Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicking on links in google brings me to ad sites


  • Please log in to reply
3 replies to this topic

#1 pnkrckbnd

pnkrckbnd

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 04 October 2009 - 12:12 PM

Id like to start by saying that this is my first post. I hope someone can please take the time to help me out on this.

Im not sure when or why it started but ive noticed lately that when i search something on google, usually the first time i click on a link, i get taken to a completely different site that shows up as having a bad reputation from WOT.

Im pretty sure this isnt a problem with googles website, i probably have something installed thats doing this, but ive run malware, avg, and spybot and got rid of everything they picked up and havent found any spyware or viruses since then.

its getting really annoying and im afraid that one of these sites might install something on my computer without me knowing. if anyone can help that would be awesome, i can post whatever logs you need, just let me know. thanks

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:08 PM

Posted 04 October 2009 - 12:15 PM

Hello pnkrckbnd and :thumbsup: to BleepingComputer.

Let's see what we're dealing with here.

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • At the top of the window, click Settings, then Options.
  • Click the Ssdt & Shadow Ssdt Tab.
  • Make sure the box next to "Only display hooked functions." is checked.
  • Click the "X" in the top right corner of the Settings window to close it.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
RootRepeal log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 pnkrckbnd

pnkrckbnd
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:08 PM

Posted 04 October 2009 - 01:41 PM

Thank you very much for your time! Heres the log that i got from running that...

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/04 13:47
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA6E3A000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADCC000 Size: 8192 File Visible: No Signed: -
Status: -

Name: f68e3a21.sys
Image Path: C:\WINDOWS\System32\drivers\f68e3a21.sys
Address: 0xA6EA3000 Size: 87168 File Visible: No Signed: -
Status: -

Name: PCI_PNP5184
Image Path: \Driver\PCI_PNP5184
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6A18000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spdy.sys
Image Path: spdy.sys
Address: 0xBA6A6000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\drivers\f68e3a21.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Joe\Local Settings\Apps\2.0\N1N1KK0C.J1H\H0PVNCYA.JE2\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a6a01f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a48b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a48b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a48b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a48b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a48b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a48b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a48b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a48b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a48b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a48b1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a48b1f8 Size: 121

Object: Hidden Code [Driver: at1yv0dqЅ౨瑎晦܂ੈ, IRP_MJ_CREATE]
Process: System Address: 0x8a4281f8 Size: 121

Object: Hidden Code [Driver: at1yv0dqЅ౨瑎晦܂ੈ, IRP_MJ_CLOSE]
Process: System Address: 0x8a4281f8 Size: 121

Object: Hidden Code [Driver: at1yv0dqЅ౨瑎晦܂ੈ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a4281f8 Size: 121

Object: Hidden Code [Driver: at1yv0dqЅ౨瑎晦܂ੈ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a4281f8 Size: 121

Object: Hidden Code [Driver: at1yv0dqЅ౨瑎晦܂ੈ, IRP_MJ_POWER]
Process: System Address: 0x8a4281f8 Size: 121

Object: Hidden Code [Driver: at1yv0dqЅ౨瑎晦܂ੈ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a4281f8 Size: 121

Object: Hidden Code [Driver: at1yv0dqЅ౨瑎晦܂ੈ, IRP_MJ_PNP]
Process: System Address: 0x8a4281f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8a4e21f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8a4e21f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a4e21f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a4e21f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8a4e21f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a4e21f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8a4e21f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a7121f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a7121f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a7121f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a7121f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a7121f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a7121f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a7121f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a7121f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a7121f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a7121f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a7121f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8a6301f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8a6301f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a6301f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a6301f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8a6301f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8a6301f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a4e03f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a4e03f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a4e03f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a4e03f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a4e03f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a4e03f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a4e03f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x898651f8 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_CREATE]
Process: System Address: 0x8a554500 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_CLOSE]
Process: System Address: 0x8a554500 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_READ]
Process: System Address: 0x8a554500 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a554500 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a554500 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a554500 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a554500 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a554500 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a554500 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a554500 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a554500 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_CLEANUP]
Process: System Address: 0x8a554500 Size: 121

Object: Hidden Code [Driver: Cdfsȅః灐畳CmBatt, IRP_MJ_PNP]
Process: System Address: 0x8a554500 Size: 121

Hidden Services
-------------------
Service Name: f68e3a21
Image Path: C:\WINDOWS\System32\drivers\f68e3a21.sys

==EOF==

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:08 PM

Posted 05 October 2009 - 04:50 AM

With the information you have provided I believe you will need help from the malware removal team. Please read the information about getting started. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The HJT team is very busy, so it could be several days (12-14 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!

Sorry I couldn't do more; the HJT Team is better equipped to deal with this kind of infection.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users