Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with google installer malware on a windows xp home edition laptop


  • This topic is locked This topic is locked
2 replies to this topic

#1 nathan s

nathan s

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 19 January 2010 - 04:13 PM


Hi,

Please advise me on how to clean my system. Thanks in advance. Following is the log files.

--Nathan


********************************START OF DDS.TXT*****************************;


DDS (Ver_09-12-01.01) - NTFSx86
Run by SRIHARI SWAMYNATHAN at 12:17:17.56 on Tue 01/19/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.233 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SRIHARI SWAMYNATHAN\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe7\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {720B3C59-7EDE-44d1-AD9C-71106A7550AF} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [CS Update] copy /Y "c:\program files\activationmanager\activationmanager.dll.upd" "c:\program files\activationmanager\ActivationManager.dll"
uRun: [Google Update] "c:\documents and settings\srihari swamynathan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Optimum Online Cursor Search - c:\documents and settings\all users\application data\infospace\optimumonline\contextsearch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos1.walmart.com/WalmartActivia.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/40.12/uploader2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-7 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]
S2 gupdate1ca1b64d492b7a0;Google Update Service (gupdate1ca1b64d492b7a0);c:\program files\google\update\GoogleUpdate.exe [2009-8-12 133104]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-7 34136]

=============== Created Last 30 ================

2010-01-19 01:19:13 0 d-----w- c:\docume~1\srihar~1\applic~1\Malwarebytes
2010-01-19 00:56:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 00:56:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-19 00:56:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 00:56:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 00:05:47 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-19 00:05:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-18 23:24:04 0 d-sha-r- C:\cmdcons
2010-01-18 19:35:43 98816 ----a-w- c:\windows\sed.exe
2010-01-18 19:35:43 229888 ----a-w- c:\windows\PEV.exe
2010-01-18 19:35:43 161792 ----a-w- c:\windows\SWREG.exe
2010-01-13 17:44:57 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 00:15:02 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-08 14:28:19 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-08 14:28:12 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-08 14:28:12 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-01-08 04:09:55 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-08 04:09:55 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-08 04:09:11 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-01-08 04:09:11 78464 ----a-w- c:\windows\system32\dllcache\usbvideo.sys
2010-01-08 04:09:10 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-01-08 04:09:10 20992 ----a-w- c:\windows\system32\dllcache\dshowext.ax
2010-01-08 04:08:48 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-01-08 04:08:48 31616 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-01-08 04:07:19 513368 ----a-w- c:\windows\system32\MSHProxy.ax
2010-01-08 04:07:19 34136 ----a-w- c:\windows\system32\drivers\nx6000.sys
2010-01-08 04:07:19 202072 ----a-w- c:\windows\system32\LCCoin14.dll
2010-01-08 04:03:30 0 d-----w- c:\program files\Microsoft LifeCam
2010-01-08 03:36:23 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2010-01-08 03:36:23 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-01-08 03:36:21 68888 ----a-w- c:\windows\system32\xinput1_3.dll
2010-01-08 03:36:19 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-08 03:36:15 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-01-08 03:36:14 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2010-01-08 03:35:01 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-08 03:34:21 0 d-----w- c:\documents and settings\srihari swamynathan\Tracing
2010-01-08 03:31:22 0 d-----w- c:\program files\Microsoft
2010-01-08 03:30:37 0 d-----w- c:\program files\Windows Live SkyDrive
2010-01-08 03:21:20 0 d-----w- c:\program files\common files\Windows Live
2010-01-08 03:08:51 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-08 03:08:51 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-01-08 03:08:24 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-01-08 03:08:24 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-01-08 03:07:59 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-08 03:07:59 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys

==================== Find3M ====================

2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-28 06:54:16 634632 ------w- c:\windows\system32\dllcache\iexplore.exe
2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2005-12-24 19:32:04 605872 ------w- c:\program files\gettbar.exe
2005-12-24 19:17:58 4490968 ------w- c:\program files\EZAntivirus.exe
2007-04-15 22:50:06 104 --sh--r- c:\windows\system32\C8935B240F.sys
2007-04-15 22:50:08 4704 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 12:20:30.33 ===============

********************************END OF DDS.TXT*****************************;



********************************START OF ARK.TXT(ROOTREPEAL)*****************************;

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/19 14:37
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 00000080
Image Path: \Driver\00000080
Address: 0x00000000 Size: 0 File Visible: No Signed: No
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xEC348000 Size: 15264 File Visible: - Signed: No
Status: -

