Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Virus/Rootkit? Combofix, DDS.scr will not run


  • This topic is locked This topic is locked
2 replies to this topic

#1 Duude

Duude

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 21 September 2009 - 08:23 AM

General Symptoms:
As described below on boot I need to Ctrl+alt+delete – Start Task Manager, File, Run explorer.exe. Many programs will not run at all including Combofix, ACDSee, Notepad, WinWord, calculator, WinRar, DDS.SCR (Info screen blinks on and then disappears), RootRepeal will not run with file option (See Below), etc. Video does not show on wmplayer or GOMPlayer, but audio plays. Luckily, Word 2007 still works to open what logs I have. The following is probably more than or not what you want, but in the past I have always found what I need on your site to find and remove them myself….. this one has me stumped so far. Let me know what else you will need to proceed.
Duude (Ron)

Timeline of infection and attempts to fix:

9/18/2009 – 7:40AM - Downloaded usenet archive file named “Muse - The Resistance.exe”. Can send this if you wish – 66mb.
9/18/2009 – 7:48:34AM - Scanned with AVG Free – No infection found
Extracted the archive.
AVG started notifying multiple WIN32/Heur infections on standard system files (??).
9/18/2009 – 8:01:41AM - Ran AVG scanner which found 2 infections: dllhost.exe with Trojan horse Generic 14.ARUN. Is was moved to virus vault, but the other did not get logged when it tried to remove and locked up the computer. I left it locked, went to work, and it was still locked (no task manager access, etc.) in the evening. Turned it off and back on.

9/18/2009 – 5:30PM - On every restart goes through normal boot process until the following message appears and it stops:
Userinit.exe – The instruction at 0x0006ff65 (or 0x0006ff66 on reboot) referenced memory at 0x7632eac1 (or 0x7673eac1 or 0x76fbeac1). The memory could not be written. Click OK to terminate the program.
Then this message appears:
wermgr.exe – The instruction at 0x00066ff6 referenced memory at 0xffffffff. The memory could not be read. Click OK to terminate the program.

Black screen with no activity. Ctrl+alt+delete – Start Task Manager, File, Run explorer.exe.

AVG full Scan – Start: 9/18/2009 – 6:30:40PM End: 9/18/2009 – 9:40:50PM
Results:


