Nickispro
1 Copper

Re: Error Code 80073EFE and my HiJack This Log

Hey kevinf80,

In response the your question about the CF logs and etc, I encountered a thread virtually identical to my own and followed most of the steps in it, minus the ones where files did not directly apply to my pc (i.e they had the other user's name and folder destinations in them.). If you tell me how, I can remove the ARK and OTM files properly, and also, in relation to the P2P: Limewire and uTorrent its how I get my music. I'm aware it's a threat, but I steamrolled the risk for it, and I'm guessing it may have come back to bite me.

 

The CKScanner Log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\programdata\rosetta stone\content\rosetta.stone.v3.4.5.win.all-rbs\crack\fninterface_libfnp.dll
c:\programdata\rosetta stone\rosetta.stone.v3.4.5.win.all-rbs\crack\fninterface_libfnp.dll
c:\users\danny\desktop\rosetta.stone.v3.4.5.win.all-rbs\crack\fninterface_libfnp.dll
c:\users\danny\downloads\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\xpa-ml3.nfo
c:\users\danny\downloads\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\xpa-ml3.sfv
c:\users\danny\downloads\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\xpa-ml3\read me.txt
c:\users\danny\downloads\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\xpa-ml3\xdelta.exe
c:\users\danny\downloads\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\xpa-ml3\xpa-mal3-cracked.nds
c:\users\danny\downloads\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\xpa-ml3\xpa-mal3.nds
c:\users\danny\downloads\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\xpa-ml3\xpa-ml3.bat
c:\users\danny\downloads\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\mario_and_luigi_bowsers_inside_story_usa_crack_nds-xpa\xpa-ml3\xpa-ml3.crack
scanner sequence 3.CH.11
 ----- EOF -----

ARK Log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-03 15:36:10
Windows 6.0.6002 Service Pack 2
Running: 403ls3ub.exe; Driver: C:\Users\Danny\AppData\Local\Temp\fglcapog.sys


---- System - GMER 1.0.15 ----

SSDT            87712150                                                                                                            ZwAlpcConnectPort
SSDT            876F2890                                                                                                            ZwLoadDriver

INT 0x51        ?                                                                                                                   86F9BF00
INT 0x62        ?                                                                                                                   86F9BF00
INT 0x72        ?                                                                                                                   86F9BF00
INT 0x82        ?                                                                                                                   85692BF8
INT 0x82        ?                                                                                                                   86F9BF00
INT 0x82        ?                                                                                                                   85692BF8
INT 0x92        ?                                                                                                                   8568DBF8
INT 0xA2        ?                                                                                                                   8568DBF8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!KeInsertQueue + 32D                                                                                    820B4924 4 Bytes  [50, 21, 71, 87] {PUSH EAX; AND [ECX-0x79], ESI}
.text           ntoskrnl.exe!KeInsertQueue + 56D                                                                                    820B4B64 4 Bytes  [90, 28, 6F, 87] {NOP ; SUB [EDI-0x79], CH}
?               System32\Drivers\spnp.sys                                                                                           The system cannot find the path specified. !
.text           USBPORT.SYS!DllUnload                                                                                               8F54441B 5 Bytes  JMP 86F9B4E0
.text           aoqbsjmu.SYS                                                                                                        8F5B6000 22 Bytes  [82, B3, 01, 82, 6C, B2, 01, ...]
.text           aoqbsjmu.SYS                                                                                                        8F5B6017 45 Bytes  [00, 32, 27, F4, 8A, 3D, 25, ...]
.text           aoqbsjmu.SYS                                                                                                        8F5B6045 121 Bytes  [33, 0A, 82, 4C, 4F, 0D, 82, ...]
.text           aoqbsjmu.SYS                                                                                                        8F5B60BF 13 Bytes  [82, 00, 00, 00, 00, 00, 00, ...] {ADD BYTE [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text           aoqbsjmu.SYS                                                                                                        8F5B60CE 10 Bytes  [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text           ...                                                                                                                

