Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mal Vundo-9 HOW DO I GET RID OF IT??


  • Please log in to reply
5 replies to this topic

#1 nkrose

nkrose

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 10 April 2009 - 05:00 PM

Infected file: C:\...\pmnKBstu.dll
I have Trend Micro antivirus and an alert popped up and said this file is infected and can't be quarantine or cleaned. What all information do I need to give you and how do I do it because I am not familiar with these kinds of problems. Any help would be greatly appreciated.
Thanks for any help you can give!

Edited by The weatherman, 10 April 2009 - 05:08 PM.
Moved to a more appropriate forum. TW


BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:02:38 AM

Posted 10 April 2009 - 05:09 PM

Hi and welcome to BleepingComputer :thumbsup:

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 nkrose

nkrose
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 10 April 2009 - 06:41 PM

Malwarebytes' Anti-Malware 1.36
Database version: 1963
Windows 5.1.2600 Service Pack 2

4/10/2009 5:34:10 PM
mbam-log-2009-04-10 (17-34-10).txt

Scan type: Quick Scan
Objects scanned: 103143
Time elapsed: 18 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 31
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 3
Files Infected: 99

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\pmnKBstu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uwbpgd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Common\_helper.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\msiebbar.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e6ecd21e-c894-4660-b909-12b5268f045c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e6ecd21e-c894-4660-b909-12b5268f045c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5e4dbcf-eb99-4c43-9a89-f80da13589c2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f5e4dbcf-eb99-4c43-9a89-f80da13589c2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e6ecd21e-c894-4660-b909-12b5268f045c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f5e4dbcf-eb99-4c43-9a89-f80da13589c2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf9dac3b-a610-45e2-9801-813753e35d73} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnkbstu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnkbstu -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\HP_Administrator\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\uwbpgd.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnKBstu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\utsBKnmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utsBKnmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Common\_helper.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkujvppc.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kespgjur.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prvcqwbf.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tikvgsku.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ucrxqljj.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wcsqpuvi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\TDSS2ebe.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\ONN66FZ1\nano[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\UWD7SIG0\my[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msiebbar.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\nnnKCRHB.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnKEWoo.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqQhiIB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvTkkIy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvVmkLF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvVPjIX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvWqPgg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMcYSkh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdBUKb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMdExXn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMeDTmK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMghhIx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXOEwUo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXOEXqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRHyYS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBrrOFY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBuTMDu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkHyWOe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkiFXqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkiighE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLDUnO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLDWpO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnolLBR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcyYQkK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIAtSk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIbBSK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRjIAtQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnlkhhf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnMEVpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnnOgG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnonlJa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlkKdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnmjKcB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnoLdBU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqRHxxX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqRIyAq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awttTjHa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXQGYoO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRhEXR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRhFYr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcAPICu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGawVLB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwVLDU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGyVonL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifdCVml.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iiffDvuu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifgFVPg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCRjHa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCvvSI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaXQkL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayVmmll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayvWOgg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRLFxu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJdEvsS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJDVpPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJYqnNG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUKcaXo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkLCus.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUmjIcC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUmkhfd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUoMFVp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbAPJc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccbCtuS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccDstTl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccYrQKC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDsqRH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfGaxvw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rncsptva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUkhEtQ.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUmKDWp.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSdpgi.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

#4 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:02:38 AM

Posted 11 April 2009 - 10:39 AM

Install RootRepeal

Click here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop.
Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.
Click RootRepeal.exe to open the scanner.
Click the Report tab, now click on Scan. A Window will open asking what to include in the scan.
Check the following items:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

Click OK
Scan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report.
Name the log RootRepeal.txt and save it to your Documents folder - (Default folder).
Paste the log into your next reply.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 nkrose

nkrose
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:38 AM

Posted 11 April 2009 - 12:24 PM

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/04/11 10:36
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB69D5000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADFC000 Size: 8192 File Visible: No
Status: -