"C:\csrrss.exe";"Trojan horse Crypt.HIQ";"Moved to Virus Vault"
"C:\dllhost.exe";"Trojan horse Generic14.ARUN";"Moved to Virus Vault"
"C:\Program Files\2Wire\Uninstaller.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\ACDSee32\UNWISE.EXE";"Virus found Win32/Heur";"Infected"
"C:\Program Files\Adobe Media Player\Adobe Media Player.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\ArcSoft\Media Converter for Philips\MediaConverter.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\Bulk Rename Utility\Bulk Rename Utility.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\eRightSoft\SUPER\Setup.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\MagicDVDRipper\FileManager.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Microsoft Office\Office\OSA9.EXE";"Virus found Win32/Heur";"Infected"
"C:\Program Files\Microsoft Works\MSWorks.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\Microsoft Works\wksss.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\QuickTime\QTTask.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\QuickTime\QTTask.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\Real\RealPlayer\realjbox.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\Samsung\Samsung PC Studio 3\Launcher.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\Samsung\Samsung PC Studio 3\Multimedia manager.exe";"Virus found Win32/Heur";"Infected"
"C:\Program Files\VistaCodecPack\filters\ac3config.exe";"Virus found Win32/Heur";"Infected"
"C:\svvchost.exe";"Virus identified Packed.Monder";"Moved to Virus Vault"
"C:\Windows\hh.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{00120409-78E1-11D2-B60F-006097C998E7}\misc.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\Installer\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}\QuickDemoUrl_E9752251A5AD4678977047FD65566D18.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\enableCAMmov_FA1AFFD275C54DF29199B1475F05769E.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\ffdshow1_24571B4AB51D4AFAAA9327647ADE4E09.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\ffdshowaudio_F9FD80CE04484D4F8BCD77FC514C3F99.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\Haali_F9FD80CE04484D4F8BCD77FC514C3F99.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\NewShortcut2_95925E033263492B9EC723E2CAE2D3BE.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\reset.exe_F9FD80CE04484D4F8BCD77FC514C3F99.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\servicing\TrustedInstaller.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\System32\cleanmgr.exe";"Virus found Win32/Heur";"Object is white-listed (critical/system file that should not be removed)"
"C:\Windows\System32\control.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\System32\ie4uinit.exe";"Virus found Win32/Heur";"Object is white-listed (critical/system file that should not be removed)"
"C:\Windows\System32\mblctr.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\System32\msconfig.exe";"Virus found Win32/Heur";"Object is white-listed (critical/system file that should not be removed)"
"C:\Windows\System32\reg.exe";"Virus found Win32/Heur";"Object is white-listed (critical/system file that should not be removed)"
"C:\Windows\System32\snmptrap.exe";"Virus found Win32/Heur";"Object is white-listed (critical/system file that should not be removed)"
"C:\Windows\System32\unregmp2.exe";"Virus found Win32/Heur";"Object is white-listed (critical/system file that should not be removed)"
"C:\Windows\System32\wbem\WMIADAP.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.0.6000.16386_none_6b0d746560a0c05f\cleanmgr.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-control_31bf3856ad364e35_6.0.6000.16386_none_97353741ad92c399\control.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6000.16386_none_c61f34b687d16a40\hh.exe";"Virus found Win32/Heur";"Infected"
"C:\Windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6001.18000_none_c855f6b284bc7b14\hh.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18813_none_a8b209c2744bec3a\ie4uinit.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.0.6001.18000_none_5a99f4da0b4319f4\mblctr.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18000_none_adf3c981d68ad9ed\unregmp2.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-msconfig-exe_31bf3856ad364e35_6.0.6001.18000_none_da7a3e839dc01091\msconfig.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_6.0.6001.18000_none_319433fd2aaf78e5\reg.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.0.6001.18000_none_82b83466754f24cc\SpiderSolitaire.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.0.6001.18000_none_062b7e7afe71e492\PurblePlace.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.0.6000.16386_none_cd543ce1427cc9b4\snmptrap.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.0.6001.18000_none_cf8afedd3f67da88\snmptrap.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6001.18000_none_910d33844d26b5fb\TrustedInstaller.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\WMIADAP.exe";"Virus found Win32/Heur";"Moved to Virus Vault"

Tried to run Combofix – Green bar moves full to the right and then nothing happens. Could not find a log. Tried all these combinations with the same results:
Combofix.exe – “normal” windows.
Combofix.exe – “normal” windows – Run as Administrator.
Combofix.exe – Safe Mode.
Combo-fix.exe – “normal” windows.
Combo-fix.exe – “normal” windows – Run as Administrator.
Combo-fix.exe – Safe Mode.
Combo_fix.exe – “normal” windows.
Combo_fix.exe – “normal” windows – Run as Administrator.
Combo_fix.exe – Safe Mode.
Combofixx.exe – “normal” windows.
Combofixx.exe – “normal” windows – Run as Administrator.
Combofixx.exe – Safe Mode.

Malwarebytes' Anti-Malware 1.41
Database version: 2823
Windows 6.0.6001 Service Pack 1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
9/18/2009 11:40:01 PM mbam-log-2009-09-18 (23-40-01).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 27194
Time elapsed: 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:(No malicious items detected)
Memory Modules Infected:(No malicious items detected)
Registry Keys Infected:(No malicious items detected)
Registry Values Infected:(No malicious items detected)
Registry Data Items Infected:(No malicious items detected)
Folders Infected:(No malicious items detected)
Files Infected:(No malicious items detected)




