Help
As title report I've found some hooked functions with Rootrepeal.
The name changes everytime. could it be AVG (working during the scan??)
every scan is negative with mbam or avg.
Should I post a log to the log-forum??
please tell me if I am infected. I suppose yes.
tnx
Page 1 of 1
sptd.sys, spim.sys, spta.sys etc. Am I infected???
Back to top
#2
- Distinguished Member
-
- Group: Members
- Posts: 815
- Joined: 06-May 10
- Gender:Female
- Location:the crazy city of Boston, In the North East reaches of New England
Posted 25 December 2010 - 07:15 PM
Don't go there yet. The first thing you should do is to download Malwarebytes Anti-Malware from www.malwarebytes.org and then after installing the application make sure that the following are checked: launch Malwarebytes Anti-Malware and update malwarebytes Anti-Malware. Then click finish on the last screen. The program will update itself to the latest version, and then it will open up for you. Run a full scan. if you are asked which drives to scan, leave all the drives selected. Do not use the computer while the scan is running. After the scan is finished, A log will open up in notepad. Paste the results of the log in your next reply so that the members here can review it. If for some reason, the log does not automatically open, it can be viewed by clicking on the logs tab in MBAM. Hope this helps,
Chromebuster
Chromebuster
Raeder24. We're for community, accessibility for the blind, and technology support. Founded in 2008. join our community at raeder24.org
#3
- Member
-
- Group: Members
- Posts: 26
- Joined: 09-December 09
Posted 26 December 2010 - 08:17 AM
first of all thank for quick reply.
here's mabam log after i,ve quarantined 3 entries found:
---------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Versione database: 5396
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26/12/2010 14.01.44
mbam-log-2010-12-26 (14-01-44).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 261915
Tempo trascorso: 1 ore, 39 minuti, 55 secondi
Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 1
Cartelle infette: 0
File infetti: 2
Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)
Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)
Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)
Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)
Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Cartelle infette:
(Non sono stati rilevati elementi nocivi)
File infetti:
c:\RECYCLER\s-1-5-21-1409082233-1425521274-839522115-1003\Dc126.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{066248bf-e35f-4cf9-8feb-3cf7bfb06a6e}\RP5\A0000110.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
here's mabam log after i,ve quarantined 3 entries found:
---------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Versione database: 5396
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26/12/2010 14.01.44
mbam-log-2010-12-26 (14-01-44).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 261915
Tempo trascorso: 1 ore, 39 minuti, 55 secondi
Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 1
Cartelle infette: 0
File infetti: 2
Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)
Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)
Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)
Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)
Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Cartelle infette:
(Non sono stati rilevati elementi nocivi)
File infetti:
c:\RECYCLER\s-1-5-21-1409082233-1425521274-839522115-1003\Dc126.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\system volume information\_restore{066248bf-e35f-4cf9-8feb-3cf7bfb06a6e}\RP5\A0000110.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
#4
- Member
-
- Group: Members
- Posts: 26
- Joined: 09-December 09
Posted 26 December 2010 - 08:54 AM
something more from sysprot (might it be useful??):
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: xwqvvt.sys
Service Name: ---
Module Base: F7616000
Module End: F7624000
Hidden: Yes
Module Name: spuw.sys
Service Name: ---
Module Base: F7502000
Module End: F75F5000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: A9E08000
Module End: A9EDE000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F75030E0
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwEnumerateKey
Address: F751BDA4
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwEnumerateValueKey
Address: F751C132
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwOpenKey
Address: F75030C0
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwOpenProcess
Address: A95586C0
Driver Base: A9556000
Driver End: A9560000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
Function Name: ZwQueryKey
Address: F751C20A
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwQueryValueKey
Address: F751C08A
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwSetValueKey
Address: F751C29C
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwTerminateProcess
Address: A9558770
Driver Base: A9556000
Driver End: A9560000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
Function Name: ZwTerminateThread
Address: A9558810
Driver Base: A9556000
Driver End: A9560000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
Function Name: ZwWriteVirtualMemory
Address: A95588B0
Driver Base: A9556000
Driver End: A9560000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_READ
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8603F1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8603F1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8603F1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8603F1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8603F1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8603F1F8
Hooking Module: _unknown_
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_CREATE
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_CLOSE
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_READ
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_WRITE
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SET_EA
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_POWER
Jump To: F750AE30
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F7519518
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 85D63500
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85D63500
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85D63500
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85D63500
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 85D63500
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 860161F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 860161F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 860161F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 860161F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 860161F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 860161F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\VClone.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86BD51F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\VClone.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86BD51F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\VClone.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86BD51F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\VClone.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86BD51F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\VClone.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86BD51F8
Hooking Module: _unknown_
