BleepingComputer.com: Think im infected loads of errors

Serious? I can't use this computer can't install anything can't even load internet explorer.

It's been 9 days and nothing has happend.

Lost your emails?? Not sure where we stand and which machine we are working now.

We Need to check for Rootkits with RootRepeal

• Download RootRepeal from the following location and save it to your desktop.
  • Direct Download (Recommended)
    • Primary Mirror
      
    • Secondary Mirror
      
    • Secondary Mirror
      
    • Secondary Mirror
    
    
  • Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
    
    • Primary Mirror
      
      
    • Secondary Mirror
      
      
    • Secondary Mirror
    
    
  • Rar Mirrors - Only if you know what a RAR is and can extract it.
    
    • Primary Mirror
      
      
    • Secondary Mirror
      
      
    • Secondary Mirror
  
  
• Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  
• Open on your desktop.
  
• Click the tab.
  
• Click the button.
  
• Check all seven boxes:
  
• Push Ok
  
• Check the box for your main system drive (Usually C:), and press Ok.
  
• Allow RootRepeal to run a scan of your system. This may take some time.
  
• Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/12/20 15:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF4D20000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A70000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF3B94000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7b81a16

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7b81a0c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7b81a1b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7b81a25

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7b81a2a

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7b819f8

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7b819fd

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7b81a34

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7b81a2f

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7b81a20

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7b81a07

==EOF==

This post has been edited by samuel3: 20 December 2010 - 09:57 AM

Bump.

Since there are no reactions to the tools we need to try a rescue CD.
Try creating this disk and boot off of it. You will need another computer to make this disk on.
Avira AntiVir Rescue System
Tutorial for Avira Rescue CD

Says Burning Cd has failed!' What disk do i need? I used a Cd-r

This is the only other option asisde from a wipe and reinstall that I can think of.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.

Done it - http://www.bleepingcomputer.com/forums/topic369310.html

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.