Scheduled AVG Scan Start: 9/19/2009 – 1:00AM End: 9/19/2009 – 5:36AM
"C:\Program Files\2Wire\Uninstaller.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\ACDSee32\UNWISE.EXE";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Adobe Media Player\Adobe Media Player.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\ArcSoft\Media Converter for Philips\MediaConverter.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Bulk Rename Utility\Bulk Rename Utility.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Common Files\microsoft shared\Works Shared\WksCal.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\eRightSoft\SUPER\Setup.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\MagicDVDRipper\FileManager.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Microsoft Office\Office\OSA9.EXE";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Microsoft Works\MSWorks.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Microsoft Works\wksss.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\QuickTime\QTTask.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Real\RealPlayer\realjbox.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Samsung\Samsung PC Studio 3\Launcher.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\Samsung\Samsung PC Studio 3\Multimedia manager.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Program Files\VistaCodecPack\filters\ac3config.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{00120409-78E1-11D2-B60F-006097C998E7}\misc.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}\QuickDemoUrl_E9752251A5AD4678977047FD65566D18.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\misc.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{903B0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\enableCAMmov_FA1AFFD275C54DF29199B1475F05769E.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\ffdshow1_24571B4AB51D4AFAAA9327647ADE4E09.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\ffdshowaudio_F9FD80CE04484D4F8BCD77FC514C3F99.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\Haali_F9FD80CE04484D4F8BCD77FC514C3F99.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\NewShortcut2_95925E033263492B9EC723E2CAE2D3BE.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}\reset.exe_F9FD80CE04484D4F8BCD77FC514C3F99.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Windows\SC.INS";"Trojan horse Downloader.Generic8.BRPU";"Moved to Virus Vault"
"C:\Windows\System32\cleanmgr.exe";"Virus found Win32/Heur";"Object is white-listed (critical/system file that should not be removed)"
"C:\Windows\System32\ie4uinit.exe";"Virus found Win32/Heur";"Object is white-listed (critical/system file that should not be removed)"
"C:\Windows\System32\msconfig.exe";"Virus found Win32/Heur";"Object is white-listed (critical/system file that should not be removed)"
"C:\Windows\System32\reg.exe";"Virus found Win32/Heur";"Object is white-listed (critical/system file that should not be removed)"
"C:\Windows\System32\snmptrap.exe";"Virus found Win32/Heur";"Object is white-listed (critical/system file that should not be removed)"
"C:\Windows\System32\unregmp2.exe";"Virus found Win32/Heur";"Object is white-listed (critical/system file that should not be removed)"
"C:\Windows\temp\VRT6AFD.tmp";"Trojan horse Downloader.Generic8.BRPU";"Moved to Virus Vault"
"C:\Windows\winsxs\x86_microsoft-windows-htmlhelp_31bf3856ad364e35_6.0.6000.16386_none_c61f34b687d16a40\hh.exe";"Virus found Win32/Heur";"Moved to Virus Vault"


Malwarebytes' Anti-Malware 1.41
Database version: 2823
Windows 6.0.6001 Service Pack 1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
9/19/2009 8:20:18 AM mbam-log-2009-09-19 (08-20-18).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 331938
Time elapsed: 2 hour(s), 55 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1
Memory Processes Infected:(No malicious items detected)
Memory Modules Infected:(No malicious items detected)

Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
0=Rogue.ProtectionSystem
1=9/19/2009
2=Folder
3=C:\Program Files\Protection System
4=24424

Registry Values Infected:(No malicious items detected)

Registry Data Items Infected:(No malicious items detected)

Folders Infected:
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DivxFree (Trojan.DNSChanger) -> Quarantined and deleted successfully.
0=Trojan.DNSChanger
1=9/19/2009
2=Folder
3=C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DivxFree
4=41454

Files Infected:
C:\Windows\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
0=Trojan.FakeAlert
1=9/19/2009
2=File
3=C:\Windows\sc.exe
4=76340
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


9/19/2009 2:10:51 PM mbam-log-2009-09-19 (14-10-51).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 248400
Time elapsed: 2 hour(s), 34 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:(No malicious items detected)
Memory Modules Infected:(No malicious items detected)
Registry Keys Infected:(No malicious items detected)
Registry Values Infected:(No malicious items detected)
Registry Data Items Infected:(No malicious items detected)
Folders Infected:(No malicious items detected)
Files Infected:(No malicious items detected)

RootRepeal will not finish if run for all options. Seems to loop in particular directories.
RootRepeal_crash_091909.111418.txt
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP1
Exception Code: 0xc0000005
Exception Address: 0x004cbe53
Attempt to write to address: 0x00000000

