Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected by mal_otorun2


  • Please log in to reply
18 replies to this topic

#1 Dylanz Of Dylanz

Dylanz Of Dylanz

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 01 August 2009 - 02:36 AM

i wake up early today and turned on my pc,and some sort of error pop out,i forgot what the message was.when i tried to run any of my programs in my D drive,this error appeared.below is an error message opening an application located in d drive.btw,im running win xp home
---------------------------
Problem with Shortcut
---------------------------
The drive or network connection that the shortcut 'Frozen Throne.lnk' refers to is unavailable. Make sure that the disk is properly inserted or the network resource is available, and then try again.
---------------------------
OK
---------------------------

when i double-click the d-drive in my computer,this error appears.
---------------------------
Disk is not formatted
---------------------------
The disk in drive D is not formatted.



Do you want to format it now?
---------------------------
Yes No
---------------------------

i tried opening it in safe mode but instead it says drive is corrupted.

i ran a trend micro virus scan earlier and it detected the following

File | Threat | Type | Action |
Autorun.inf | Mal_Otorun2 | Virus | Unable to fix |

i tried scanning with malwarebytes,but it skipped scanning d-drive.
any help is appreciated.

Edited by Dylanz Of Dylanz, 01 August 2009 - 02:40 AM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:25 AM

Posted 01 August 2009 - 08:40 AM

i tried scanning with malwarebytes,but it skipped scanning d-drive.


You need to do a FULL scan for all drives
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Dylanz Of Dylanz

Dylanz Of Dylanz
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 01 August 2009 - 09:47 AM

i clicked on full scan and ticked to scan on all drives.but it still skipped d drive.because i watched the "currently scanning" there's no d drive

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:25 AM

Posted 01 August 2009 - 06:50 PM

Your D: drive is a hard disk and not a CD/DVD drive correct??
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Dylanz Of Dylanz

Dylanz Of Dylanz
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 01 August 2009 - 11:34 PM

yes.its a hard disk.

#6 Dylanz Of Dylanz

Dylanz Of Dylanz
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 02 August 2009 - 05:07 AM

below is an image showing my D drive,which i think causes antivirus softwares to not scan this drive,and i cannot access it.
Posted Image

Edited by Dylanz Of Dylanz, 02 August 2009 - 10:52 AM.


#7 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:25 AM

Posted 02 August 2009 - 06:52 PM

If it is indeed that full then yes that's a problem

WinDirStat is a helpful utility that shows what all is on any given drive in order to help you purge some items and free up space
WinDirStat download:
http://sourceforge.net/projects/windirstat/
Whitepaper:
http://windirstat.info/
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 Dylanz Of Dylanz

Dylanz Of Dylanz
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 03 August 2009 - 12:51 AM

im sure its not disk space full and i run windirstat there's no D drive.i believe some autorun.inf did something to my hard disk


[edit]
now i can access my d drive and also able to run wit windirstat.but inside my d drive everything's empty,although i ticked to show hidden files and folders.but when i right click on the properties,it has 6gb used space,4gb free space,yet not a single file in the hard disk.

i think the virus somehow blocked me and other softwares from viewing the contents in d drive.because i randomly copy a file into the hd and nothing appears.the file i copy is not there.but if i copy the second time,it askes me whether to replace the file or not.so i think that although the d drive appears empty but in fact there are still files there,but can not be viewed/accessed.

Edited by Dylanz Of Dylanz, 03 August 2009 - 05:09 AM.


#9 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:25 AM

Posted 03 August 2009 - 07:35 PM

Try scanning with SAS and Dr Web CureIt



ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

------------------------------------

SAS,may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
-----------------------------------------

Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#10 Dylanz Of Dylanz

Dylanz Of Dylanz
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 04 August 2009 - 08:57 AM

tried all the steps given.none of them detects anything.they just wont scan D drive.i think that's the problem.below is a screenshot of
1)the contents in d drive,opened in safe mode.they have strange letters.
2)the error message when i opened one of the files.
3)two strange processes in task manager.
and lastly followed by SuperAntiSpyware log,detects nothing and no log from Dr.Web CureIt,as nothing is detected.