Name: rhsw.sys
Image Path: rhsw.sys
Address: 0xBA8A8000 Size: 61440 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2BBC000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

Path: C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt
Status: Size mismatch (API: 44216, Raw: 43948)

Path: C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2008-01 (Jan)\Dc442.JPG
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\01EN4PEF\%26fid%3D147216779%26ged%3D0%3A0%3Ammq3yzc5owrhmmfhymrmzcc00pwbrig6nzeok6adop9i_lixejawio6owlqpm260zfomyvvrxto71qgparfkddklmo38ri9fudtae8zzxr0z-juzunogdaofnxoj5x,;ord=1197342399
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\01EN4PEF\Top5;MN=93221689;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;ccb=1;a[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\01EN4PEF\637512%26fid%3D48322357%26ged%3D0%3A0%3Ay2izm2rlzde0zgy3ngzmysyxac-r_1broxnwitc3bqtpi1lxq92giblyishkricpqw-bvt_wlabv92cqtmpzfhtjrnbumfta-yjlz_iwhpi9cpu1igb5rify4,;ord=1197222539
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\01EN4PEF\Sp1;kw=TGT;MN=93219734;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;c[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\01EN4PEF\PF_Quot;kw=TGT;MN=93219738;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\01EN4PEF\Site_WSTopLink;MN=93227468;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\01EN4PEF\Site_WS_3;MN=93232654;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;cc[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\01EN4PEF\6D.styles%3Dleaderboard%26rnd%3D746457056%26ged%3D0%3A0%3Amdzkmdmzmtq0ywm4ytvholo8oh05pjhjhiez9jd0hqk-l5ziestnviwfzhloehpcj4mvmagpibsscbpygixw5gfoe71qksikkd4pzkw,;ord=1197302183
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\01EN4PEF\6rnd%3D115911907%26ged%3D0%3A0%3Angyymdzjymfkyji0mdjizx70xc5xvzbxh8rlcbxgwnqqlftzjssli6utl4kckxyqqkyyntr6_6lqfwrcsl7rxnysmvdymql5yous8xtgtvnekg-rdfbi-krnd1lbkyu5,;ord=1197291754
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\01EN4PEF\6rnd%3D303230279%26ged%3D0%3A0%3An2iyotmzotuwzdkynteymceoh4hetdtwak-9tlvuofabs5ktwxwtcwdby5uktez5gnrtxvqcan7h6hsvjt_jrm3c-6drhg2707tvjxd3jj0gorcenzpw69rksgxokb_k,;ord=1197340329
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TQVW1EB\g%3D1%26ega%3D25%26ged%3D0%3A0%3An2iyotmzotuwzdkynteymceoh4hetdtwak-9tlvuofabs5ktwxwtcwdby5uktez5gnrtxvqcan7h6hsvjt_jrm3c-6drhg2707tvjxd3jj0gorcenzpw69rksgxokb_k,;ord=1197340311
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TQVW1EB\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNJREVOVElGSUVSBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbGNnBGlzZXh0AzAEaXQDc2hvcnRjdXRzOi91cy9pbnN0YW5jZS9pZGVud[1].adNoOp&fr=csc_ymailcg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TQVW1EB\fcHandoff%2CSW2%3A!fcHandoff%2CSW3%3A!fcHandoff%26f%3D150550152%26p%3Dmail_candygram%26id%3D6%26cbk%3DfcLoaded%26bg%3Dtransparent%26tgt%3D_blank%26hs%3D2%26en%3Diso-8859-1%2&r=0
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TQVW1EB\6rnd%3D846033402%26ged%3D0%3A0%3Azwq0y2uzzgzlnzfjymuzzbpuyobss5ffysljzr-osyjmetzkpsybb-b3tsxeqpimjxww9ubpzspflf52a2ofdsqy2dtdirtrqf6ywd1-ydatl7acygp7v34xxlb37yrg,;ord=1196552993