Name: APPDRV.SYS
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
Address: 0xF81FD000 Size: 16128 File Visible: - Signed: No
Status: -

Name: drvmcdb.sys
Image Path: drvmcdb.sys
Address: 0xF8352000 Size: 85344 File Visible: - Signed: No
Status: -

Name: drvnddm.sys
Image Path: C:\WINDOWS\system32\drivers\drvnddm.sys
Address: 0xF8776000 Size: 38240 File Visible: - Signed: No
Status: -

Name: DSproct.sys
Image Path: C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
Address: 0xF8A5A000 Size: 4736 File Visible: - Signed: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEC4EC000 Size: 98304 File Visible: No Signed: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8AC6000 Size: 8192 File Visible: No Signed: No
Status: -

Name: H8SRTxfeqpxmpje.sys
Image Path: C:\WINDOWS\system32\drivers\H8SRTxfeqpxmpje.sys
Address: 0xEC602000 Size: 118784 File Visible: - Signed: No
Status: Hidden from the Windows API!

Name: omci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\omci.sys
Address: 0xF893E000 Size: 17088 File Visible: - Signed: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEBBFE000 Size: 49152 File Visible: No Signed: No
Status: -

Name: s24trans.sys
Image Path: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Address: 0xEC344000 Size: 10432 File Visible: - Signed: No
Status: -

Name: sptd.sys
Image Path: sptd.sys
Address: 0xF8445000 Size: 851968 File Visible: - Signed: No
Status: -

Name: SPTD8621.SYS
Image Path: C:\WINDOWS\System32\Drivers\SPTD8621.SYS
Address: 0xF842D000 Size: 98304 File Visible: - Signed: No
Status: -

Name: sscdbhk5.sys
Image Path: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Address: 0xF8A80000 Size: 5568 File Visible: - Signed: No
Status: -

Name: ssrtln.sys
Image Path: C:\WINDOWS\system32\drivers\ssrtln.sys
Address: 0xF87F6000 Size: 23488 File Visible: - Signed: No
Status: -

Name: tfsnboio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnboio.sys
Address: 0xF8856000 Size: 25824 File Visible: - Signed: No
Status: -

Name: tfsncofs.sys
Image Path: C:\WINDOWS\system32\dla\tfsncofs.sys
Address: 0xF8786000 Size: 34784 File Visible: - Signed: No
Status: -

Name: tfsndrct.sys
Image Path: C:\WINDOWS\system32\dla\tfsndrct.sys
Address: 0xF8B11000 Size: 4064 File Visible: - Signed: No
Status: -

Name: tfsndres.sys
Image Path: C:\WINDOWS\system32\dla\tfsndres.sys
Address: 0xF8B2B000 Size: 2176 File Visible: - Signed: No
Status: -

Name: tfsnifs.sys
Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys
Address: 0xEC396000 Size: 86528 File Visible: - Signed: No
Status: -

Name: tfsnopio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnopio.sys
Address: 0xF822D000 Size: 15168 File Visible: - Signed: No
Status: -

Name: tfsnpool.sys
Image Path: C:\WINDOWS\system32\dla\tfsnpool.sys
Address: 0xF8AE4000 Size: 6304 File Visible: - Signed: No
Status: -

Name: tfsnudf.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudf.sys
Address: 0xEC37D000 Size: 98656 File Visible: - Signed: No
Status: -

Name: tfsnudfa.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudfa.sys
Address: 0xEC364000 Size: 100544 File Visible: - Signed: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\H8SRTanvvvkptmi.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\H8SRTewaokxjbak.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\H8SRTgypmvjlhls.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\H8SRTjklxapuxbq.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\h8srtkrl32mainweq.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\H8SRTmlrnxqtode.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\h8srtshsyst.dll
Status: Invisible to the Windows API!

Path: C:\Program Files\DivX\Movies\S12-MO~1:5550_496e24ce5d872.avi.part
Status: Invisible to the Windows API!

Path: C:\Program Files\DivX\Movies\S12-MO~1:5550_496e24ce5d872.avi.part
Status: Invisible to the Windows API!

Path: C:\Program Files\DivX\Movies\S12-MO~1:5550_496e24ce5d872.avi.part
Status: Invisible to the Windows API!

Path: C:\Program Files\DivX\Movies\S12-MO~1:5550_496e24ce5d872.avi.part
Status: Invisible to the Windows API!

Path: C:\Program Files\DivX\Movies\S12-MO~1:5550_496e24ce5d872.avi.part
Status: Invisible to the Windows API!

Path: C:\Program Files\DivX\Movies\S12-MO~1:5550_496e24ce5d872.avi.part
Status: Invisible to the Windows API!

