Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

forever windows problems - running scans from a bootable cd


  • This topic is locked This topic is locked
No replies to this topic

#1 kistonw

kistonw

  • Banned
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 04 May 2016 - 12:03 AM

i believe my windows 10 install disc is infected with an autorun, regardless ill make this quick, i hope this is ok. this is a rogue killer scan that only found thing while booting off of hirens cd, which im on atm.

 

 

Operating System : Windows XP (5.1.2600) 32 bits version
Started in : Normal mode
User : SYSTEM [Administrator]
Started from : B:\Temp\HBCD\Opera\profile\temporary_downloads\RogueKiller.exe
Mode : Delete -- Date : 05/03/2016 07:43:39

¤¤¤ Processes : 1 ¤¤¤
[VT.Win32/Heur] keybtray.exe(1704) -- X:\I386\System32\keybtray.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 147 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\2310_00 (2310_00.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\272x_1x (272X_1X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\274x_3x (274X_3X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\3124r5A (3124R5A.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\3124r5A2 (3124R5A2.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\3132R5C (3132R5C.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\3132R5C2 (3132R5C2.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\3132R5C3 (3132R5C3.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\3132R5C4 (3132R5C4.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\3wareDrv (3WAREDRV.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\3WAREGSM (3WAREGSM.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\3wDrv100 (3WDRV100.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\a320raid (A320RAID.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aac (AAC.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aacsas (AACSAS.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aar1210 (AAR1210.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aar81xx (AAR81XX.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\adp3132 (ADP3132.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\adp94xx (ADP94XX.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\adpu320 (ADPU320.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aec6210 (AEC6210.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aec6260 (AEC6260.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aec6280 (AEC6280.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aec67160 (AEC67160.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AEC671X (AEC671X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AEC6880 (AEC6880.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aec6897 (AEC6897.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aec68x5 (AEC68X5.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AHCI6XX (AHCI6XX.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AHCIX700 (AHCIX700.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AHCIX80X (AHCIX80X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AMDBUSDR (AMDBUSDR.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AMDIDE (AMDIDE.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\arcm_x86 (ARCM_X86.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\asahxp32 (ASAHXP32.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ASH1205 (ASH1205.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ATIIDE (ATIIDE.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDA1000 (CDA1000.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cercsr6 (CERCSR6.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cpqarry2 (CPQARRY2.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cpqcissm (CPQCISSM.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dac2w2k (DAC2W2K.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\exfat (exfat.sys) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FAST2XXP (FAST2XXP.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FastSx (FASTSX.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fasttrak (FASTTRAK.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FST376XP (FST376XP.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fttxr52P (FTTXR52P.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fttxr54P (FTTXR54P.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fttxr5_O (FTTXR5_O.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HpCISSm2 (HPCISSM2.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hpt374 (HPT374.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hpt3xx (HPT3XX.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hptiop (HPTIOP.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hptmv (HPTMV.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hptmv6 (HPTMV6.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor2 (IASTOR2.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iaStor3 (IASTOR3.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IASTOR6 (IASTOR6.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IASTOR7 (IASTOR7.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ide376xp (IDE376XP.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\INIC162X (INIC162X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ipsraidn (IPSRAIDN.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iteatapi (ITEATAPI.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iteraid (ITERAID.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\JRAID (JRAID.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m5228 (M5228.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m5281 (M5281.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m5287 (M5287.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m5288 (M5288.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m5289 (M5289.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MegaIDE (MEGAIDE.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MegaINTL (MEGAINTL.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\megasas (MEGASAS.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MegaSR (MEGASR.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mv614x (MV614X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mv61xx (MV61XX.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MV61XXMM (MV61XXMM.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mv64xx (MV64XX.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MV64XXMM (MV64XXMM.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mv91xx (MV91XX.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mvSata (MVSATA.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MVXXMM (MVXXMM.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NFRD960X (NFRD960X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nusb3hub (nusb3hub.sys) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nusb3xhc (nusb3xhc.sys) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nvata (NVATA.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nvatabus (NVATABUS.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NVATARD (NVATARD.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nvgts5 (NVGTS5.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NVGTS6 (NVGTS6.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NVGTS6R (NVGTS6R.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NVGTS7 (NVGTS7.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NVGTS7R (NVGTS7R.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NVLEGACY (NVLEGACY.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nvraid (NVRAID.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nvrd325 (NVRD325.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NVRD327R (NVRD327R.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Pnp649r (PNP649R.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Pnp680 (PNP680.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Pnp680r (PNP680R.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PRFSX4XP (PRFSX4XP.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ql2100 (QL2100.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ql2200 (QL2200.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\raidsrc (RAIDSRC.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ramdisk (ramdisk.sys) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rr172x (RR172X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rr174x (RR174X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rr232x (RR232X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rr2340 (RR2340.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rr2644 (RR2644.