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TQVW1EB\Site_WST3;MN=93227132;wm=o;rsi=10437;rsi=10436;rsi=10443;rm=1;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=61x21;tile=3;dcove=d;ord=464204865[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TQVW1EB\dref=http%253A%252F%252Fmessaging.myspace.com%252Findex.cfm%253Ffuseaction%253Dmail[1].friendRequests%2526MyToken%253D2458f211-6177-45eb-8d1e-56cdb374df24
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0TQVW1EB\dref=http%253A%252F%252Fmessaging.myspace.com%252Findex[1].sent%2526type%253D%2526messageID%253D0%2526fed%253DTrue%2526compose%253D0%2526friendID%253D218361538
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\4DIRGPQJ\dref=http%253A%252F%252Fviewmorepics.myspace.com%252Findex[1].editAlbumPhotos%2526albumID%253D1170205%2526MyToken%253D4e2f6780-1feb-45e5-b06f-e9db303f13b1
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\4DIRGPQJ\dref=http%253A%252F%252Fviewmorepics.myspace.com%252Findex[1].editAlbumPhotos%2526albumID%253D1326750%2526MyToken%253D2edb17b7-6de4-4be1-bf77-3d6ed233fba1
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\4DIRGPQJ\Site_WSD_3;MN=93227138;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;c[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\892ZW16V\6rnd%3D325393368%26ged%3D0%3A0%3Angyymdzjymfkyji0mdjizx70xc5xvzbxh8rlcbxgwnqqlftzjssli6utl4kckxyqqkyyntr6_6lqfwrcsl7rxnysmvdymql5yous8xtgtvnekg-rdfbi-krnd1lbkyu5,;ord=1197291757
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\892ZW16V\5O.styles%3Dleaderboard%26rnd%3D749818283%26ged%3D0%3A0%3Amdzkmdmzmtq0ywm4ytvholo8oh05pjhjhiez9jd0hqk-l5ziestnviwfzhloehpcj4mvmagpibsscbpygixw5gfoe71qksikkd4pzkw,;ord=1197301720
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\892ZW16V\eg%3D1%26ega%3D28%26ged%3D0%3A0%3Aoduwmwy4ngrkmtkwndiwoudqfjtu4iaqu5pskqizukfy3qctze79okafwrjv21z5gadxapyhhpulesoofbrqg4jvfiv7fsim_3v0o54bz7itwpqhuzd6vpn4fsc_u8g,;ord=1196738993
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMV0XQZ\6rnd%3D744251251%26ged%3D0%3A0%3Amjfhzdvlywiynme5otczyem0l7ng6kf38hb1d1qwamfu2j4usk1jdmhkt7lwo_4rvpktc5vbkz2dyvlesgprgjw2slugvr_9ccm1ze0c0deqzc0bhpgtcpdy3npi7cs2,;ord=1197378354
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMV0XQZ\click,fxA5AMC1AwAnzQgASywDAAIAAAAAAP8AAAAGFAIAAgLoSwQAjdoEAAAAAAAAAAAAAAAA[2].com%2Fsports%2520bar%2520and%2520grill%2Frestaurant%2Fcamby%2Fin%2Fus%2Fregion-126,;ord=1197072007
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMV0XQZ\click,gNstAObCAgBZwwgAeCQDAAAAEAAAAAAACgAHCgIAAgPCPAIAPWYDAD7PBAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6rWkcAAAAA,,http%3A%2F%2Fwww.myhotcomments.com%2Fgraphics[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMV0XQZ\click,XVAEAIyHAgBK9wgAZxUDAAABVAAAAAUAAgAHEwIABgMvaQIAXooDABG6BAAAAAAAAAAAAAAAAAAAAAAAAAAAAPskW0cAAAAA,,http%3A%2F%2Fwww.wishafriend[2].com%2Fquotes%2F,;ord=1197155579
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMV0XQZ\click,6CEAADhmAwAehwgAG.8CAAIBPAAAAP8AAAAHFAIABgN-qgMA5zYDABWdBAAAAAAAAAAAAAAAAAAAAAAAAAAAAJr9UUcAAAAA,,http%3A%2F%2Fwww.mygirlyspace[2].html,;ord=1196555674
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMV0XQZ\85.styles%3Dleaderboard%26rnd%3D374901439%26ged%3D0%3A0%3Amdzkmdmzmtq0ywm4ytvholo8oh05pjhjhiez9jd0hqk-l5ziestnviwfzhloehpcj4mvmagpibsscbpygixw5gfoe71qksikkd4pzkw,;ord=1197302193