Path: C:\Program Files\DivX\Movies\S12-MO~1:5550_496e24ce5d872.avi.part
Status: Invisible to the Windows API!

Path: C:\Program Files\DivX\Movies\S12-MO~1:5550_496e24ce5d872.avi.part
Status: Invisible to the Windows API!

Path: C:\Program Files\DivX\Movies\S12-MO~1:5550_496e24ce5d872.avi.part
Status: Invisible to the Windows API!

Path: C:\Program Files\DivX\Movies\S12-MO~1:5550_496e24ce5d872.avi.part
Status: Invisible to the Windows API!

Path: C:\Program Files\DivX\Movies\S12-MO~1:5550_496e24ce5d872.avi.part
Status: Invisible to the Windows API!

Path: C:\Program Files\DivX\Movies\S12-MO~1:5550_496e24ce5d872.avi.part
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\H8SRTxfeqpxmpje.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\SRIHARI SWAMYNATHAN\Local Settings\Temp\H8SRT3976.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\SRIHARI SWAMYNATHAN\Local Settings\Temp\h8srtmainqt.dll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\SRIHARI SWAMYNATHAN\Local Settings\Apps\2.0\0OVXM1NK.A75\MR03JXXD.9NK\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\SRIHARI SWAMYNATHAN\Local Settings\Apps\2.0\0OVXM1NK.A75\MR03JXXD.9NK\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: services.exe (PID: 744) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: lsass.exe (PID: 756) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: Ati2evxx.exe (PID: 924) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: svchost.exe (PID: 940) Address: 0x00890000 Size: 36864

Object: Hidden Module [Name: H8SRTgypmvjlhls.dll]
Process: svchost.exe (PID: 940) Address: 0x00930000 Size: 65536

Object: Hidden Module [Name: H8SRTanvvvkptmi.dll]
Process: svchost.exe (PID: 940) Address: 0x10000000 Size: 81920

Object: Hidden Module [Name: H8SRTanvvvkptmi.dll]
Process: svchost.exe (PID: 1084) Address: 0x10000000 Size: 81920

Object: Hidden Module [Name: H8SRTanvvvkptmi.dll]
Process: svchost.exe (PID: 1128) Address: 0x10000000 Size: 81920

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: EvtEng.exe (PID: 1168) Address: 0x00710000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: S24EvMon.exe (PID: 1256) Address: 0x00a10000 Size: 36864

Object: Hidden Module [Name: H8SRTanvvvkptmi.dll]
Process: svchost.exe (PID: 1424) Address: 0x10000000 Size: 81920

Object: Hidden Module [Name: H8SRTanvvvkptmi.dll]
Process: svchost.exe (PID: 1464) Address: 0x10000000 Size: 81920

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: AAWService.exe (PID: 1624) Address: 0x00d10000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: spoolsv.exe (PID: 1736) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: SCardSvr.exe (PID: 1788) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTanvvvkptmi.dll]
Process: svchost.exe (PID: 1824) Address: 0x10000000 Size: 81920

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: AOLacsd.exe (PID: 1860) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: AppleMobileDeviceService.exe (PID: 1876) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: mDNSResponder.exe (PID: 1920) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: jqs.exe (PID: 300) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: MSCamS32.exe (PID: 364) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: NICCONFIGSVC.exe (PID: 432) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: RegSrvc.exe (PID: 492) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: sprtsvc.exe (PID: 532) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTanvvvkptmi.dll]
Process: svchost.exe (PID: 560) Address: 0x10000000 Size: 81920

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: wmiprvse.exe (PID: 1616) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: CALMAIN.exe (PID: 2052) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: unsecapp.exe (PID: 2140) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: alg.exe (PID: 2164) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: Ati2evxx.exe (PID: 2864) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: Explorer.EXE (PID: 2980) Address: 0x00c30000 Size: 36864

Object: Hidden Module [Name: H8SRTanvvvkptmi.dll]
Process: Explorer.EXE (PID: 2980) Address: 0x10000000 Size: 81920