1)Posted Image
2)Posted Image
3)Posted Image
Posted Image

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/04/2009 at 07:31 AM

Application Version : 4.27.1000

Core Rules Database Version : 4036
Trace Rules Database Version: 1976

Scan type : Complete Scan
Total Scan Time : 01:23:20

Memory items scanned : 231
Memory threats detected : 0
Registry items scanned : 4734
Registry threats detected : 0
File items scanned : 43191
File threats detected : 0

#11 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:25 AM

Posted 04 August 2009 - 07:27 PM

In the Applications window in Task Manager, see if sddrejneeb.exe is there and if you can end the task
If not, use Autoruns

Download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file sddrejneeb.exe
Right-click on the entry and choose delete.
Reboot your computer and see if you can run a scan on D: drive

Edited by garmanma, 04 August 2009 - 07:28 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#12 Dylanz Of Dylanz

Dylanz Of Dylanz
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 05 August 2009 - 02:38 AM

i ended the task and delete by autorun,reboot but still cannot scan D

#13 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:25 AM

Posted 05 August 2009 - 07:05 PM

Please download RootRepeal.zip and save it to your Desktop.
alternate download link 1
alternate download link 2
  • Unzip the file on your Desktop or create a new folder on the hard drive called RootRepeal (C:\RootRepeal) and extract it there.
    (click here if you're not sure how to do this. Vista users refer to these instructions.)
  • Disconnect from the Internet as your system will be unprotected while using this tool.
  • Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
    This will ensure more accurate results and avoid common issues that may cause false detections.
  • Click this link to see a list of such programs and how to disable them.
  • Open the RootRepeal folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
  • When the program opens, click the Report tab at the bottom, then click the Scan button.
  • In the Select Scan, dialog which asks What do you want to include in the scan?, check all the boxes.
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click OK.
  • In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
  • The scan can take some time to finish. Do not use the computer while the scan is running.
  • When the scan has completed, a list of files will be generated in the RootRepeal window.
  • Click on the Save Report button and save it as rootrepeal.txt to your desktop.
  • A copy of the report with the date (i.e. RootRepeal report 07-30-09 (17-35-54).txt) is also saved to the root of your system drive (usually C:\).
  • Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.
  • Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "[color=blue]safe mode".
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#14 Dylanz Of Dylanz

Dylanz Of Dylanz
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 06 August 2009 - 02:49 AM

when i start rootrepeal.exe i get this error
Posted Image
i just clicked ok and continued with the scan.an error on D pop out after the scan.
Posted Image
anyway the scan completed.here's the log.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/06 00:11
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF35D7000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79E7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF2494000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: Volume C:\
Status: MBR Rootkit Detected!

