Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RootRepeal Report


  • Please log in to reply
2 replies to this topic

#1 socalgal

socalgal

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 04 September 2009 - 02:07 PM

Hello there. I'm new here, but have been reading threads and advice all morning. I have the same problem many others seem to have right now -- with the "Your computer is infected" background, pop-ups galore, and fake antivirus software trying to install itself on my computer. I used fatdcuk's self help thread and ran a rootrepeal scan, and thought I found the CLB Driver, but when I select it to wipe, I get a RootRepeal error message "could not find driver on disk". I've pasted my report below. I hope someone can help me. Thank you!

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/04 11:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9DF6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B21000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7CFE000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Kerry\Cookies\kerry@ad.yieldmanager[2].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Cookies\kerry@ad.yieldmanager[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4GVWJMED\wbtw120x600[2].swf
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4GVWJMED\simg_t_t19915985181151353414jpg85[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4GVWJMED\simg_t_t20006594242000659424jpg85[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4GVWJMED\simg_t_t20027853662002785366jpg85[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4GVWJMED\simg_t_t20030603932003060393jpg85[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4GVWJMED\simg_t_t20031461812003146181jpg85[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4GVWJMED\simg_t_t20032984252003298425jpg85[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4GVWJMED\simg_t_t37246frenchluggagecarryonbriefcases_0_0jpg85[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4GVWJMED\simg_t_tro46tlu24whdlazarsluggage_2043_6074683385[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4GVWJMED\simg_t_ts00799430cf421e20157402abc19622bfb2b9214jpg85[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4GVWJMED\simg_t_ts0793831df726c58fe4147c59ae2e563bc29226djpg85[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\4GVWJMED\simg_t_ts26264229fb29590f9f04fed8227486c46b0d93djpg85[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\771FHRWS\st[4]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\771FHRWS\st[6]
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\771FHRWS\iframe3[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\771FHRWS\simg_t_ts4824157a80b932e80844b07917c614c5625b1b7jpg85[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\771FHRWS\simg_t_t20017897151161277504jpg85[1]
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\771FHRWS\KCAXXRAFXCA4GSDWDCALA1BMLCALMGN8CCAKYB30VCA2HG4F8CAHUDFTXCAGN3LTQCAKDL5S9CAIKD0WBCAYBFNHYCA9GQOF6CAJ0O7TCCA4R2AXZCA5GFCXECACZ4M1TCASQI9URCAKU3F29CAM91ODRCAKL5XPZ
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\771FHRWS\RCAECD2QOCAJJTF8VCAT2P085CAI98LOLCA6MCBQWCA267V5RCA1P4UAZCADR5HCLCAPGE02CCAYJ18FUCA4SDD2SCAQYPLAXCATCWZFKCA715QJFCAOHFVHVCAP7FPTICAA3S7PHCAD7RQGSCAFVWL6NCAMCIKT2
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\771FHRWS\st[3]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\adserver_2[8].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\031809-header-luxurysearch[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\031809-header-nav-div[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\033109-channels-lineup-bg[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\033109-channels-lineup-right[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\033109-video-btm[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\033109-video-right[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\040609-seenext-article[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\070609-feat-adv-box-top[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\favicon[8].ico
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\flashwrite_1_2[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\frushi[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\func[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\G9636[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\game_break_header_fullsize[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\GCA1CSPVSCAO2HJIWCAAUR470CA2LY82QCA1DMIOSCAWAP3JSCAD2CEJRCA9M1HK9CA64QR17CABUG4DCCAG7BBJNCAW1KM1MCAP0WMF2CAQGOYI2CA6XHP5PCA6QZUY9CAGM4M41CACROX3TCA1H9000CAD0IQUF
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\DCAQWKCSACAY93DS0CATS9OYJCA0VZUA6CALUZIA3CAHZCHO8CAP716QZCA57WRGJCAFAQVHTCA6Z0W8MCALSCOJICAYLPTLYCALS0ERACAK544H6CAHPX91SCACPP9B3CAQMPABHCAU3S9OICAMB26NXCAM11Y9P
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\dcd6de3ce33a0af26e5ad855acc0c6ab[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\ddichamp8_4119_160x600_vflash8[1].swf
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\delPublishersCookies[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\desktop.ini
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\dot[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\eaaea5aaac676a2f64804d03450bc5f5[1].swf
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\luxevideo;abr=!webtv;kw=all;tile=3;pos=1;sz=300x250,300x300,300x600;ord=561572249563062840[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\luxevideo;abr=!webtv;kw=all;tile=4;pos=1;sz=300x100;ord=561572249563062840[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\meter[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\NCA3TFHPCCA2G47QKCALVPNCSCABLT1SYCAKXNAZKCANBZ0WLCAXK5A5GCAP0PC11CA0672L3CA34RYH2CAUAX4MJCAYGWWEJCA2XPTH5CAOIOL09CARW1Y0HCATLQFHRCAC61UPOCA25B3EBCAPH8OJXCA48PR26