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMV0XQZ\PF_Top5Feature;MN=93220013;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMV0XQZ\Site_WSA_3;MN=93227135;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;c[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMV0XQZ\Site_WSA_3_Shop;MN=93238360;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;u[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMV0XQZ\Site_WSB_3_Shop;MN=93238361;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;u[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMV0XQZ\dref=http%253A%252F%252Fmessaging.myspace.com%252Findex.cfm%253Ffuseaction%253Dmail[1].friendRequests%2526MyToken%253Dec4583b8-4e87-476d-b755-cc3770fb8991
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8LMV0XQZ\081404%26fid%3D22230699%26ged%3D0%3A0%3Anjg5ywzlzdfhywqwytiyztyfmqvn0ksirndhffdmyke1j_wgm2t-_z51q9r_wjxdgmpmgqsv8gdaxoxklro--uojfxezeidflv0jcbyf6rovxr0ywqtopdxtj,;ord=1197311872
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8PQBGXYB\Main;MN=93192002;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;ccb=1;a[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8PQBGXYB\Sp2;kw=TGT;MN=93219735;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;c[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8PQBGXYB\dref=http%253A%252F%252[1].reply%2526friendId%253D124809213%2526type%253DInbox%2526messageID%253D317875659%2526fed%253DTrue%2526MyToken%253D9c7c13d0-e262-430b-876c-13144ff16aae
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8PQBGXYB\Site_WST3;MN=93227132;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;cc[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8PQBGXYB\Site_WS_3;MN=93227127;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;cc[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\8PQBGXYB\Site_WS_3;MN=93227127;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;cc[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9IBC5UN\nd%3D515617800%26fid%3D159736867%26ged%3D0%3A0%3AODM4NDhmN2RlYTIyYmZkZMEPckI11LkpGlZ3SVGxgHE9xFePuWrnKqV9Qkod1a_y-Du2m9khRS-SIFqy1hhNT4Fecno9DCzmQ56sedi3Wa4tOBdXx--RALZCkNFgD3e8
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9IBC5UN\Site_WSB_3;MN=93227136;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;c[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9IBC5UN\Site_WSD_3;MN=93227138;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;c[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9IBC5UN\6rnd%3D737738874%26ged%3D0%3A0%3Angyymdzjymfkyji0mdjizx70xc5xvzbxh8rlcbxgwnqqlftzjssli6utl4kckxyqqkyyntr6_6lqfwrcsl7rxnysmvdymql5yous8xtgtvnekg-rdfbi-krnd1lbkyu5,;ord=1197291782
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G9IBC5UN\464549%26fid%3D22230699%26ged%3D0%3A0%3Anjg5ywzlzdfhywqwytiyztyfmqvn0ksirndhffdmyke1j_wgm2t-_z51q9r_wjxdgmpmgqsv8gdaxoxklro--uojfxezeidflv0jcbyf6rovxr0ywqtopdxtj,;ord=1197311811