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: Apoint.exe (PID: 3280) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: jusched.exe (PID: 3292) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: atiptaxx.exe (PID: 3312) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: DVDLauncher.exe (PID: 3420) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: tfswctrl.exe (PID: 3464) Address: 0x00930000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: Apntex.exe (PID: 3572) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: DMXLauncher.exe (PID: 3604) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: MediaDetect.exe (PID: 3636) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: realsched.exe (PID: 3664) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: sprtcmd.exe (PID: 3696) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: AAWTray.exe (PID: 3732) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: iTunesHelper.exe (PID: 3796) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: ctfmon.exe (PID: 3928) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: DSAgnt.exe (PID: 3996) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: GoogleToolbarNotifier.exe (PID: 4024) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: msnmsgr.exe (PID: 4036) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: ctfmon.exe (PID: 212) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: DLG.exe (PID: 1968) Address: 0x003e0000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: ymsgr_tray.exe (PID: 2344) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: iPodService.exe (PID: 2876) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTewaokxjbak.dll]
Process: RootRepeal.exe (PID: 1308) Address: 0x10000000 Size: 36864

Object: Hidden Module [Name: H8SRTjklxapuxbq.dll]
Process: iexplore.exe (PID: 2504) Address: 0x00e30000 Size: 151552

Object: Hidden Module [Name: H8SRTanvvvkptmi.dll]
Process: iexplore.exe (PID: 2504) Address: 0x10000000 Size: 81920

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8239d808 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x82064518 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x82064518 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x82064518 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x82064518 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82064518 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82064518 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82064518 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82064518 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x82064518 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82064518 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x82064518 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]
Process: System Address: 0x8239da40 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]
Process: System Address: 0x8239da40 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]
Process: System Address: 0x8239da40 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]
Process: System Address: 0x8239da40 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8239da40 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8239da40 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8239da40 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8239da40 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]
Process: System Address: 0x8239da40 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8239da40 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]
Process: System Address: 0x8239da40 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8239deb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8239deb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8239deb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8239deb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8239deb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8239deb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8239deb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8239deb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8239deb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8239deb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8239deb0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x82108eb0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x82108eb0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82108eb0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82108eb0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x82108eb0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x82108eb0 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_CREATE]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_CLOSE]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_READ]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_WRITE]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_CLEANUP]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: NpfsЅ敓摓よЂఐ卆浩, IRP_MJ_SET_SECURITY]
Process: System Address: 0x81ffbb60 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_READ]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_WRITE]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_CLEANUP]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Msfsȅ捃䙐�馈Ȃఆ䵃慖, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82158550 Size: 15

Object: Hidden Code [Driver: Cdfsȅఄ浗灩BATTCWMI, IRP_MJ_CREATE]
Process: System Address: 0x822600e8 Size: 15

Object: Hidden Code [Driver: Cdfsȅఄ浗灩BATTCWMI, IRP_MJ_CLOSE]
Process: System Address: 0x822600e8 Size: 15

Object: Hidden Code [Driver: Cdfsȅఄ浗灩BATTCWMI, IRP_MJ_READ]
Process: System Address: 0x822600e8 Size: 15

Object: Hidden Code [Driver: Cdfsȅఄ浗灩BATTCWMI, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x822600e8 Size: 15

Object: Hidden Code [Driver: Cdfsȅఄ浗灩BATTCWMI, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x822600e8 Size: 15

Object: Hidden Code [Driver: Cdfsȅఄ浗灩BATTCWMI, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x822600e8 Size: 15

Object: Hidden Code [Driver: Cdfsȅఄ浗灩BATTCWMI, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x822600e8 Size: 15

Object: Hidden Code [Driver: Cdfsȅఄ浗灩BATTCWMI, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x822600e8 Size: 15

Object: Hidden Code [Driver: Cdfsȅఄ浗灩BATTCWMI, IRP_MJ_SHUTDOWN]
Process: System Address: 0x822600e8 Size: 15

Object: Hidden Code [Driver: Cdfsȅఄ浗灩BATTCWMI, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x822600e8 Size: 15

Object: Hidden Code [Driver: Cdfsȅఄ浗灩BATTCWMI, IRP_MJ_CLEANUP]
Process: System Address: 0x822600e8 Size: 15

Object: Hidden Code [Driver: Cdfsȅఄ浗灩BATTCWMI, IRP_MJ_PNP]
Process: System Address: 0x822600e8 Size: 15

Hidden Services
-------------------
Service Name: H8SRTd.sys
Image Path: C:\WINDOWS\system32\drivers\H8SRTxfeqpxmpje.sys

==EOF==
********************************END OF ARK.TXT(ROOTREPEAL)*****************************;

BC AdBot (Login to Remove)

 


#2 nathan s

nathan s
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 22 January 2010 - 09:32 AM

Hi,

Please close my topic as I did resolve this issue. Thanks for everyone who looked at the problem.

--Nathan S

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 AM

Posted 25 January 2010 - 09:58 AM

Closed upon users request.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users