Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Root Repeal log Homemachine


  • Please log in to reply
1 reply to this topic

#1 Homemachine

Homemachine

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 24 August 2009 - 07:08 PM

Can you help me get rid of "total security" virus? I could not figure out how to add an txt item, so I am pasting the scan report
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/24 19:37
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9817E000 Size: 778240 File Visible: No Signed: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0x9794B000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xB9DAE000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\RRbackups
Status: Locked to the Windows API!

Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: \\?\C:\RRbackups\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\C
Status: Invisible to the Windows API!

Path: C:\RRbackups\common
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings
Status: Invisible to the Windows API!

Path: C:\RRbackups\SIS
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\C\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\C\0
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\common\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\common\backups.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\bt0.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\bt1.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\bt2.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\bt3.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\bt4.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\bt5.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\css.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\hints.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\mnd.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\regcerts.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\restore.log
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\rr.log
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\SAM
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\seccache.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\secpolicy.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\settings.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\system.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\tvtcmn.dat
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\tvtns.bin
Status: Invisible to the Windows API!

Path: C:\RRbackups\common\usersids.dat
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\LocalService
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\NetworkService
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Ostafy
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\SIS\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\SIS\C
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\C\0\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\C\0\Data27
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data46
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data65
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data84
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data0
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data1
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data10
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data100
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data101
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data102
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data103
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data104
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data11
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data12
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data13
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data14
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data15
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data16
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data17
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data18
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data19
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data2
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data20
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data21
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data22
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data23
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data24
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data25
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data26
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data28
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data29
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data3
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data30
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data31
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data32
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data33
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data34
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data35
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data36
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data37
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data38
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data39
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data4
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data40
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data41
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data42
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data43
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data44
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data45
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data47
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data48
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data49
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data5
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data50
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data51
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data52
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data53
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data54
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data55
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data56
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data57
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data58
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data59
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data6
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data60
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data61
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data62
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data63
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data64
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data66
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data67
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data68
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data69
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data7
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data70
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data71
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data72
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data73
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data74
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data75
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data76
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data77
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data78
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data79
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data8
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data80
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data81
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data82
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data83
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data85
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data86
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data87
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data88
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data89
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data9
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data90
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data91
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data92
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data93
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data94
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data95
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data96
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data97
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data98
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Data99
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\dats
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\EFSFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\HashFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\Info
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\0\TOCFile
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\C\1\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\C\1\Data27
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data46
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data0
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data1
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data10
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data11
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data12
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data13
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data14
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data15
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data16
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data17
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data18
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data19
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data2
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data20
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data21
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data22
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data23
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data24
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data25
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data26
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data28
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data29
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data3
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data30
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data31
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data32
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data33
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data34
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data35
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data36
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data37
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data38
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data39
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data4
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data40
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data41
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data42
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data43
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data44
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data45
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data47
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data48
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data49
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data5
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data50
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data51
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data52
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data53
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data54
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data55
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data56
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data57
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data58
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data59
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data6
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data60
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data61
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data62
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data63
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data64
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data7
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data8
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Data9
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\dats
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\EFSFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\HashFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\Info
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\1\TOCFile
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\C\2\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\C\2\Data0
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\Data1
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\Data10
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\Data11
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\Data2
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\Data3
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\Data4
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\Data5
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\Data6
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\Data7
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\Data8
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\Data9
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\dats
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\EFSFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\HashFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\Info
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\2\TOCFile
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\C\3\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\C\3\Data0
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\Data1
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\Data2
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\Data3
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\Data4
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\Data5
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\Data6
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\Data7
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\Data8
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\Data9
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\dats
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\EFSFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\HashFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\Info
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\3\TOCFile
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\C\4\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\C\4\Data0
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\Data1
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\Data2
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\Data3
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\Data4
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\Data5
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\Data6
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\Data7
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\Data8
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\Data9
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\dats
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\EFSFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\HashFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\Info
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\4\TOCFile
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\C\5\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\C\5\Data0
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\Data1
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\Data10
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\Data2
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\Data3
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\Data4
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\Data5
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\Data6
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\Data7
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\Data8
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\Data9
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\dats
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\EFSFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\HashFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\Info
Status: Invisible to the Windows API!

Path: C:\RRbackups\C\5\TOCFile
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Ostafy\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Ostafy\Application Data
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\SIS\C\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\SIS\C\0
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\C\0\dats\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\C\1\dats\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\C\2\dats\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\C\3\dats\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\C\4\dats\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\C\5\dats\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Ostafy\Application Data\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Ostafy\Application Data\Lenovo
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Ostafy\Application Data\Microsoft
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\SIS\C\0\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\SIS\C\0\Data0
Status: Invisible to the Windows API!

Path: C:\RRbackups\SIS\C\0\Data1
Status: Invisible to the Windows API!

Path: C:\RRbackups\SIS\C\0\Data2
Status: Invisible to the Windows API!

Path: C:\RRbackups\SIS\C\0\Data3
Status: Invisible to the Windows API!

Path: C:\RRbackups\SIS\C\0\HashFile
Status: Invisible to the Windows API!

Path: C:\RRbackups\SIS\C\0\TOCFile
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: \\?\C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect
Status: Invisible to the Windows API!

Path: C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates
Status: Invisible to the Windows API!

Path: \\?\C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\RRbackups\Documents and Settings\NetworkService\ApplicaSSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x89b9f0a8

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x89b9e980

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x86cc57c0

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x899f7290

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89607370

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0x9fdb5040

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x899e5a48

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x899bb350

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x899c1db8

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x89ca5970

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0x9fdb52c0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0x9fdb5820

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x895fac00

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x89a17d88

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x89b6c668

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x89b642e8

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x86d41750

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x86cc0628

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x89d1ddc0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x86c6a618

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x89a41968

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x89ceb2d0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x86d227e0

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x89ca92d0

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x89cab818

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x89b71998

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x89b667f0

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x89d19078

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0x9fdb5a70

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x89b9b5c0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x89ceb438

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x89db20b0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x89d6e078

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x89a322a0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x86ce77c8

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x89a3d528

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x86c74630

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x89dcab70

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x89cbb690

#: 428 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x89d01128

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x89dc91b0

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x89c442a0

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x899ce0a0

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x899ebbb0

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x89bad0b8

==EOF==

Edited by Homemachine, 24 August 2009 - 07:11 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:03 PM

Posted 24 August 2009 - 09:34 PM

Let's back up a bit
What other scans have you run?
Let's start out with this one
-------------

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
---------------------------
Be sure to re-enable your AV and malware scan tools if they were disabled
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users