Path: Volume C:\, Sector 1
Status: Sector mismatch

Path: Volume C:\, Sector 2
Status: Sector mismatch

Path: Volume C:\, Sector 3
Status: Sector mismatch

Path: Volume C:\, Sector 4
Status: Sector mismatch

Path: Volume C:\, Sector 5
Status: Sector mismatch

Path: Volume C:\, Sector 6
Status: Sector mismatch

Path: Volume C:\, Sector 7
Status: Sector mismatch

Path: Volume C:\, Sector 8
Status: Sector mismatch

Path: Volume C:\, Sector 9
Status: Sector mismatch

Path: Volume C:\, Sector 10
Status: Sector mismatch

Path: Volume C:\, Sector 11
Status: Sector mismatch

Path: Volume C:\, Sector 12
Status: Sector mismatch

Path: Volume C:\, Sector 13
Status: Sector mismatch

Path: Volume C:\, Sector 14
Status: Sector mismatch

Path: Volume C:\, Sector 15
Status: Sector mismatch

Path: Volume C:\, Sector 16
Status: Sector mismatch

Path: Volume C:\, Sector 17
Status: Sector mismatch

Path: Volume C:\, Sector 18
Status: Sector mismatch

Path: Volume C:\, Sector 19
Status: Sector mismatch

Path: Volume C:\, Sector 20
Status: Sector mismatch

Path: Volume C:\, Sector 21
Status: Sector mismatch

Path: Volume C:\, Sector 22
Status: Sector mismatch

Path: Volume C:\, Sector 23
Status: Sector mismatch

Path: Volume C:\, Sector 24
Status: Sector mismatch

Path: Volume C:\, Sector 25
Status: Sector mismatch

Path: Volume C:\, Sector 26
Status: Sector mismatch

Path: Volume C:\, Sector 27
Status: Sector mismatch

Path: Volume C:\, Sector 28
Status: Sector mismatch

Path: Volume C:\, Sector 29
Status: Sector mismatch

Path: Volume C:\, Sector 30
Status: Sector mismatch

Path: Volume C:\, Sector 31
Status: Sector mismatch

Path: Volume C:\, Sector 32
Status: Sector mismatch

Path: Volume C:\, Sector 33
Status: Sector mismatch

Path: Volume C:\, Sector 34
Status: Sector mismatch

Path: Volume C:\, Sector 35
Status: Sector mismatch

Path: Volume C:\, Sector 36
Status: Sector mismatch

Path: Volume C:\, Sector 37
Status: Sector mismatch

Path: Volume C:\, Sector 38
Status: Sector mismatch

Path: Volume C:\, Sector 39
Status: Sector mismatch

Path: Volume C:\, Sector 40
Status: Sector mismatch

Path: Volume C:\, Sector 41
Status: Sector mismatch

Path: Volume C:\, Sector 42
Status: Sector mismatch

Path: Volume C:\, Sector 43
Status: Sector mismatch

Path: Volume C:\, Sector 44
Status: Sector mismatch

Path: Volume C:\, Sector 45
Status: Sector mismatch

Path: Volume C:\, Sector 46
Status: Sector mismatch

Path: Volume C:\, Sector 47
Status: Sector mismatch

Path: Volume C:\, Sector 48
Status: Sector mismatch

Path: Volume C:\, Sector 49
Status: Sector mismatch

Path: Volume C:\, Sector 50
Status: Sector mismatch

Path: Volume C:\, Sector 51
Status: Sector mismatch

Path: Volume C:\, Sector 52
Status: Sector mismatch

Path: Volume C:\, Sector 53
Status: Sector mismatch

Path: Volume C:\, Sector 54
Status: Sector mismatch

Path: Volume C:\, Sector 55
Status: Sector mismatch

Path: Volume C:\, Sector 56
Status: Sector mismatch

Path: Volume C:\, Sector 57
Status: Sector mismatch

Path: Volume C:\, Sector 58
Status: Sector mismatch

Path: Volume C:\, Sector 59
Status: Sector mismatch

Path: Volume C:\, Sector 60
Status: Sector mismatch

Path: Volume C:\, Sector 61
Status: Sector mismatch

Path: Volume C:\, Sector 62
Status: Sector mismatch

Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\vsfocehxrofgry.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\vsfocelmeqkhgc.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\vsfocevjicmxoe.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\vsfocewvsahncn.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\vsfoceqpxevnrthv.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\vsfoceruoseqhous.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\temp\vsfoceujblrkbwqq.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\vsfocetpmmitqo.sys
Status: Invisible to the Windows API!

Path: c:\documents and settings\ivan\local settings\temp\etilqs_7hiva8ajhxhhurbkuce1
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\ivan\local settings\temp\etilqs_m90xo8jtlhuamennolpv
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: Volume D:\
Status: MBR Rootkit Detected!

