf30 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf366b64e #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf366b08c #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf3709fb0 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf366b0f0 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370ea40 #: 160 Function Name: NtQueryKey Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf371b7d0 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf366b76e #: 180 Function Name: NtQueueApcThread Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370ef30 #: 193 Function Name: NtReplaceKey Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf371b2a0 #: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370de10 #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf366b72e #: 206 Function Name: NtResumeThread Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370c920 #: 207 Function Name: NtSaveKey Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf371b7b0 #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370d660 #: 213 Function Name: NtSetContextThread Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370c050 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370c3b0 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf366b8ae #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370e160 #: 253 Function Name: NtSuspendProcess Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370cad0 #: 254 Function Name: NtSuspendThread Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370c750 #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370c590 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370b490 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370be30 #: 262 Function Name: NtUnloadDriver Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370e480 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xf370ebf0 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x86f561f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x86d991f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x86d991f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x86d991f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x86d991f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86d991f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86d991f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86d991f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x86d991f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x86d991f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86d991f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x86d991f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x86fda1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x86fda1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x86fda1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x86fda1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86fda1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86fda1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86fda1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x86fda1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x86fda1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86fda1f8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x86fda1f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x86df11f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x86df11f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86df11f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86df11f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x86df11f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86df11f8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x86df11f8 Size: 121 Object: Hidden Code [Driver: 0, IRP_MJ_CREATE] Process: System Address: 0x86d921f8 Size: 121 Object: Hidden Code [Driver: 0, IRP_MJ_CLOSE] Process: System Address: 0x86d921f8 Size: 121 Object: Hidden Code [Driver: 0, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86d921f8 Size: 121 Object: Hidden Code [Driver: 0, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86d921f8 Size: 121 Object: Hidden Code [Driver: 0, IRP_MJ_POWER] Process: System Address: 0x86d921f8 Size: 121 Object: Hidden Code [Driver: 0, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86d921f8 Size: 121 Object: Hidden Code [Driver: 0, IRP_MJ_PNP] Process: System Address: 0x86d921f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x86f581f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x86f581f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x86f581f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86f581f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86f581f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86f581f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x86f581f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x86f581f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x86f581f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86f581f8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x86f581f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x86a29500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x86a29500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86a29500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86a29500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x86a29500 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x86a29500 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x86dcf1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x86dcf1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86dcf1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86dcf1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x86dcf1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86dcf1f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x86dcf1f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x863761f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_CREATE] Process: System Address: 0x8694d1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_CLOSE] Process: System Address: 0x8694d1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_READ] Process: System Address: 0x8694d1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8694d1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8694d1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8694d1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8694d1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8694d1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8694d1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_SHUTDOWN] Process: System Address: 0x8694d1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8694d1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_CLEANUP] Process: System Address: 0x8694d1f8 Size: 121 Object: Hidden Code [Driver: Cdfsȅఈ浍瑓㣂ᇂ䣂ᇁ壂ᇁ棂ᇁ磂ᇁ裂ᇁ, IRP_MJ_PNP] Process: System Address: 0x8694d1f8 Size: 121 ==EOF== -------------------- Hello :D
|
|
|
|
|
Jun 26 2009, 09:13 AM
Post
#6
|
|
|
To INSANITY and BEYOND !! Group: Moderator Posts: 25,411 Joined: 10-September 04 From: NJ USA Member No.: 2,608 |
Hi this looks good to me. Let's do one more thorough scan. Run SAS.
Please download and scan with SUPERAntiSpyware Free
Scan with SUPERAntiSpyware as follows:
-------------------- How do I get help? Who is helping me?
Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear.... Become a BleepingComputer fan: Facebook |
|
|
|
|
Jun 26 2009, 10:39 AM
Post
#7
|
|
|
Member Group: Members Posts: 33 Joined: 28-March 09 From: Sweden Member No.: 313,885 |
Ok good to know ^^
ill run the scan now and post the results in a moment ^^ LOG: QUOTE SUPERAntiSpyware Scan Log
http://www.superantispyware.com Generated 06/26/2009 at 06:01 PM Application Version : 4.26.1006 Core Rules Database Version : 3957 Trace Rules Database Version: 1899 Scan type : Complete Scan Total Scan Time : 00:17:16 Memory items scanned : 393 Memory threats detected : 0 Registry items scanned : 4437 Registry threats detected : 0 File items scanned : 8922 File threats detected : 1 Adware.Tracking Cookie C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt This post has been edited by Epsynus: Jun 26 2009, 11:02 AM -------------------- Hello :D
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 17th March 2010 - 10:08 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.