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\JP1FI22H\Site_WSA_3;MN=93227135;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;c[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\JP1FI22H\Site_WSA_3;MN=93227135;wm=o;rsi=10437;rsi=10436;rsi=10443;rm=1;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=291x30;tile=5;dcove=d;ord=464204865[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\JP1FI22H\6rnd%3D171162074%26ged%3D0%3A0%3Am2fmywjhzmu1ztk1nzzhnvk6ckfwkb4zycunyv1xpxc88vlow5gcpi7nh91trb3u2fu3-89tonhaizjhkxhse7bupwpgtiuzp5mjawzshreodzjueho8ygaqcifqpj10,;ord=1197071806
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\JP1FI22H\184272%26fid%3D140148024%26ged%3D0%3A0%3Anmvjmmnjn2i3ntq0mjqynhuu-nzgl2cwnvnnqhhkkqqslwwidx8fcky1h31pe5zrf8ey7uy4kuk4w0l3qnh4wkhdgygxl0zseylphped6buv5jxjontmwerk,;ord=1197314850
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\JP1FI22H\apmMJloTfIYbj9Ut7Tm6fLnsjqpHYH5E3k3Hur3ABJmUvZc0GYRXV3Y1GJnnErQ5FvTTFfGW6f0RqnXPVYMSdfr0HvnTPfp2cB3YFBZbVmup5mZb8Q6jH2dnO1d3IpdEn3mUV5V7fUsJbVcZb7S6ZbvTdvWUUMhOhRbxJ[1].gif
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\JP1FI22H\Site_WSB_3;MN=93227136;wm=o;rsi=10437;rsi=10436;rsi=10443;rm=1;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=291x30;tile=9;dcove=d;ord=464204865[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\JP1FI22H\click,gNstAObCAgBZwwgAeCQDAAAAQAAAAAUACgAHCgIAAgPCPAIAPWYDAD7PBAAAAAAAAAAAAAAAAAAAAAAAAAAAAHasWkcAAAAA,,http%3A%2F%2Fwww.myhotcomments.com%2Fgraphics[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\JP1FI22H\dref=http%253A%252F%252Fcomment.myspace.com%252Findex[1].viewProfile_commentForm%2526friendID%253D54558123%2526MyToken%253Da95db501-8b98-4e3f-847a-9f3c88bb7ed5
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\JP1FI22H\dref=http%253A%252F%252Fmessaging.myspace.com%252Findex.cfm%253Ffuseaction%253Dmail[1].friendRequests%2526MyToken%253Dec4583b8-4e87-476d-b755-cc3770fb8991
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\JP1FI22H\dref=http%253A%252F%252Fviewmorepics.myspace.com%252Findex.cfm%253Ffuseaction%253Duser[1].editAlbums%2526MyToken%253D844cd05f-1de4-49ca-860d-18400d2243c6
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1Y3SPAV\Z0.styles%3Dleaderboard%26rnd%3D506374426%26ged%3D0%3A0%3Azgnhm2uxnmm0ymqyzmnkmzrbvq85lcxbuok5xmo3vxwv6jku27ggspk8vobpm1rskxunvucheio_dm3s74zjfmibswff-wxach2tw9s,;ord=1196553665
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1Y3SPAV\6rnd%3D325393368%26ged%3D0%3A0%3Angyymdzjymfkyji0mdjizx70xc5xvzbxh8rlcbxgwnqqlftzjssli6utl4kckxyqqkyyntr6_6lqfwrcsl7rxnysmvdymql5yous8xtgtvnekg-rdfbi-krnd1lbkyu5,;ord=1197291757
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1Y3SPAV\W9.styles%3Dleaderboard%26rnd%3D607806449%26ged%3D0%3A0%3Azgnhm2uxnmm0ymqyzmnkmzrbvq85lcxbuok5xmo3vxwv6jku27ggspk8vobpm1rskxunvucheio_dm3s74zjfmibswff-wxach2tw9s,;ord=1196553677
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1Y3SPAV\click,6CEAADhmAwARhwgAHP8CAAABDAAAAAsAAgAHFAIACgN-qgMA5zYDABedBAAAAAAAAAAAAAAAAAAAAAAAAAAAAHj9UUcAAAAA,,http%3A%2F%2Fwww.mygirlyspace[2].htm,;ord=1196555640
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1Y3SPAV\click,Zz0sALH5AwCnXAMAbJcBAAAAIAAAAA0ABAACDwIABAOE2wQA2gUAAOmXAgAAAAAAAAAAAAAAAAAAAAAAAAAAAJGPXUcAAAAA,http%3A%2F%2Fwww.burstnet[2].com%2F%3Fview%3D4,;ord=1197313937
