Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! Can't get into safe mode!! SecurityTool Virus!!


  • Please log in to reply
5 replies to this topic

#1 Miss Michelle

Miss Michelle

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 29 October 2009 - 01:31 PM

I am definitely affected with malware still from the "Security Tool Virus" (which for the most part I have gotten rid of) Still! strange popups are happening, along with redirects on the internet, and some rogue antivirus ads too. I bought and currently use Spyware Doctor but it doesn't seem to be picking up on the problem. Every forum I've been too asks for a DDS scan, and I downloaded the program, followed all direction. I get to the black screen with their information about the scan, but it never pops up with the two logs. I believe this is related to the virus, because Malewarebyes is the only other program that my computer will not let me run. Please...help.

Edited by garmanma, 04 November 2009 - 09:19 PM.


BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 29 October 2009 - 05:55 PM

Moved from HijackThis Logs (No log posted) to a more appropriate forum. Tw

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio

Posted 31 October 2009 - 08:10 PM

Welcome to BC
Run this application then try running your scans


Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Any time the computer restarts you will need to run the application again

========================================



We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

----------------------------------

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

Also try: right-click on rootrepeal.exe and rename it to tatertot.scr
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 Miss Michelle

Miss Michelle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 02 November 2009 - 09:52 PM

About 2 weeks ago my computer got the "SecurityTool" virus on it, and I tried to follow some directions online to remove it. I bought the program SpywareDoctor and scanned in safe mode/healed infections and that seemed to do the trick. However, even though computer seemed to be running fine, I kept getting strange popups and redirects that I suspected was still due to the virus. I posted on several forums about that problem; however, in this time my computer then developed the full blown virus again and now I can barely run any executables. The computer will no longer boot in safe mode, instead a blue screen pops up saying it stopped the process to prevent any further damage to the hard drive. HELP! What should I do!!

#5 Miss Michelle

Miss Michelle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 30 November 2009 - 03:38 PM

Unfortunately, RootRepeal will not start at all. I've downloaded them all and they refuse to run, even when I rename them. I am slightly confused to how to get to the disc access slider. Click settings-options, where? However, Rkill was downloaded and run successfully.

EDIT: I have solved this small problem. Rkill finally did the trick and now RootRepeal is now scanning. The log will be up here shortly.

Edited by Miss Michelle, 30 November 2009 - 04:49 PM.


#6 Miss Michelle

Miss Michelle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 30 November 2009 - 05:12 PM

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/11/30 13:19
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA98EF000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B79000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP3804
Image Path: \Driver\PCI_PNP3804
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal2.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal2.sys
Address: 0xA891A000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spls.sys
Image Path: spls.sys
Address: 0xF7432000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\games\Cooking Academy 2\CookingAcademy2.exe:{D6C3E46D-0C96-48A4-A08B-314F8BAEDB8A}
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP551\A0047837.rbf:{8BC9C533-54EA-5CC7-A59F-2933159C56F0}
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Spyware Doctor\avdb\temp\70D0290D-715D34EB-5.5.8.0-802
Status: Invisible to the Windows API!

Path: C:\Program Files\Spyware Doctor\avdb\temp\MACDESKTOP.PNG0
Status: Invisible to the Windows API!

Path: C:\Program Files\Spyware Doctor\avdb\temp\58FB3E0F-56CDFBDC596
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Jae Dunn\Local Settings\Temporary Internet Files\Content.IE5\042H010M\AC_RunActiveContent[1].js
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Jae Dunn\Local Settings\Temporary Internet Files\Content.IE5\042H010M\mid_bg[1].png
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Jae Dunn\Local Settings\Temporary Internet Files\Content.IE5\042H010M\top_bg[1].jpg
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Jae Dunn\Application Data\Mozilla\Firefox\Profiles\v8n946tk.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf729ce22

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf727dcdc

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf727dece

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf729d610

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf729d8c4

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spls.sys" at address 0xf7451ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spls.sys" at address 0xf7452030

