Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SkyNet RootKIt!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Bobb24

Bobb24

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 18 September 2009 - 08:47 PM

Here are the logs I asked to post...barely got them. The notebook is barely starting up...we can only run through task manager and comm prompt. Safe mode doesnt even work correctly! So hopefully these logs will provide you with something to help! thanks



Running from: win32kdiag.exe

Log file at : C:\Documents and Settings\Alvin\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\system32\uxtheme.dll

----------------------------------------------------------------------------------------------------------------


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/18 23:10
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9D5B000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B15000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP6350
Image Path: \Driver\PCI_PNP6350
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF7777000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SKYNETehkqnnhb.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETehkqnnhb.sys
Address: 0xAA26B000 Size: 163840 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: spgo.sys
Image Path: spgo.sys
Address: 0xF7446000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\SKYNETayindlta.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uxtheme.dll
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\SKYNETbmqxrmey.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETcckqiisq.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETdwyklijt.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETehmtujve.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETflkuqavl.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETfpmpeqjt.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETibcreetb.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETjxtstmpc.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETlmlqpqjw.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETmjuspqbf.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETntetheml.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETnvxtqiti.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETpdeffpuv.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETrxmbnmci.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETutvtrfjn.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETwdvbfoqf.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETwkkpaavx.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETwtflnehn.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETxvivxtfd.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETyrdqnfyk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\SKYNETehkqnnhb.sys
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\SKYNETisoqcibx.sys.vir
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Alvin\Application Data\Skype\shared.xml
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Alvin\Application Data\Skype\alvin.matthew.piercey\AD&D Heroes of the Lance (U).nes
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Alvin\LocalLow\TVU networks\TVUPlayer\shared.xml
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Alvin\Local Settings\Apps\2.0\VM56H9KL.MGK\G7DMMV70.59V\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Alvin\Local Settings\Apps\2.0\VM56H9KL.MGK\G7DMMV70.59V\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: SKYNETwdvbfoqf.dll]
Process: svchost.exe (PID: 1124) Address: 0x10000000 Size: 53248

