Cannot access Anti-Virus program anymore-

Hi!

First off let me say thank you in advance for reading this and taking the time to help! It is very much appreciated!


Recently, while surfing, my son noticed that a script was constantly being flagged by McAfee saying it was "iexplore.exe" trying to modify the registry- there were like 6 "iexplore.exe" processes running at one time!

I did a scan with malwarebytes anti malware program in safe mode and it had found 2 items which i deleted- then i scanned with spybot search and destroy, windows defender, and the microsoft Windows Malicious Software Removal Tool in safe mode- then scanned again with the malwarebytes anti-malware program all came up clean-

the iexplore.exe notifications have stopped, but now i cannot access McAfee security Center or quick scan any files, when i try to open the program the splash screen appears for a second but the main program never launches, i can see it try to open the mcshell.exe in the task manager, but it closes in a second..

So I am afraid it is some script causing it to shut down..


any help would be very much appreciated!


I am running Windows Vista (i think 32 bit?) with Service Pack 2

I know you are busy people and have a lot of people to help, so i tried to make it easier on you by including the prework, but i even had problems with both of those programs, DDS and Root Repeal..

I downloaded DDS.scr but upon double clicking it my computer did not know which program to open it with! it asked me to search the web for an appropriate program to open it with but it said "unkowwn" ??

i figured maybe notepad to open it but i didn't want to do anything without asking first - so if you know how to make it readable in Vista please let me know!

I then tried the root repeal program, and it seemed to be scanning fine until it popped up a window with an invisible message screen saying "error" at the top of the pop up window, but the message was see through to the window behind it!! i could move the window but it would just see through to whatever was behind it! then root Repeal generated up these 2 error logs and crashed-


ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x0040ab12
Attempt to write to address: 0x00000004

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x00456d83
Attempt to read from address: 0x00000114

I discovered it only crashed when i included "files" in the scan, so i was able to at least scan all the other categories in Root Repeal, and i will post the log below- i will keep trying to have it scan the files successfully and will post it asap if it is able to not crash-

and it also placed a file called "settings.dat" on my desktop- can i delete that file?


I DID do successful scans with HiJackThis, RSIT and Gmer, and can post those if you like also-


i also tried renaming the mcafee files to different names to see if they would then launch, but they did not.. i also noticed i still have 2 "csrss.exe" processes running at all times..and i seem to have a bunch of new temp folders in my Users folder..

I am at a loss as what to try next!

thanks again for any help!

Edited by fritozanzibar, 15 October 2009 - 06:09 AM.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/15 05:30
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x90D12000 Size: 753664 File Visible: No Signed: -
Status: -

Name: kwlcapoc.sys
Image Path: C:\Users\Frito\AppData\Local\Temp\kwlcapoc.sys
Address: 0x9F7CF000 Size: 87040 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9F7F1000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spfv.sys
Image Path: C:\Windows\System32\Drivers\spfv.sys
Address: 0x8068D000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x858f01f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CREATE]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_READ]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_WRITE]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_PNP]
Process: System Address: 0x8837d1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CREATE]
Process: System Address: 0x858ed1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CLOSE]
Process: System Address: 0x858ed1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858ed1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x858ed1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_POWER]
Process: System Address: 0x858ed1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858ed1f8 Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_PNP]
Process: System Address: 0x858ed1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x858ef1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x858ef1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858ef1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x858ef1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x858ef1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858ef1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x858ef1f8 Size: 121

Object: Hidden Code [Driver: cdrom虃
, IRP_MJ_CREATE]
Process: System Address: 0x8709e1f8 Size: 121

Object: Hidden Code [Driver: cdrom虃
, IRP_MJ_CLOSE]
Process: System Address: 0x8709e1f8 Size: 121

Object: Hidden Code [Driver: cdrom虃
, IRP_MJ_READ]
Process: System Address: 0x8709e1f8 Size: 121

Object: Hidden Code [Driver: cdrom虃
, IRP_MJ_WRITE]
Process: System Address: 0x8709e1f8 Size: 121

Object: Hidden Code [Driver: cdrom虃
, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8709e1f8 Size: 121

Object: Hidden Code [Driver: cdrom虃
, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8709e1f8 Size: 121

Object: Hidden Code [Driver: cdrom虃
, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8709e1f8 Size: 121

Object: Hidden Code [Driver: cdrom虃
, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8709e1f8 Size: 121

Object: Hidden Code [Driver: cdrom虃
, IRP_MJ_POWER]
Process: System Address: 0x8709e1f8 Size: 121

Object: Hidden Code [Driver: cdrom虃
, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8709e1f8 Size: 121

Object: Hidden Code [Driver: cdrom虃
, IRP_MJ_PNP]
Process: System Address: 0x8709e1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR蠙П牄识싨踟
, IRP_MJ_CREATE]
Process: System Address: 0x88195500 Size: 121

Object: Hidden Code [Driver: USBSTOR蠙П牄识싨踟
, IRP_MJ_CLOSE]
Process: System Address: 0x88195500 Size: 121

Object: Hidden Code [Driver: USBSTOR蠙П牄识싨踟
, IRP_MJ_READ]
Process: System Address: 0x88195500 Size: 121

Object: Hidden Code [Driver: USBSTOR蠙П牄识싨踟
, IRP_MJ_WRITE]
Process: System Address: 0x88195500 Size: 121

Object: Hidden Code [Driver: USBSTOR蠙П牄识싨踟
, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88195500 Size: 121

Object: Hidden Code [Driver: USBSTOR蠙П牄识싨踟
, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88195500 Size: 121

Object: Hidden Code [Driver: USBSTOR蠙П牄识싨踟
, IRP_MJ_POWER]
Process: System Address: 0x88195500 Size: 121