******************************************************************************************
******************************************************************************************
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: xwqvvt.sys
Service Name: ---
Module Base: F7616000
Module End: F7624000
Hidden: Yes
Module Name: spuw.sys
Service Name: ---
Module Base: F7502000
Module End: F75F5000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: A9E08000
Module End: A9EDE000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: F75030E0
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwEnumerateKey
Address: F751BDA4
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwEnumerateValueKey
Address: F751C132
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwOpenKey
Address: F75030C0
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwOpenProcess
Address: A95586C0
Driver Base: A9556000
Driver End: A9560000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
Function Name: ZwQueryKey
Address: F751C20A
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwQueryValueKey
Address: F751C08A
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwSetValueKey
Address: F751C29C
Driver Base: F7502000
Driver End: F75F5000
Driver Name: spuw.sys
Function Name: ZwTerminateProcess
Address: A9558770
Driver Base: A9556000
Driver End: A9560000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
Function Name: ZwTerminateThread
Address: A9558810
Driver Base: A9556000
Driver End: A9560000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
Function Name: ZwWriteVirtualMemory
Address: A95588B0
Driver Base: A9556000
Driver End: A9560000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F7503000
Hooking Module: spuw.sys
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_READ
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\dmio.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86B661F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8603F1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8603F1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8603F1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8603F1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8603F1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8603F1F8
Hooking Module: _unknown_
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_CREATE
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_CLOSE
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_READ
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_WRITE
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SET_EA
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_CLEANUP
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_POWER
Jump To: F750AE30
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: F7519518
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: \Driver\PCI_PNP6494
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: F7540ABC
Hooking Module: spuw.sys
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86BD61F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 85D63500
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85D63500
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85D63500
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85D63500
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 85D63500
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85EEC1F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 860161F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 860161F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 860161F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 860161F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 860161F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 860161F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\VClone.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 86BD51F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\VClone.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 86BD51F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\VClone.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 86BD51F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\VClone.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 86BD51F8
Hooking Module: _unknown_
Hooked Module: C:\WINDOWS\system32\drivers\VClone.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 86BD51F8
Hooking Module: _unknown_
******************************************************************************************
******************************************************************************************
#5
- OBleepin Investigator
-
- Group: Moderator
- Posts: 29,825
- Joined: 14-July 06
- Gender:Not Telling
- Location:Bloomington, IN
Posted 30 December 2010 - 07:23 PM
Hello,
I have deleted your duplicate topic in the log forum. I cannot read the sys. log, but there is nothing that you have stated yet that actually indicates the presence of malware.
Many things create hooks in windows, so the presence of hooks in and of themselves do not suggest malware.
Are you experiencing any issues with your computer? Redirections, slowdowns, inability to update, pop-ups, other issues?
Orange Blossom
I have deleted your duplicate topic in the log forum. I cannot read the sys. log, but there is nothing that you have stated yet that actually indicates the presence of malware.
Many things create hooks in windows, so the presence of hooks in and of themselves do not suggest malware.
Are you experiencing any issues with your computer? Redirections, slowdowns, inability to update, pop-ups, other issues?
Orange Blossom
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.
Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript
Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript
#6
- Member
-
- Group: Members
- Posts: 26
- Joined: 09-December 09
Posted 31 December 2010 - 05:35 AM
nothing strange but that *.sys changing name worried me.
so if you say I'm ok that's all.
A big big thank for your time.
Davide
so if you say I'm ok that's all.
A big big thank for your time.
Davide
#7
- OBleepin Investigator
-
- Group: Moderator
- Posts: 29,825
- Joined: 14-July 06
- Gender:Not Telling
- Location:Bloomington, IN
Posted 31 December 2010 - 09:19 AM
Hello,
I cannot make that determination.
Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.
If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
Orange Blossom
I cannot make that determination.
Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.
If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
Orange Blossom
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.
Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript
Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript
#8
- Member
-
- Group: Members
- Posts: 26
- Joined: 09-December 09
Posted 03 January 2011 - 02:40 PM
Orange Blossom, on 31 December 2010 - 09:19 AM, said:
Orange Blossom
OK I'll do it asap;
done!!
the defogger step was definitive: hooks are associated with cd emulation sw even with no fake cd active!
tnx. please close the thread
This post has been edited by Montar: 03 January 2011 - 03:00 PM
#9
- Bleepin' Janitor
-
- Group: Global Moderator
- Posts: 25,516
- Joined: 09-July 05
- Gender:Male
- Location:Virginia, USA
Posted 04 January 2011 - 10:37 AM
[quote]please close the thread ]/quote]We do not do that until you start your new topic in the proper forum. I just checked and there is nothing listed except four previously closed topics. It appears you keep reinfecting your computer.
Microsoft MVP - Consumer Security 2007-2012 
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Share this topic:
Page 1 of 1