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1Y3SPAV\;_ylc=X1MDOTc1NDYxNjgEX3IDMgRjYXRlZ29yeQNJREVOVElGSUVSBGV4dGZyb20DBGZiAzAEZnJjb2RlA2NzY195bWFpbGNnBGlzZXh0AzAEaXQDc2hvcnRjdXRzOi91cy9pbnN0YW5jZS9pZGVud[1].adNoOp&fr=csc_ymailcg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\K1Y3SPAV\Site_WSA_3;MN=93227135;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;c[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KLIF4PAJ\dref=http%253A%252F%252Fmessaging.myspace.com%252Findex.cfm%253Ffuseaction%253Dmail[1].friendRequests%2526MyToken%253D2458f211-6177-45eb-8d1e-56cdb374df24
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KLIF4PAJ\Site_WST3;MN=93227132;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;cc[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KLIF4PAJ\Site_WS_3;MN=93236004;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;cc[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KLIF4PAJ\click,6CEAADL9AgBuwwgAeSQDAAAATAAAAAAABQAHEQIAAgNkzgIAh1QDAD.PBAAAAAAAAAAAAAAAAAAAAAAAAAAAADMMW0cAAAAA,,http%3A%2F%2Fmygirlyspace.com%2Fads%2F300x250-topcube-2[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KT6FK1QN\6rnd%3D156771821%26ged%3D0%3A0%3Azjcwytk5mmqznju5yzvmzamd_57tyqrlhhp3lsstgylpwvs2tpqeovpcr7ahzopvhmdbnhnkt0t4jybbq8u2t_5lwojcfbebp0yc1hkjpagtdh3b31b5rkskgscw9juw,;ord=1197310224
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KT6FK1QN\717516%26fid%3D54558123%26ged%3D0%3A0%3Anzdhmmmym2mwnda2mmrimjdks2mc8zt89fmwomu_8c9kroghrve-bsdjpp-t8yinti4-atdr2h6sqjda9fldhd5v9ybcjeno_bd1t4jy9y_khpna2gc4d-us0,;ord=1197262739
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KT6FK1QN\PF_Quot&Port;kw=TGT;MN=93208183;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KT6FK1QN\Site_WSB_3;MN=93227136;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;c[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KT6FK1QN\dref=http%253A%252F%252Fmessaging.myspace.com%252Findex.cfm%253Ffuseaction%253Dmail[1].friendRequests%2526MyToken%253Dec4583b8-4e87-476d-b755-cc3770fb8991
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KT6FK1QN\dref=http%253A%252F%252Fviewmorepics.myspace.com%252Findex.cfm%253Ffuseaction%253Duser[1].editAlbums%2526MyToken%253D5d524164-8554-497e-beaa-e2ec54e258a5
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KXMFSP6Z\4D.styles%3Dleaderboard%26rnd%3D807099191%26ged%3D0%3A0%3Amdzkmdmzmtq0ywm4ytvholo8oh05pjhjhiez9jd0hqk-l5ziestnviwfzhloehpcj4mvmagpibsscbpygixw5gfoe71qksikkd4pzkw,;ord=1197302160
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KXMFSP6Z\Site_WSB_3;MN=93227136;wm=o;rsi=10437;rsi=10436;rsi=10443;rm=1;!c=d-gif;!c=d-jpg;!c=d-imrd;!c=d-fls;!c=d-jav;!c=d-dxp;!c=d-pxp;sz=291x30;tile=9;dcove=d;ord=463481662[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KXMFSP6Z\Site_WSB_3_Shop;MN=93238361;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;u[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\KXMFSP6Z\Site_WS_3;MN=93232654;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;cc[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OX634T6Z\fcHandoff%2CSW2%3A!fcHandoff%2CSW3%3A!fcHandoff%26f%3D150550782%26p%3Dmail_candygram%26id%3D7%26cbk%3DfcLoaded%26bg%3Dtransparent%26tgt%3D_blank%26hs%3D2%26en%3Diso-8859-1%2&r=0
