Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SKYNETdfbvsbxd.dll Bad Image Error


  • This topic is locked This topic is locked
5 replies to this topic

#1 megazhang

megazhang

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 20 August 2009 - 07:50 PM

About three days ago, I believe I was infected with a sort of fake windows security alert, that constantly nagged at me to purchase the full version since apparently, I was infected with many, many trojans and viruses and whatnot.
I did a quick scan with Malwarebyte's Anti Malware and removed all of what it suggested, which seemed to solve the problem, since the fake windows security stuff was gone.
However, after restarting my computer, I found that every time that I started a program, I got the bad image error saying:

The application or DLL globalroot\systemroot\system32\SKYNETdfbvsbxd.dll is not a valid Windows image. Please check this against your installation diskette.

After clicking OK though, the program loaded with no further problem.

How can I make these error alerts go away? Thanks in advance!

Edit: As suggested in the HijackThis Malware Removal forum thing I did a scan with the DDS.scr thing, and I have the DDS.txt and Attach.txt files, and I've also got a RootRepeal report.

Edited by garmanma, 24 August 2009 - 05:28 PM.


BC AdBot (Login to Remove)

 


#2 megazhang

megazhang
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 20 August 2009 - 08:59 PM

Would this help?

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/20 20:23
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xED207000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79A7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xF7A41000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEB285000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SKYNETjjlsxrns.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETjjlsxrns.sys
Address: 0xEE1ED000 Size: 151552 File Visible: - Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\SKYNETdfbvsbxd.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\SKYNETvudjuyjs.dll
Status: Invisible to the Windows API!

Path: c:\windows\temp\mcmsc_e25kuv8dxyaw6fe
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_ivugxcuphlgfvyt
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_70de51sgz2s3nln
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_gxfbndcrqy0m0wb
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_wreohxsj6gzeo1b
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\system32\drivers\SKYNETjjlsxrns.sys
Status: Invisible to the Windows API!

Path: c:\documents and settings\edwin\local settings\temp\etilqs_x2h7lgkdhymcbj8v5m6d
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\documents and settings\edwin\local settings\temp\etilqs_hcvba36o5pg7m7pdpela
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: c:\documents and settings\edwin\local settings\temp\etilqs_bhyzlufyo0eiqyb7ios9
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.3304.261500
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.3304.261500
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Edwin\Application Data\Microsoft\CLR Security Config\v2.0.50727.42\security.config.cch.3304.261515
Status: Locked to the Windows API!

Path: c:\program files\logitech\desktop messenger\8876480\users\edwin\data\d0000000.fcs
Status: Allocation size mismatch (API: 512, Raw: 0)

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\geoffrito@hotmail.com\DFSR\Staging\CS{3A93A697-D5B6-90CC-79E9-DCEDED1368F4}\71\458-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\geoffrito@hotmail.com\DFSR\Staging\CS{3A93A697-D5B6-90CC-79E9-DCEDED1368F4}\12\82-{C271AD54-940D-4E0F-BFBC-7E05B006A22B}-v12-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v82-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\geoffrito@hotmail.com\DFSR\Staging\CS{3A93A697-D5B6-90CC-79E9-DCEDED1368F4}\13\13-{C271AD54-940D-4E0F-BFBC-7E05B006A22B}-v13-{C271AD54-940D-4E0F-BFBC-7E05B006A22B}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\geoffrito@hotmail.com\DFSR\Staging\CS{3A93A697-D5B6-90CC-79E9-DCEDED1368F4}\17\17-{C271AD54-940D-4E0F-BFBC-7E05B006A22B}-v17-{C271AD54-940D-4E0F-BFBC-7E05B006A22B}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\geoffrito@hotmail.com\DFSR\Staging\CS{3A93A697-D5B6-90CC-79E9-DCEDED1368F4}\18\18-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v18-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\geoffrito@hotmail.com\DFSR\Staging\CS{3A93A697-D5B6-90CC-79E9-DCEDED1368F4}\24\24-{C2~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\geoffrito@hotmail.com\DFSR\Staging\CS{3A93A697-D5B6-90CC-79E9-DCEDED1368F4}\72\457-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\geoffrito@hotmail.com\DFSR\Staging\CS{3A93A697-D5B6-90CC-79E9-DCEDED1368F4}\73\73-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v73-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v73-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\geoffrito@hotmail.com\DFSR\Staging\CS{3A93A697-D5B6-90CC-79E9-DCEDED1368F4}\75\75-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v75-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v75-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\geoffrito@hotmail.com\DFSR\Staging\CS{3A93A697-D5B6-90CC-79E9-DCEDED1368F4}\76\76-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v76-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v76-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\geoffrito@hotmail.com\DFSR\Staging\CS{3A93A697-D5B6-90CC-79E9-DCEDED1368F4}\77\77-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v77-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v77-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\geoffrito@hotmail.com\DFSR\Staging\CS{3A93A697-D5B6-90CC-79E9-DCEDED1368F4}\78\78-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v78-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v78-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\22\985-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\00\994-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\03\1005-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\08\970-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\12\986-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\13\989-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\14\995-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\15\999-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\16\1006-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\17\1010-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\18\968-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\19\973-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\20\977-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\21\981-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\23\988-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\24\992-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\25\997-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\26\1004-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\27\1009-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\28\1012-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\29\1015-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\35\1008-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\36\1017-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\38\998-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\40\1033-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\41\1020-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\44\1023-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\45\1024-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\46\1025-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\47\1026-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\48\1027-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\50\1029-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\51\1030-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\54\971-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\55\967-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\83\966-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\84\972-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\85\976-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\86\980-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\87\984-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\88\987-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\89\991-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\90\996-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\91\1002-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\92\1007-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\93\1014-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\94\969-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\97\983-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\98\990-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\mpalumbo12@live.com\DFSR\Staging\CS{F6778385-4F8E-A810-DFC9-67F77485F01B}\99\993-{E~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\29\129-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v129-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v129-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\00\100-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v100-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v100-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\01\101-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v101-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v101-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\02\102-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v102-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v102-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\03\103-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v103-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v103-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\04\104-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v104-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v104-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\05\105-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v105-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v105-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\06\106-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v106-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v106-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\07\107-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v107-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v107-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\08\108-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v108-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v108-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\17\117-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v117-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v117-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\18\118-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v118-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v118-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\19\119-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v119-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\20\120-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v120-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v120-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Edwin\Local Settings\Application Data\Microsoft\Messenger\edwinz2002@hotmail.com\SharingMetadata\oluffan@hotmail.com\DFSR\Staging\CS{AD57C501-F143-D3E8-4D96-4C3327901A7E}\21\121-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v121-{EB5C7479-4E82-4B1A-97CC-826E66C504DA}-v121-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Hidden Services
-------------------
Service Name: SKYNETdbgrrexl
Image Path: C:\WINDOWS\system32\drivers\SKYNETjjlsxrns.sys

==EOF==

#3 megazhang

megazhang
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 23 August 2009 - 10:15 AM

can anyone help me? the alerts are getting to be really annoying.

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:34 PM

Posted 23 August 2009 - 12:18 PM

Hello megazhang and :thumbsup: to BleepingComputer.

You have a rootkit on your system. With the information you have provided I believe you will need help from the malware removal team. Please read the information about getting started first. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 megazhang

megazhang
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 23 August 2009 - 03:25 PM

I followed your advice, followed the guide and started a topic in malware removal.
Thanks so much for the help! :D

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:34 PM

Posted 25 August 2009 - 01:03 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/251843/skynetdfbvsbxddll-bad-image-error/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users