Path: Volume D:\, Sector 1
Status: Sector mismatch

Path: Volume D:\, Sector 2
Status: Sector mismatch

Path: Volume D:\, Sector 3
Status: Sector mismatch

Path: Volume D:\, Sector 4
Status: Sector mismatch

Path: Volume D:\, Sector 5
Status: Sector mismatch

Path: Volume D:\, Sector 6
Status: Sector mismatch

Path: Volume D:\, Sector 7
Status: Sector mismatch

Path: Volume D:\, Sector 8
Status: Sector mismatch

Path: Volume D:\, Sector 9
Status: Sector mismatch

Path: Volume D:\, Sector 10
Status: Sector mismatch

Path: Volume D:\, Sector 11
Status: Sector mismatch

Path: Volume D:\, Sector 12
Status: Sector mismatch

Path: Volume D:\, Sector 13
Status: Sector mismatch

Path: Volume D:\, Sector 14
Status: Sector mismatch

Path: Volume D:\, Sector 15
Status: Sector mismatch

Path: Volume D:\, Sector 16
Status: Sector mismatch

Path: Volume D:\, Sector 17
Status: Sector mismatch

Path: Volume D:\, Sector 18
Status: Sector mismatch

Path: Volume D:\, Sector 19
Status: Sector mismatch

Path: Volume D:\, Sector 20
Status: Sector mismatch

Path: Volume D:\, Sector 21
Status: Sector mismatch

Path: Volume D:\, Sector 22
Status: Sector mismatch

Path: Volume D:\, Sector 23
Status: Sector mismatch

Path: Volume D:\, Sector 24
Status: Sector mismatch

Path: Volume D:\, Sector 25
Status: Sector mismatch

Path: Volume D:\, Sector 26
Status: Sector mismatch

Path: Volume D:\, Sector 27
Status: Sector mismatch

Path: Volume D:\, Sector 28
Status: Sector mismatch

Path: Volume D:\, Sector 29
Status: Sector mismatch

Path: Volume D:\, Sector 30
Status: Sector mismatch

Path: Volume D:\, Sector 31
Status: Sector mismatch

Path: Volume D:\, Sector 32
Status: Sector mismatch

Path: Volume D:\, Sector 33
Status: Sector mismatch

Path: Volume D:\, Sector 34
Status: Sector mismatch

Path: Volume D:\, Sector 35
Status: Sector mismatch

Path: Volume D:\, Sector 36
Status: Sector mismatch

Path: Volume D:\, Sector 37
Status: Sector mismatch

Path: Volume D:\, Sector 38
Status: Sector mismatch

Path: Volume D:\, Sector 39
Status: Sector mismatch

Path: Volume D:\, Sector 40
Status: Sector mismatch

Path: Volume D:\, Sector 41
Status: Sector mismatch

Path: Volume D:\, Sector 42
Status: Sector mismatch

Path: Volume D:\, Sector 43
Status: Sector mismatch

Path: Volume D:\, Sector 44
Status: Sector mismatch

Path: Volume D:\, Sector 45
Status: Sector mismatch

Path: Volume D:\, Sector 46
Status: Sector mismatch

Path: Volume D:\, Sector 47
Status: Sector mismatch

Path: Volume D:\, Sector 48
Status: Sector mismatch

Path: Volume D:\, Sector 49
Status: Sector mismatch

Path: Volume D:\, Sector 50
Status: Sector mismatch

Path: Volume D:\, Sector 51
Status: Sector mismatch

Path: Volume D:\, Sector 52
Status: Sector mismatch

Path: Volume D:\, Sector 53
Status: Sector mismatch

Path: Volume D:\, Sector 54
Status: Sector mismatch

Path: Volume D:\, Sector 55
Status: Sector mismatch

Path: Volume D:\, Sector 56
Status: Sector mismatch

Path: Volume D:\, Sector 57
Status: Sector mismatch

Path: Volume D:\, Sector 58
Status: Sector mismatch

Path: Volume D:\, Sector 59
Status: Sector mismatch

Path: Volume D:\, Sector 60
Status: Sector mismatch

Path: Volume D:\, Sector 61
Status: Sector mismatch

Path: Volume D:\, Sector 62
Status: Sector mismatch

Path: D:\Recycled
Status: Invisible to the Windows API!

Path: D:\System Volume Information
Status: Invisible to the Windows API!

Path: D:\Recordings
Status: Invisible to the Windows API!

Path: D:\Config.Msi
Status: Invisible to the Windows API!

Path: D:\Program Files
Status: Invisible to the Windows API!

Path: D:\Temp
Status: Invisible to the Windows API!

Path: D:\FOUND.000
Status: Invisible to the Windows API!

Path: D:\PPSDS.PGF
Status: Invisible to the Windows API!

Path: D:\14fcc167a094d1e7f63d1f129c
Status: Invisible to the Windows API!