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86f501f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x85c8e1f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_CREATE]
Process: System Address: 0x86f561f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_CLOSE]
Process: System Address: 0x86f561f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f561f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f561f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_POWER]
Process: System Address: 0x86f561f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f561f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_PNP]
Process: System Address: 0x86f561f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CREATE]
Process: System Address: 0x86f5f1f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CLOSE]
Process: System Address: 0x86f5f1f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f5f1f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f5f1f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_POWER]
Process: System Address: 0x86f5f1f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f5f1f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_PNP]
Process: System Address: 0x86f5f1f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_CREATE]
Process: System Address: 0x86f531f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_CLOSE]
Process: System Address: 0x86f531f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f531f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f531f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_POWER]
Process: System Address: 0x86f531f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f531f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_PNP]
Process: System Address: 0x86f531f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_CREATE]
Process: System Address: 0x86f5c1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_CLOSE]
Process: System Address: 0x86f5c1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f5c1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f5c1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_POWER]
Process: System Address: 0x86f5c1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f5c1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_PNP]
Process: System Address: 0x86f5c1f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_CREATE]
Process: System Address: 0x86fc51f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_CLOSE]
Process: System Address: 0x86fc51f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fc51f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fc51f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_POWER]
Process: System Address: 0x86fc51f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fc51f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_PNP]
Process: System Address: 0x86fc51f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_CREATE]
Process: System Address: 0x86f5e1f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_CLOSE]
Process: System Address: 0x86f5e1f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f5e1f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f5e1f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_POWER]
Process: System Address: 0x86f5e1f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f5e1f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_PNP]
Process: System Address: 0x86f5e1f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CREATE]
Process: System Address: 0x86fc91f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CLOSE]
Process: System Address: 0x86fc91f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fc91f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fc91f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_POWER]
Process: System Address: 0x86fc91f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fc91f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_PNP]
Process: System Address: 0x86fc91f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CREATE]
Process: System Address: 0x86f581f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CLOSE]
Process: System Address: 0x86f581f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f581f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f581f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_POWER]
Process: System Address: 0x86f581f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f581f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_PNP]
Process: System Address: 0x86f581f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CREATE]
Process: System Address: 0x86f5d1f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CLOSE]
Process: System Address: 0x86f5d1f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f5d1f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f5d1f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_POWER]
Process: System Address: 0x86f5d1f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f5d1f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_PNP]
Process: System Address: 0x86f5d1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x86e1f500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x86e1f500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x86e1f500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x86e1f500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e1f500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86e1f500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x86e1f500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86e1f500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x86e1f500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x86dbe500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x86dbe500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86dbe500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86dbe500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x86dbe500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86dbe500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x86dbe500 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CREATE]
Process: System Address: 0x86fcb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CLOSE]
Process: System Address: 0x86fcb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fcb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fcb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_POWER]
Process: System Address: 0x86fcb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fcb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_PNP]
Process: System Address: 0x86fcb1f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_CREATE]
Process: System Address: 0x86fc81f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_CLOSE]
Process: System Address: 0x86fc81f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fc81f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fc81f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_POWER]
Process: System Address: 0x86fc81f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fc81f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_PNP]
Process: System Address: 0x86fc81f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CREATE]
Process: System Address: 0x86f5b1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CLOSE]
Process: System Address: 0x86f5b1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f5b1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f5b1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_POWER]
Process: System Address: 0x86f5b1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f5b1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_PNP]
Process: System Address: 0x86f5b1f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CREATE]
Process: System Address: 0x86fd01f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CLOSE]
Process: System Address: 0x86fd01f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd01f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd01f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_POWER]
Process: System Address: 0x86fd01f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd01f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_PNP]
Process: System Address: 0x86fd01f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86f631f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86f631f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86f631f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f631f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f631f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f631f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f631f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86f631f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86f631f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f631f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86f631f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CREATE]
Process: System Address: 0x86f571f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CLOSE]
Process: System Address: 0x86f571f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f571f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f571f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_POWER]
Process: System Address: 0x86f571f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f571f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_PNP]
Process: System Address: 0x86f571f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CREATE]
Process: System Address: 0x86fca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CLOSE]
Process: System Address: 0x86fca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_POWER]
Process: System Address: 0x86fca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_PNP]
Process: System Address: 0x86fca1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CREATE]
Process: System Address: 0x86f591f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CLOSE]
Process: System Address: 0x86f591f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f591f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f591f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_POWER]
Process: System Address: 0x86f591f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f591f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_PNP]
Process: System Address: 0x86f591f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_CREATE]
Process: System Address: 0x86fc61f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_CLOSE]
Process: System Address: 0x86fc61f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fc61f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fc61f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_POWER]
Process: System Address: 0x86fc61f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fc61f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_PNP]
Process: System Address: 0x86fc61f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_CREATE]
Process: System Address: 0x86f541f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_CLOSE]
Process: System Address: 0x86f541f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f541f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f541f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_POWER]
Process: System Address: 0x86f541f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f541f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_PNP]
Process: System Address: 0x86f541f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_CREATE]
Process: System Address: 0x86fd11f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_CLOSE]
Process: System Address: 0x86fd11f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fd11f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fd11f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_POWER]
Process: System Address: 0x86fd11f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fd11f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_PNP]
Process: System Address: 0x86fd11f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x86ab1500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x86ab1500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ab1500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ab1500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x86ab1500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x86ab1500 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_CREATE]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_CLOSE]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_POWER]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_PNP]
Process: System Address: 0x86fc41f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CREATE]
Process: System Address: 0x86f601f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CLOSE]
Process: System Address: 0x86f601f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f601f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f601f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_POWER]
Process: System Address: 0x86f601f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f601f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_PNP]
Process: System Address: 0x86f601f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_CREATE]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_CLOSE]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_POWER]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_PNP]
Process: System Address: 0x86f521f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_CREATE]
Process: System Address: 0x86fcf1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_CLOSE]
Process: System Address: 0x86fcf1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86fcf1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86fcf1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_POWER]
Process: System Address: 0x86fcf1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86fcf1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_PNP]
Process: System Address: 0x86fcf1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86dbd500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86dbd500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86dbd500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86dbd500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86dbd500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86dbd500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86dbd500 Size: 12Hidden Services
-------------------
Service Name: SKYNETnhiwfmxi
Image Path: C:\WINDOWS\system32\drivers\SKYNETehkqnnhb.sys

==EOF==

BC AdBot (Login to Remove)

 


#2 Bobb24

Bobb24
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 21 September 2009 - 10:35 PM

I want to let you know that you can close this forum. We had to reformat our computer in order for it to function at all. So now everything is A-O-K ! We appreciate your efforts in helping :() Thanks

Bobb

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:43 AM

Posted 23 September 2009 - 09:17 AM

Thanks for letting us know :(

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users