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rr2680 (RR2680.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rr26xx (RR26XX.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rr276x (RR276X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rr62x (RR62X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rr64x (RR64X.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\S150sx8 (S150SX8.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SAS2XP86 (SAS2XP86.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\setupdd (setupdd.sys) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SI3112 (SI3112.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SI3112r (SI3112R.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SI3114 (SI3114.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SI3114r (SI3114R.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Si3114r5 (SI3114R5.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SI3124 (SI3124.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SI3124r (SI3124R.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SI3132B (SI3132B.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Si3132B2 (SI3132B2.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Si3132B3 (SI3132B3.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Si3132B4 (SI3132B4.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SI3132B5 (SI3132B5.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Si3531 (SI3531.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SISIDE (SISIDE.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SiSRaid (SISRAID.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SiSRaid2 (SISRAID2.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SiSRaid4 (SISRAID4.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sptrak (SPTRAK.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\symmpi (SYMMPI.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SYMMPIV (SYMMPIV.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UlSata (ULSATA.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ulsata2 (ULSATA2.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\viamraid (VIAMRAID.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\viapdsk (VIAPDSK.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vmscsi (VMSCSI.SYS) -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VSTXWDC (VSTXWDC.SYS) -> Deleted
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Replaced (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 70 (Driver: Loaded) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwFlushWriteBuffer[81] : B:\I386\SYSTEM32\HALAACPI.DLL @ 0xffffffff80a1e6c2 (call dword [0x8080063c])
[ShwSSDT:Inl(Hook.Shadow)] NtGdiFONTOBJ_pxoGetXform[641] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8080da15 (call dword [0xbf98cb60])
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CREATE_NAMED_PIPE[1] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_READ[3] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_WRITE[4] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_QUERY_INFORMATION[5] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SET_INFORMATION[6] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_QUERY_EA[7] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SET_EA[8] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_FLUSH_BUFFERS[9] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SET_VOLUME_INFORMATION[11] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_DIRECTORY_CONTROL[12] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_FILE_SYSTEM_CONTROL[13] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SHUTDOWN[16] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_LOCK_CONTROL[17] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CLEANUP[18] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CREATE_MAILSLOT[19] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_QUERY_SECURITY[20] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SET_SECURITY[21] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_DEVICE_CHANGE[24] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_QUERY_QUOTA[25] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SET_QUOTA[26] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_CREATE[0] : B:\I386\SYSTEM32\DRIVERS\CLASSPNP.SYS @ 0xfffffffff764dbb0
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_CREATE_NAMED_PIPE[1] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_CLOSE[2] : B:\I386\SYSTEM32\DRIVERS\CLASSPNP.SYS @ 0xfffffffff764dbb0
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_READ[3] : B:\I386\SYSTEM32\DRIVERS\CLASSPNP.SYS @ 0xfffffffff7647d1f
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_WRITE[4] : B:\I386\SYSTEM32\DRIVERS\CLASSPNP.SYS @ 0xfffffffff7647d1f
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_QUERY_INFORMATION[5] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_SET_INFORMATION[6] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_QUERY_EA[7] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_SET_EA[8] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_FLUSH_BUFFERS[9] : B:\I386\SYSTEM32\DRIVERS\CLASSPNP.SYS @ 0xfffffffff76482e2
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_SET_VOLUME_INFORMATION[11] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_DIRECTORY_CONTROL[12] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_FILE_SYSTEM_CONTROL[13] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_DEVICE_CONTROL[14] : B:\I386\SYSTEM32\DRIVERS\CLASSPNP.SYS @ 0xfffffffff76483bb
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : B:\I386\SYSTEM32\DRIVERS\CLASSPNP.SYS @ 0xfffffffff764bf28
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_SHUTDOWN[16] : B:\I386\SYSTEM32\DRIVERS\CLASSPNP.SYS @ 0xfffffffff76482e2
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_LOCK_CONTROL[17] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_CLEANUP[18] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_CREATE_MAILSLOT[19] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_QUERY_SECURITY[20] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_SET_SECURITY[21] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_POWER[22] : B:\I386\SYSTEM32\DRIVERS\CLASSPNP.SYS @ 0xfffffffff7649c82
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_SYSTEM_CONTROL[23] : B:\I386\SYSTEM32\DRIVERS\CLASSPNP.SYS @ 0xfffffffff764e99e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_DEVICE_CHANGE[24] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_QUERY_QUOTA[25] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_SET_QUOTA[26] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\disk - IRP_MJ_PNP[27] : B:\I386\SYSTEM32\DRIVERS\CLASSPNP.SYS @ 0xfffffffff764dc93
[IRP:Addr(Hook.IRP)] \Driver\disk - DriverUnload[29] : B:\I386\SYSTEM32\DRIVERS\CLASSPNP.SYS @ 0xfffffffff764e4b4
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_CREATE_NAMED_PIPE[1] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_WRITE[4] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_QUERY_INFORMATION[5] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_SET_INFORMATION[6] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_QUERY_EA[7] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_SET_EA[8] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_QUERY_VOLUME_INFORMATION[10] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_SET_VOLUME_INFORMATION[11] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_DIRECTORY_CONTROL[12] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_FILE_SYSTEM_CONTROL[13] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_SHUTDOWN[16] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_LOCK_CONTROL[17] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_CREATE_MAILSLOT[19] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_QUERY_SECURITY[20] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_SET_SECURITY[21] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_DEVICE_CHANGE[24] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_QUERY_QUOTA[25] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_SET_QUOTA[26] : B:\I386\SYSTEM32\NTKRNLMP.EXE @ 0xffffffff8082387e

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a44dd3e3a91b6331af623f3d65e38927
[BSP] bb2085df37a30a04b40ceb9233d1c6e1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 953367 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] b43f4f3018cb4506acc3d589a5272300
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 15003 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

any1 got a clue? am i def infected? these reappear.



BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users