I am having some serious problems with my computer. I posted another topic here
. Basically, I was forced to click a download link to keep my browser open, boy I wished I would have just shut down my computer. Anyways, this is entering week 3 of no progress and I am unable to access any anti-malware programs such as MalwareBytes, Spybot SD, Hijackthis, DDS, and to a limited extent, RootRepeal. Spyware Doctor and Mcafee don't detect the infection but SpywareDoctor continues to be able to block it.
I am given an error window for each of the short-cuts on my desktop everytime I power up, but this appears to have no direct effect on the shortcuts themselves, save those that would rid me of the infection. The error windows pop up whenever I try to execute a program and if I were to hazard a guess, seem to be deciding if that program is a threat to the infection, because it won't hessitate to shut down those programs listed above. It appears that the virus has changed the administration settings also, even though the control panel shows no such change.
I am able to post the Drivers, Processes, and Stealth objects from RootRepeal, but now, as with my other anti-malware programs, am given a message that says "Unable to locate path". RootRepeal will also stop responding when it tries to scan anything other than Drivers, Processes, or Stealth objects. I also tried renaming the execution programs as was suggested in another forum, but that didn't work. I am able to open MalwareBytes succesfully and update, regardless of the name, but as soon as I start to do a scan, the program gets shut down and I am unable to re-open it without reinstalling.
I hope somebody can help rid me of this current evil bane of my existence.
ROOTREPEAL © AD, 2007-2009
Scan Start Time: 2009/09/07 19:29
Program Version: Version 126.96.36.199
Windows Version: Windows Vista SP1
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x8C612000 Size: 40960 File Visible: No Signed: -
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x8FC05000 Size: 118784 File Visible: No Signed: -
Image Path: C:\Windows\system32\Drivers\mchInjDrv.sys
Address: 0xA4114000 Size: 2560 File Visible: No Signed: -
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA419E000 Size: 49152 File Visible: No Signed: -
Image Path: C:\Windows\win32k.sys:1
Address: 0x8FC52000 Size: 20480 File Visible: No Signed: -
Image Path: C:\Windows\win32k.sys:2
Address: 0x8FC57000 Size: 61440 File Visible: No Signed: -
PID: 4 Status: Locked to the Windows API!
PID: 1244 Status: Locked to the Windows API!
Object: Hidden Module [Name: kbiwkmnvmpshri.dll]
Process: svchost.exe (PID: 824) Address: 0x10000000 Size: 57344