Object: Hidden Code [Driver: USBSTOR蠙П牄识싨踟
, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x88195500 Size: 121

Object: Hidden Code [Driver: USBSTOR蠙П牄识싨踟
, IRP_MJ_PNP]
Process: System Address: 0x88195500 Size: 121

Object: Hidden Code [Driver: usbuhci草ҫ䑎晩, IRP_MJ_CREATE]
Process: System Address: 0x875091f8 Size: 121

Object: Hidden Code [Driver: usbuhci草ҫ䑎晩, IRP_MJ_CLOSE]
Process: System Address: 0x875091f8 Size: 121

Object: Hidden Code [Driver: usbuhci草ҫ䑎晩, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x875091f8 Size: 121

Object: Hidden Code [Driver: usbuhci草ҫ䑎晩, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x875091f8 Size: 121

Object: Hidden Code [Driver: usbuhci草ҫ䑎晩, IRP_MJ_POWER]
Process: System Address: 0x875091f8 Size: 121

Object: Hidden Code [Driver: usbuhci草ҫ䑎晩, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x875091f8 Size: 121

Object: Hidden Code [Driver: usbuhci草ҫ䑎晩, IRP_MJ_PNP]
Process: System Address: 0x875091f8 Size: 121

Object: Hidden Code [Driver: ay9pe6nwП牄识쫨踗
, IRP_MJ_CREATE]
Process: System Address: 0x8756e1f8 Size: 121

Object: Hidden Code [Driver: ay9pe6nwП牄识쫨踗
, IRP_MJ_CLOSE]
Process: System Address: 0x8756e1f8 Size: 121

Object: Hidden Code [Driver: ay9pe6nwП牄识쫨踗
, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8756e1f8 Size: 121

Object: Hidden Code [Driver: ay9pe6nwП牄识쫨踗
, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8756e1f8 Size: 121

Object: Hidden Code [Driver: ay9pe6nwП牄识쫨踗
, IRP_MJ_POWER]
Process: System Address: 0x8756e1f8 Size: 121

Object: Hidden Code [Driver: ay9pe6nwП牄识쫨踗
, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8756e1f8 Size: 121

Object: Hidden Code [Driver: ay9pe6nwП牄识쫨踗
, IRP_MJ_PNP]
Process: System Address: 0x8756e1f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System Address: 0x881b91f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System Address: 0x881b91f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x881b91f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x881b91f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System Address: 0x881b91f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System Address: 0x881b91f8 Size: 121

Object: Hidden Code [Driver: netbt蠟, IRP_MJ_CREATE]
Process: System Address: 0x88187500 Size: 121

Object: Hidden Code [Driver: netbt蠟, IRP_MJ_CLOSE]
Process: System Address: 0x88187500 Size: 121

Object: Hidden Code [Driver: netbt蠟, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88187500 Size: 121

Object: Hidden Code [Driver: netbt蠟, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88187500 Size: 121

Object: Hidden Code [Driver: netbt蠟, IRP_MJ_CLEANUP]
Process: System Address: 0x88187500 Size: 121

Object: Hidden Code [Driver: netbt蠟, IRP_MJ_PNP]
Process: System Address: 0x88187500 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄识쭨踘
, IRP_MJ_CREATE]
Process: System Address: 0x874ad1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄识쭨踘
, IRP_MJ_CLOSE]
Process: System Address: 0x874ad1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄识쭨踘
, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x874ad1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄识쭨踘
, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x874ad1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄识쭨踘
, IRP_MJ_POWER]
Process: System Address: 0x874ad1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄识쭨踘
, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x874ad1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄识쭨踘
, IRP_MJ_PNP]
Process: System Address: 0x874ad1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x84f5d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x84f5d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x84f5d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84f5d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84f5d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84f5d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84f5d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x84f5d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x84f5d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84f5d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x84f5d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x875701f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x875701f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x875701f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x875701f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x875701f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x875701f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x875701f8 Size: 121

Object: Hidden Code [Driver: sbp2port, IRP_MJ_CREATE]
Process: System Address: 0x858f11f8 Size: 121

Object: Hidden Code [Driver: sbp2port, IRP_MJ_CLOSE]
Process: System Address: 0x858f11f8 Size: 121

Object: Hidden Code [Driver: sbp2port, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858f11f8 Size: 121

Object: Hidden Code [Driver: sbp2port, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x858f11f8 Size: 121

Object: Hidden Code [Driver: sbp2port, IRP_MJ_POWER]
Process: System Address: 0x858f11f8 Size: 121

Object: Hidden Code [Driver: sbp2port, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858f11f8 Size: 121

Object: Hidden Code [Driver: sbp2port, IRP_MJ_PNP]
Process: System Address: 0x858f11f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]
Process: System Address: 0x8744e500 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_CREATE]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_CLOSE]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_READ]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_WRITE]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_SHUTDOWN]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_CLEANUP]
Process: System Address: 0x851c51f8 Size: 121

Object: Hidden Code [Driver: cdfs瑎牦셠蔞仨蛍⫰蔏
€Ѕ捓䙌, IRP_MJ_PNP]
Process: System Address: 0x851c51f8 Size: 121

==EOF==

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

We Need to check for Rootkits with RootRepeal

• Download RootRepeal from the following location and save it to your desktop.
  
  First Location
  Second Location
  Third Location
  
  
• Open on your desktop.
• Click the tab.
• Click the button.
• Check all seven boxes:
• Push Ok
• Check the box for your main system drive (Usually C:), and press Ok.
• Allow RootRepeal to run a scan of your system. This may take some time.
• Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Since this issue appears to be resolved ... this topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.