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\NCAH3B39OCA6MTXC8CAR7QZ4NCAYPNVH9CABLF0T0CAQ6EOUNCAE1X825CATCU4R7CAG899AWCA51NWV6CAPBCXTTCAMB3OIWCAZY0LWRCA0WZWYSCAOA6AKWCAY6M2N0CAO44DLXCAYA32ERCAZZMYM4CARTL0LY
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\171ridicolous_at_weddings[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\172water_accidents[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\17351_adfilegif[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\176concerto_for_faces[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\179turtle[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\180one_min_painting[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\183ten_kittens[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\186surfs_up[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\190reasons_against_drugs[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\070609-teaser-photo-box-bot[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\136russian_farmergirl[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\170everythings_possible[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\309funny_pranks[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\4CAOJQ835CAZ93RK1CACA8EZ6CANHOC1MCARLYBNYCAFWEWF9CAWFPX9ZCAPUQEJ1CARWDJDVCATOJ2SCCAKROXDPCAF7XEQ7CA62DMNHCADWSG4RCAJV9UAOCAN4Z9NVCA69AHLTCALAJNSNCA5PZ1FTCAY3HIGF
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\5CAC4PFBCCAMY4H00CAHYHK6ECA0BE5MUCAY7L2XZCA2USROQCAF1BQ02CAZ8LLCUCA7EZD6GCACAPMS3CAXGYWDECAHEAU94CABK4GRZCAOHVFDHCAJDZ9LICAVH7EIKCAVBD0L8CAXP72K8CA5S107CCALF6SK8
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\9CAUWAMGWCA7EBQQGCAOE30F7CAG6F74RCAMUEZHQCAAUXBYUCAQSKGOACAGYNZZTCAMANIPCCARSA2F1CA99TQ59CAFX1OD1CA3AWEISCA0AD8OHCAD6YQZACANX7FIICAXTYZHNCAJ5RXRECACGXA3WCAMCCEFF
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\109theres_auto[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\112808-bestof[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\117funny_soccer_moments[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\120208-border-left-tile[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\120208-border-lion[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\120208-lion-bg[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\120508-video-bg[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\121fat_cats_photos[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\122funny_animals[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\124fly_gadget[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\1268714331@x10[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\129wind_energy[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\13399_mall-link728x90[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\HCAUZW6T0CABDKR3BCAT1Z5NOCAVZI8Z6CAGR27GGCA23O673CAHCJ1W1CAKBCXYXCAGRCXPDCAZDFM2XCAYDS160CAHRKEI1CAF9XXYPCA3UWVXWCAK00T1GCAGQVAMJCAQN4Z39CA5F0ML3CA7168Q4CAAWBQDJ
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\iframe3[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\iframe3[2].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imgad[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imp[10]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imp[11]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imp[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imp[2]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imp[3]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imp[4]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imp[5]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imp[6]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imp[7]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imp[8]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\imp[9]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\320ed3d4fec3293ed6553354a2e1f6e1[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\3CAMJOGRZCACI9W4VCAEBU40ZCA23GR3SCAYRTTSECAW22HRUCA59E98ECARP2E5DCAVDWV0BCASC5PBECADR5H4LCA8LWL3MCAB66CRDCAOYNDNJCAYN1D6LCA8O5LNMCARRFMVACANBVXNNCA16EOIBCA46HJ61
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\3CAR1OUNFCA9ZHM6PCAQ35EINCA4HKP66CAKO18JKCAJBSPH8CAU9OXUCCAZEUSHYCAB5YR2DCAQ847L6CANU581JCARESHNLCANN640HCAKDTMPECAXO6JL1CALJGHNMCAWCIKURCA5MTNQTCAQ1U3BECAFA5348
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\3CAS1J81ZCAKD40SXCA93J7NTCAXE2I4GCATED2SACATUPGZ7CA7579CLCASEU32BCA8QFD8QCAJNENW2CAMELN1YCAIZ311PCA2WE34RCA8RPDVFCA02WAXBCAEWPC1TCAFG7EATCAXD1ZFWCARBQSLFCAA8GOAO
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\4488.75x60[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\070609-teaser-photo-top-btn2[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\070609-teaser-photo-top[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\080509-partner-see-more-listings[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\080509-teaser-photo-box-img[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\080709-related[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\0CAFHYST3CAEQXTSGCAXGNCO4CAKMMULWCA463X3CCAY6HZXWCAMCBSMZCAHC6X2NCA7CK90ZCAXPU97DCAREE1DMCABXC2TXCAMOU3CUCAN8FZ7HCATMXQYTCA77RPLSCAJATDK6CASTXCK7CAQAXQ2WCAL8CW16