Path: D:\FOUND.001
Status: Invisible to the Windows API!

Path: D:\INDIA
Status: Invisible to the Windows API!

Path: D:\Documents and Settings
Status: Invisible to the Windows API!

Path: D:\D3D8CAPS.TMP
Status: Invisible to the Windows API!

Path: D:\5a5be0af94fa35bad32f23ef2f31e7d0
Status: Invisible to the Windows API!

Path: D:\Pictures
Status: Invisible to the Windows API!

Path: D:\IVAN
Status: Invisible to the Windows API!

Path: D:\7bd42c301485c39c57f193a2
Status: Invisible to the Windows API!

Path: D:\BURN
Status: Invisible to the Windows API!

Path: D:\MSDOWNLD.TMP
Status: Invisible to the Windows API!

Path: D:\DESKTOP.INI
Status: Invisible to the Windows API!

Path: D:\019ed1979a346507f5f2
Status: Invisible to the Windows API!

Path: D:\d895c6599ff71a0a92
Status: Invisible to the Windows API!

Path: D:\bfc7fddc55dbe89eb71ca65c7758828f
Status: Invisible to the Windows API!

Path: D:\7189579658f00cf34d1e
Status: Invisible to the Windows API!

Path: D:\1e660bf8700a340051a5013ab9b9e7
Status: Invisible to the Windows API!

Path: D:\4d6d38357609cc131a79d99ef79f
Status: Invisible to the Windows API!

Path: D:\52c7a14d4018e459891047
Status: Invisible to the Windows API!

Path: D:\2cd4f78b405117fae36a463b2c
Status: Invisible to the Windows API!

Path: D:\endau kelong trip
Status: Invisible to the Windows API!

Path: D:\Folder.jpg
Status: Invisible to the Windows API!

Path: D:\AlbumArtSmall.jpg
Status: Invisible to the Windows API!

Path: D:\AlbumArt_{B7EE1E56-A9B2-4E0F-8B5A-BDFF25AF1EE9}_Small.jpg
Status: Invisible to the Windows API!

Path: D:\AlbumArt_{B7EE1E56-A9B2-4E0F-8B5A-BDFF25AF1EE9}_Large.jpg
Status: Invisible to the Windows API!

Path: D:\Recycled\DESKTOP.INI
Status: Invisible to the Windows API!

Path: D:\Recycled\INFO2
Status: Invisible to the Windows API!

Path: D:\Recycled\Dd1.w3x
Status: Invisible to the Windows API!

Path: D:\Recycled\Dd2.torrent
Status: Invisible to the Windows API!

Path: D:\Recycled\AlbumArtSmall.jpg
Status: Invisible to the Windows API!

Path: D:\Recycled\AlbumArt_{F4BD26D7-2894-4621-AEA8-285FC8BF3BE3}_Small.jpg
Status: Invisible to the Windows API!

Path: D:\Recycled\Folder.jpg
Status: Invisible to the Windows API!

Path: D:\Recycled\AlbumArt_{F4BD26D7-2894-4621-AEA8-285FC8BF3BE3}_Large.jpg
Status: Invisible to the Windows API!

Path: D:\Recycled\AlbumArt_{D8121C1E-5008-419E-9091-0BE345B5FC00}_Small.jpg
Status: Invisible to the Windows API!

Path: D:\Recycled\AlbumArt_{D8121C1E-5008-419E-9091-0BE345B5FC00}_Large.jpg
Status: Invisible to the Windows API!

Path: D:\Recycled\Dd3.w3x
Status: Invisible to the Windows API!

Path: D:\Recycled\Dd4.w3x
Status: Invisible to the Windows API!

Path: D:\Recycled\Dd5
Status: Invisible to the Windows API!

Path: D:\Recycled\Dd6.dll
Status: Invisible to the Windows API!

Path: D:\Recycled\Dd7.dll
Status: Invisible to the Windows API!

Path: D:\Recycled\Dd8.dll
Status: Invisible to the Windows API!

Path: D:\Recycled\Dd9.dll
Status: Invisible to the Windows API!