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[1260] USER32.dll!TrackPopupMenu                               758F14F3 5 Bytes  JMP 654B721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3344] ntdll.dll!LdrLoadDll                                             76F79390 5 Bytes  JMP 00B113F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                               8568C2D8
IAT             \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice]                                                   [8AE70DDC] \SystemRoot\System32\Drivers\spnp.sys
IAT             \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                      [8AE70E30] \SystemRoot\System32\Drivers\spnp.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                           [8AE466D6] \SystemRoot\System32\Drivers\spnp.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [8AE46042] \SystemRoot\System32\Drivers\spnp.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [8AE46800] \SystemRoot\System32\Drivers\spnp.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                           [8AE460C0] \SystemRoot\System32\Drivers\spnp.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                     [8AE4613E] \SystemRoot\System32\Drivers\spnp.sys
IAT             \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint]                                                8568D2D8
IAT             \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                86F9B5E0
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortNotification]                                          CC358B04
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortWritePortUchar]                                        838F5DCF
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortWritePortUlong]                                        458B38C6
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    A5A5A514
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                         [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  5F8F5DA0
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortReadPortUchar]                                         30810889
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortStallExecution]                                        54771129
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortGetParentBusType]                                      10C25D5E
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortRequestCallback]                                       [8B55CC00] \SystemRoot\system32\drivers\NETIO.SYS (Network I/O Subsystem/Microsoft Corporation)
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                 084D8BEC
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  0CF0918B
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortCompleteRequest]                                       458B0000
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortMoveMemory]                                            [8B108910] \SystemRoot\system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation)
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                             000CF491
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                04508900
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  053C7980
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortReadPortUshort]                                        560C558B
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  C6127557
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortInitialize]                                            B18D0502
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortGetDeviceBase]                                         00000CF8
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[ataport.SYS!AtaPortDeviceStateChange]                                     A508788D
IAT             \SystemRoot\System32\Drivers\aoqbsjmu.SYS[NTOSKRNL.exe!KeTickCount]                                                 [8B118920] \SystemRoot\system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation)
IAT             \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint]                                               870942D8

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              856941F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{C3FC2F62-3585-450A-AF97-02FD1179CAFE}                                            877101F8
Device          \Driver\volmgr \Device\VolMgrControl                                                                                8568F1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    870811F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    870811F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    870811F8
Device          \Driver\PCI_PNP5402 \Device\00000054                                                                                spnp.sys
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                    870811F8
Device          \Driver\usbehci \Device\USBPDO-4                                                                                    86E901F8

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                             SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\USBSTOR \Device\00000070                                                                                    87648500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              8568F1F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              8568F1F8
Device          \Driver\cdrom \Device\CdRom0                                                                                        86F751F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                         856931F8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                  [8B157FA0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  856931F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  856931F8
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                       [8B157FA0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              8568F1F8
Device          \Driver\cdrom \Device\CdRom1                                                                                        86F751F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              8568F1F8
Device          \Driver\volmgr \Device\HarddiskVolume5                                                                              8568F1F8
Device          \Driver\volmgr \Device\HarddiskVolume6                                                                              8568F1F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                             877101F8
Device          \Driver\Smb \Device\NetbiosSmb                                                                                      8770C1F8
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                  870951F8

AttachedDevice  \Driver\tdx \Device\Udp                                                                                             SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                           SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\USBSTOR \Device\0000006c                                                                                    87648500
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    870811F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    870811F8
Device          \Driver\USBSTOR \Device\0000006d                                                                                    87648500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    870811F8
Device          \Driver\USBSTOR \Device\0000006e                                                                                    87648500
Device          \Driver\sptd \Device\2897907902                                                                                     spnp.sys
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                    870811F8
Device          \Driver\USBSTOR \Device\0000006f                                                                                    87648500
Device          \Driver\usbehci \Device\USBFDO-4                                                                                    86E901F8
Device          \Driver\aoqbsjmu \Device\Scsi\aoqbsjmu1Port4Path0Target0Lun0                                                        870FD1F8
Device          \Driver\aoqbsjmu \Device\Scsi\aoqbsjmu1                                                                             870FD1F8
Device          \FileSystem\cdfs \Cdfs                                                                                              888AE1F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x90 0x48 0xA4 0xBA ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xD7 0xA1 0x95 0xAD ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x80 0xF9 0x91 0xEC ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x62 0x55 0xD2 0xFB ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xD7 0xA1 0x95 0xAD ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x80 0xF9 0x91 0xEC ...

---- EOF - GMER 1.0.15 ----

All P2P programs are uninstalled.

0 Kudos