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\106its_live_tv[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\106its_live_tv[2].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\106its_live_tv[3].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\108invisible_thread[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\224orlando_live_tv[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\225ten_angry_reporters[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\227live_tv_moments[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\230naked_ass_joke[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\23343_spy3media[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\23457_mustang[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\237olimpics_bloopers[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\23887_makemoneyaffiliateprogramleaderboard2[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\246skiing_accidents[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\247best_fut_technology[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\248future_technology[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\139hockey_brawl[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\140two_stupid_girls[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\140two_stupid_girls[2].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\143granny_fight_vs_parking[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\144parking_joke[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\150curious_accidents[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\150curious_accidents[2].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\153most_funny_pictures[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\155funny_video[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\160x600[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\163air_show_lviv[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\163air_show_lviv[2].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\backgound_standard[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\banners[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\banner[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\bar_wbtw468x60[1].swf
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\bar_wbtw468x60[2].swf
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\bd8402d9c4690ad09fcee418e06e52b2[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\bestof-beaches[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\brand_btn[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\brand_widescreen[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\busy[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\button1.6[1].swf
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\button_bg[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\indexsz[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\index[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\index_18_1[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\JCAFL1NL9CA3CGVEBCAYT5B6DCAGZ4IH0CA1PAXEXCAPW7BXPCAIBWLQTCAI69ZIQCA16CXAKCA46S9QJCA4XR9D2CA84HDQECA99HFISCAARSQS1CANXUW5OCASP9LILCAJYYKZNCACBIN8DCAZMXJXYCAI8HCBR
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\Justluxe_160x600_101008[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\justlux_300x250_fall_dual[1].swf
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\klasstv2_23[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\l.s.bg2z[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\labelNewspaper[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\LCAVPAG6TCAMFOO2XCA1TZTKWCAKBWEKHCA5V2WI8CA20ZI57CAT02BWXCA54RS3NCAK9RUW2CACDV1DVCAUDFCH3CAZCU3G9CAJTJZT9CAGEL82UCAW0XYRICAAMAUMICAHMWJEYCAO0FL2RCALLHUA1CAM029LR
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\logo[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\log[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\256car_crashes[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\277japanese_people_naked[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\287bride_in_bushes[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Kerry\Local Settings\Temporary Internet Files\Content.IE5\CHAWBX7N\288waterpark[1].jpg
Status: Invisible to the Windows API!

Path: C:\DSSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9e3e6b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9e3e574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9e3ea52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9e3e14c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9e3e64e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9e3e08c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9e3e0f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9e3e76e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9e3e72e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9e3e8ae

Hidden Services
-------------------
Service Name: rotscxyqjedeen
Image Path: C:\WINDOWS\system32\drivers\rotscxbaitethx.sys

Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACpxwqrovmyv.sys

==EOF==

BC AdBot (Login to Remove)

 


#2 socalgal

socalgal
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 04 September 2009 - 02:23 PM

In addition (and I don't know if this will help) the only infection that keeps popping up again and again when I run Avast is the following:

c:\svfp.exe\install.exe infected:win32:Neredr (Drp)

This seems to be the only thing that cannot be deleted or repaired when I run a virus scan

#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:28 PM

Posted 05 September 2009 - 08:07 PM

You need to post it in our HJT forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Give a brief description of your problem and let them know that this is the only log you can produce and include it in your post
They are very busy and there is a backlog. Just be patient and they will get to you

Good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users