Path: D:\Recycled\Dd10.mpq
Status: Invisible to the Windows API!

Path: D:\Recycled\Dd11.txt
Status: Invisible to the Windows API!

Path: D:\System Volume Information\_restore{A2DAFA2B-4679-470D-BFF3-697C9A4FE759}
Status: Invisible to the Windows API!

Path: D:\System Volume Information\_restore{E0154C5E-A852-404D-AD97-8DBA921518F0}
Status: Invisible to the Windows API!

Path: D:\Recordings\Summer.mp3
Status: Invisible to the Windows API!

Path: D:\Program Files\Garena SF
Status: Invisible to the Windows API!

Path: D:\Program Files\LimeWire
Status: Invisible to the Windows API!

Path: D:\Program Files\Winamp2
Status: Invisible to the Windows API!

Path: D:\Program Files\Adobe
Status: Invisible to the Windows API!

Path: D:\Program Files\DAP
Status: Invisible to the Windows API!

Path: D:\Program Files\VideoLAN
Status: Invisible to the Windows API!

Path: D:\Program Files\XP Codec Pack
Status: Invisible to the Windows API!

Path: D:\Program Files\Ares P2P
Status: Invisible to the Windows API!

Path: D:\Program Files\PPStream
Status: Invisible to the Windows API!

Path: D:\Program Files\WinASO
Status: Invisible to the Windows API!

Path: D:\Program Files\FlashGet
Status: Invisible to the Windows API!

Path: D:\Program Files\NJStar Chinese WP
Status: Invisible to the Windows API!

Path: D:\Program Files\Mozzila
Status: Invisible to the Windows API!

Path: D:\Program Files\CameraWindow
Status: Invisible to the Windows API!

Path: D:\Program Files\RAW Image Task
Status: Invisible to the Windows API!

Path: D:\Program Files\Real
Status: Invisible to the Windows API!

Path: D:\Program Files\AutoHotkey
Status: Invisible to the Windows API!

Path: D:\Program Files\Azureus
Status: Invisible to the Windows API!

Path: D:\Program Files\PSP
Status: Invisible to the Windows API!

Path: D:\Program Files\CCleaner
Status: Invisible to the Windows API!

Path: D:\Program Files\StubInstaller.exe
Status: Invisible to the Windows API!

Path: D:\Program Files\BitComet
Status: Invisible to the Windows API!

Path: D:\Program Files\WinZix
Status: Invisible to the Windows API!

Path: D:\Program Files\Counter Strike 1.6 Hacks
Status: Invisible to the Windows API!

Path: D:\Program Files\AVG
Status: Invisible to the Windows API!

Path: D:\Program Files\Incomplete
Status: Invisible to the Windows API!

Path: D:\Program Files\Messenger Plus! Live
Status: Invisible to the Windows API!

Path: D:\Program Files\Counter-Strike
Status: Invisible to the Windows API!

Path: D:\Program Files\Ares
Status: Invisible to the Windows API!

Path: D:\Program Files\Bitlord
Status: Invisible to the Windows API!

Path: D:\Program Files\Spybot - Search & Destroy
Status: Invisible to the Windows API!

Path: D:\Program Files\PPStream2
Status: Invisible to the Windows API!

Path: D:\Program Files\UCPlay
Status: Invisible to the Windows API!

Path: D:\Program Files\iMesh Applications
Status: Invisible to the Windows API!

Path: D:\Program Files\TVAnts
Status: Invisible to the Windows API!

Path: D:\Program Files\WinRAR
Status: Invisible to the Windows API!

Path: D:\Program Files\Azureus Ultra Accelerator
Status: Invisible to the Windows API!

Path: D:\Program Files\Smallvideosoft
Status: Invisible to the Windows API!

Path: D:\Program Files\DISK.ID
Status: Invisible to the Windows API!

Path: D:\Program Files\GarenaNewest
Status: Invisible to the Windows API!

Path: D:\Program Files\sXe Injected
Status: Invisible to the Windows API!

Path: D:\Program Files\Warkeys
Status: Invisible to the Windows API!

Path: D:\Program Files\Trend Micro
Status: Invisible to the Windows API!