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OX634T6Z\click,6CEAADL9AgBuwwgAeSQDAAAAQAAAAAAABQAHEQIAAgNkzgIAh1QDAD.PBAAAAAAAAAAAAAAAAAAAAAAAAAAAACkMW0cAAAAA,,http%3A%2F%2Fmygirlyspace.com%2Fads%2F300x250-topcube-2[2].2
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OX634T6Z\6rnd%3D339608557%26ged%3D0%3A0%3Amjfhzdvlywiynme5otczyem0l7ng6kf38hb1d1qwamfu2j4usk1jdmhkt7lwo_4rvpktc5vbkz2dyvlesgprgjw2slugvr_9ccm1ze0c0deqzc0bhpgtcpdy3npi7cs2,;ord=1197378459
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OX634T6Z\6rnd%3D649681733%26ged%3D0%3A0%3Azgnhm2uxnmm0ymqyzmnkmzrbvq85lcxbuok5xmo3vxwv6jku27ggspk8vobpm1rskxunvucheio_dm3s74zjfmibswff-wxach2tw9s3-qwan2akwbe4qvhbcrfwkb8a,;ord=1196553859
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OX634T6Z\dref=http%253A%252F%252Fmessaging.myspace.com%252Findex[1].sent%2526type%253D%2526messageID%253D0%2526fed%253DTrue%2526compose%253D0%2526friendID%253D288859073
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OX634T6Z\Y9.styles%3Dleaderboard%26rnd%3D705667168%26fid%3D140148024%26ged%3D0%3A0%3Amdzkmdmzmtq0ywm4ytvholo8oh05pjhjhiez9jd0hqk-l5ziestnviwfzhloehpcj4mvmagpibsscbpygixw5,;ord=1197302150
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OX634T6Z\Site_WSTopLink;MN=93227468;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OX634T6Z\Site_WS_3;MN=93227127;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;cc[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OX634T6Z\Sp3;kw=TGT;MN=93219736;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;c[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OX634T6Z\Sp4;kw=TGT;MN=93219737;u=780795C614C6B7A2;wm=o;rsi=10437;rsi=10436;rsi=10443;rsi=10609;rsi=10888;rm=1;inc=7;r105=1;chl=1;mar=1;hme=2;r5=1;r23=1;r190=1;chn=1;dwe=1;ug=2;c[1]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OX634T6Z\AccountOverview-inside;lang=en_US;acct=prem;resid=US;DC=F;bcapp=F;bcpre=F;ver=T;F1=f;F2=f;F3=f;F4=f;F5=f;F6=f;F7=f;F8=f;F9=f;F10=f;F11=f;F12=f;F13=f;F14=f;F15=f;F16=f;F1[2]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\HP_Administrator\Local SetSSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x88d0dc60

#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x88d0d160

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x88d0d420

#: 050 Function Name: NtCreateSection
Status: Hooked by "<unknown>" at address 0x88d0e920

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x88d0efa0

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x88d0e1e0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x88d0e4a0

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x88d0f140

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x88d0ec60

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x88d0d6e0

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x88d0eac0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x88d0df20

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x88d0d9a0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x88d0ee00

#6 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:02:38 AM

Posted 11 April 2009 - 03:38 PM

Please update and rerun malwarebytes in Full mode

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users