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf729bb14

#: 160 Function Name: NtQueryKey
Status: Hooked by "spls.sys" at address 0xf7452108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spls.sys" at address 0xf7451f88

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf729dd30

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf729d0e2

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf727d982

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86ddb1f8 Size: 121

Object: Hidden Code [Driver: amdmexqiȅ䵃慖㺀腰깨, IRP_MJ_CREATE]
Process: System Address: 0x868431f8 Size: 121

Object: Hidden Code [Driver: amdmexqiȅ䵃慖㺀腰깨, IRP_MJ_CLOSE]
Process: System Address: 0x868431f8 Size: 121

Object: Hidden Code [Driver: amdmexqiȅ䵃慖㺀腰깨, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x868431f8 Size: 121

Object: Hidden Code [Driver: amdmexqiȅ䵃慖㺀腰깨, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x868431f8 Size: 121

Object: Hidden Code [Driver: amdmexqiȅ䵃慖㺀腰깨, IRP_MJ_POWER]
Process: System Address: 0x868431f8 Size: 121

Object: Hidden Code [Driver: amdmexqiȅ䵃慖㺀腰깨, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x868431f8 Size: 121

Object: Hidden Code [Driver: amdmexqiȅ䵃慖㺀腰깨, IRP_MJ_PNP]
Process: System Address: 0x868431f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x868411f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x868411f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x868411f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x868411f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x868411f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x868411f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x868411f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x868411f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x868411f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x868411f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x868411f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x868e7500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x868e7500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x868e7500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x868e7500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x868e7500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x868e7500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x868e7500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x868e7500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x868e7500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x86ad51f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x86ad51f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ad51f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ad51f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x86ad51f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ad51f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x86ad51f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86ddd1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86ddd1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86ddd1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86ddd1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ddd1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ddd1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86ddd1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86ddd1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86ddd1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ddd1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86ddd1f8 Size: 121

Object: Hidden Code [Driver: ad49eblaȅ扏煓ȁఅ瑎獆枠, IRP_MJ_CREATE]
Process: System Address: 0x86840500 Size: 121

Object: Hidden Code [Driver: ad49eblaȅ扏煓ȁఅ瑎獆枠, IRP_MJ_CLOSE]
Process: System Address: 0x86840500 Size: 121

Object: Hidden Code [Driver: ad49eblaȅ扏煓ȁఅ瑎獆枠, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86840500 Size: 121

Object: Hidden Code [Driver: ad49eblaȅ扏煓ȁఅ瑎獆枠, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86840500 Size: 121

Object: Hidden Code [Driver: ad49eblaȅ扏煓ȁఅ瑎獆枠, IRP_MJ_POWER]
Process: System Address: 0x86840500 Size: 121

Object: Hidden Code [Driver: ad49eblaȅ扏煓ȁఅ瑎獆枠, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86840500 Size: 121

Object: Hidden Code [Driver: ad49eblaȅ扏煓ȁఅ瑎獆枠, IRP_MJ_PNP]
Process: System Address: 0x86840500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x866a2500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x866a2500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x866a2500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x866a2500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x866a2500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x866a2500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86ab21f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86ab21f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ab21f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ab21f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86ab21f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ab21f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86ab21f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8633a500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_CREATE]
Process: System Address: 0x85db2500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_CLOSE]
Process: System Address: 0x85db2500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_READ]
Process: System Address: 0x85db2500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85db2500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85db2500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85db2500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85db2500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85db2500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85db2500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85db2500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85db2500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_CLEANUP]
Process: System Address: 0x85db2500 Size: 121

Object: Hidden Code [Driver: CdRom, IRP_MJ_PNP]
Process: System Address: 0x85db2500 Size: 121

==EOF==

Note: while I tried to run DDS after using these programs, it still did not pop up with any logs.

Edited by Miss Michelle, 30 November 2009 - 05:29 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users