Path: D:\Program Files\Malwarebytes' Anti-Malware
Status: Invisible to the Windows API!

Path: D:\Program Files\GIMP-2.0
Status: Invisible to the Windows API!

Path: D:\Program Files\CTShared
Status: Invisible to the Windows API!

Path: D:\Program Files\Ringtone Editor 1
Status: Invisible to the Windows API!

Path: D:\Program Files\Decal Converter
Status: Invisible to the Windows API!

Path: D:\Program Files\DirectX-V9.0
Status: Invisible to the Windows API!

Path: D:\Program Files\Warcraft III
Status: Invisible to the Windows API!

Path: D:\Program Files\Media Player Classic
Status: Invisible to the Windows API!

Path: D:\Program Files\uTorrent
Status: Invisible to the Windows API!

Path: D:\Program Files\BearShare Applications
Status: Invisible to the Windows API!

Path: D:\Program Files\iXi Tools
Status: Invisible to the Windows API!

Path: D:\Program Files\Nuclear Coffee
Status: Invisible to the Windows API!

Path: D:\Temp\dirk_dagger.eng.zip
Status: Invisible to the Windows API!

Path: D:\Temp\AlbumArtSmall.jpg
Status: Invisible to the Windows API!

Path: D:\Temp\VOD_2.WMV
Status: Invisible to the Windows API!

Path: D:\Temp\43291.WMA
Status: Invisible to the Windows API!

Path: D:\Temp\HIDEIPNG.EXE
Status: Invisible to the Windows API!

Path: D:\Temp\yesterday once more.txt
Status: Invisible to the Windows API!

Path: D:\Temp\My Downloads
Status: Invisible to the Windows API!

Path: D:\Temp\OPENING_TWO_.doc
Status: Invisible to the Windows API!

Path: D:\Temp\MODALS.PPS
Status: Invisible to the Windows API!

Path: D:\Temp\Thumbs.db
Status: Invisible to the Windows API!

Path: D:\Temp\17328.WMV
Status: Invisible to the Windows API!

Path: D:\Temp\Folder.jpg
Status: Invisible to the Windows API!

Path: D:\Temp\BACKUPS
Status: Invisible to the Windows API!

Path: D:\Temp\uninstall_list.txt
Status: Invisible to the Windows API!

Path: D:\Temp\DESKTOP.INI
Status: Invisible to the Windows API!

Path: D:\Temp\WRAR37B4.EXE
Status: Invisible to the Windows API!

Path: D:\Temp\flashgot.x30we9af.default
Status: Invisible to the Windows API!

Path: D:\Temp\Dublin.zip
Status: Invisible to the Windows API!

Path: D:\Temp\sadstory_2_.doc
Status: Invisible to the Windows API!

Path: D:\Temp\溏心風暴之家好月圓--拉姐鬧人鈴聲.mp3
Status: Invisible to the Windows API!

Path: D:\Temp\classicplayer.exe
Status: Invisible to the Windows API!

Path: D:\Temp\Multihackpack.rar
Status: Invisible to the Windows API!

Path: D:\Temp\Inconsolable.txt
Status: Invisible to the Windows API!

Path: D:\Temp\102515_hideippla.exe
Status: Invisible to the Windows API!

Path: D:\Temp\AlbumArt_{B7EE1E56-A9B2-4E0F-8B5A-BDFF25AF1EE9}_Small.jpg
Status: Invisible to the Windows API!

Path: D:\Temp\modal verbs.ppt
Status: Invisible to the Windows API!

Path: D:\Temp\praat4612_winsit.exe
Status: Invisible to the Windows API!

Path: D:\Temp\AlbumArt_{B7EE1E56-A9B2-4E0F-8B5A-BDFF25AF1EE9}_Large.jpg
Status: Invisible to the Windows API!

Path: D:\Temp\CHLOE
Status: Invisible to the Windows API!

Path: D:\Temp\FirstBackup.spg
Status: Invisible to the Windows API!

Path: D:\Temp\sg_backup_2008-03-08-1504.spg
Status: Invisible to the Windows API!

Path: D:\Temp\Hua_Er_Yue_Dui____Xi_Shua_Shua_.mp3
Status: Invisible to the Windows API!

Path: D:\Temp\ap07_apc_jime_instrucs_quickref.pdf
Status: Invisible to the Windows API!

Path: D:\FOUND.001\FILE0000.CHK
Status: Invisible to the Windows API!

Path: D:\INDIA\PC130001.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC130002.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC130003.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC130005.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC130006.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC130010.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140011.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140012.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140013.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140016.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140017.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140018.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140019.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140020.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140021.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140022.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140023.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140024.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140025.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140026.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140027.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140028.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140029.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140030.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140031.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140032.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140033.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC140034.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC150035.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC150036.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160037.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160040.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160041.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160042.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160043.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160044.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160045.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160046.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160047.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160048.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160049.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160050.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160051.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160052.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160054.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160055.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160056.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160057.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC160058.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC180060.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC180062.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC180063.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC180064.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC180066.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC180067.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC180068.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC180069.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC180070.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC190071.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC190072.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC190073.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC190074.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC200077.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC200078.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC200079.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC210082.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC220084.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC220085.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC230086.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC230087.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC230090.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240091.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240092.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240093.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240094.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240098.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240100.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240101.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240102.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240106.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240107.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240108.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240109.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240110.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240111.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240112.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240113.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240114.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240115.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240116.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240117.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC240124.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250126.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250127.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250128.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250129.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250130.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250131.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250132.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250133.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250134.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250135.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250137.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250140.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250141.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250143.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC250147.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260152.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260153.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260154.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260155.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260156.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260157.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260158.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260159.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260160.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260161.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260163.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260169.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260170.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260171.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260172.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260173.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC260174.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270175.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270177.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270178.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270179.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270180.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270181.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270182.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270183.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270184.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270185.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270186.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270189.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270190.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270191.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270194.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270195.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270196.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270199.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270203.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270205.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270207.JPG
Status: Invisible to the Windows API!

Path: D:\INDIA\PC270208.JPG
Status: Invisible to tStealth Objects
-------------------
Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: services.exe (PID: 548) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: lsass.exe (PID: 560) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocelmeqkhgc.dll]
Process: svchost.exe (PID: 732) Address: 0x00870000 Size: 49152

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: svchost.exe (PID: 732) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: svchost.exe (PID: 808) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: svchost.exe (PID: 916) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: svchost.exe (PID: 1016) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: svchost.exe (PID: 1152) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: svchost.exe (PID: 1248) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: Explorer.EXE (PID: 1428) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: spoolsv.exe (PID: 1556) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: svchost.exe (PID: 1716) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: jqs.exe (PID: 1920) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: ctfmon.exe (PID: 184) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: nvsvc32.exe (PID: 344) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: svchost.exe (PID: 1108) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: alg.exe (PID: 2144) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: svchost.exe (PID: 3056) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: firefox.exe (PID: 2532) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: devldr32.exe (PID: 2780) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: vsfocewvsahncn.dll]
Process: RootRepeal.exe (PID: 3396) Address: 0x10000000 Size: 28672

Hidden Services
-------------------
Service Name: vsfocexiqlxlao
Image Path: C:\WINDOWS\system32\drivers\vsfocetpmmitqo.sys

==EOF==

#15 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:25 AM

Posted 06 August 2009 - 06:44 PM

Path: Volume C:\ ~ MBR Rootkit Detected!
Path: Volume D:\ ~ Status: MBR Rootkit Detected!

You have a serious backdoor rootkit infection. We strongly recommend a reformat / reinstall
I'm not going to preach to you about downloading games, music, and whatnot from torrent sites.
Suffice it to say that is more than likely where you picked this up at

Let's continue

First, open and update Mbam, make sure it is ver. 1.4

Then

Run Root Repeal one more time, just click files
In the Root Repeal window, use your mouse and highlight:
C:\WINDOWS\vsfocetpmmitqo.sys

Next right mouse click on it and select *wipe file* option only then immediately reboot the computer and run an mbam scan right away

You may have to do this twice

Edited by garmanma, 06 August 2009 - 06:45 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users