RootRepeal_crash_091909.222051.txt
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP1
Exception Code: 0xc0000005
Exception Address: 0x004bed8c
Attempt to write to address: 0x00000000

RootRepeal_crash_092009.073713.txt
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP1
Exception Code: 0xc0000005
Exception Address: 0x004bf360
Attempt to write to address: 0x73ec3000

RootRepeal_Without_Files_091909.143718.txt
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/19 14:38
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8EC74000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8EC69000 Size: 45056 File Visible: No Signed: -
Status: -

Name: PCI_NTPNP7907
Image Path: \Driver\PCI_NTPNP7907
Address: 0x83089000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA0BE7000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1280 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x84c731e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CREATE]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_READ]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_WRITE]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_PNP]
Process: System Address: 0x86e751e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x84c721e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x84c721e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84c721e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84c721e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x84c721e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84c721e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x84c721e8 Size: 121

Object: Hidden Code [Driver: cdrom!䵆捩 Ђ扦浄ᯀ蚢蚣 П, IRP_MJ_CREATE]
Process: System Address: 0x8658a790 Size: 121

Object: Hidden Code [Driver: cdrom!䵆捩 Ђ扦浄ᯀ蚢蚣 П, IRP_MJ_CLOSE]
Process: System Address: 0x8658a790 Size: 121

Object: Hidden Code [Driver: cdrom!䵆捩 Ђ扦浄ᯀ蚢蚣 П, IRP_MJ_READ]
Process: System Address: 0x8658a790 Size: 121

Object: Hidden Code [Driver: cdrom!䵆捩 Ђ扦浄ᯀ蚢蚣 П, IRP_MJ_WRITE]
Process: System Address: 0x8658a790 Size: 121

Object: Hidden Code [Driver: cdrom!䵆捩 Ђ扦浄ᯀ蚢蚣 П, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8658a790 Size: 121

Object: Hidden Code [Driver: cdrom!䵆捩 Ђ扦浄ᯀ蚢蚣 П, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8658a790 Size: 121

Object: Hidden Code [Driver: cdrom!䵆捩 Ђ扦浄ᯀ蚢蚣 П, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8658a790 Size: 121

Object: Hidden Code [Driver: cdrom!䵆捩 Ђ扦浄ᯀ蚢蚣 П, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8658a790 Size: 121

Object: Hidden Code [Driver: cdrom!䵆捩 Ђ扦浄ᯀ蚢蚣 П, IRP_MJ_POWER]
Process: System Address: 0x8658a790 Size: 121

Object: Hidden Code [Driver: cdrom!䵆捩 Ђ扦浄ᯀ蚢蚣 П, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8658a790 Size: 121

Object: Hidden Code [Driver: cdrom!䵆捩 Ђ扦浄ᯀ蚢蚣 П, IRP_MJ_PNP]
Process: System Address: 0x8658a790 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x86c5c1e8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x86c5c1e8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x86c5c1e8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x86c5c1e8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86c5c1e8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86c5c1e8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x86c5c1e8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c5c1e8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x86c5c1e8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x86468530 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x86468530 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86468530 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86468530 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x86468530 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86468530 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x86468530 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System Address: 0x86d32790 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System Address: 0x86d32790 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d32790 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d32790 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System Address: 0x86d32790 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System Address: 0x86d32790 Size: 121

Object: Hidden Code [Driver: iScsiPrt В䔀䑎䕍⁍l, IRP_MJ_CREATE]
Process: System Address: 0x8673e1e8 Size: 121

Object: Hidden Code [Driver: iScsiPrt В䔀䑎䕍⁍l, IRP_MJ_CLOSE]
Process: System Address: 0x8673e1e8 Size: 121

Object: Hidden Code [Driver: iScsiPrt В䔀䑎䕍⁍l, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8673e1e8 Size: 121

Object: Hidden Code [Driver: iScsiPrt В䔀䑎䕍⁍l, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8673e1e8 Size: 121

Object: Hidden Code [Driver: iScsiPrt В䔀䑎䕍⁍l, IRP_MJ_POWER]
Process: System Address: 0x8673e1e8 Size: 121

Object: Hidden Code [Driver: iScsiPrt В䔀䑎䕍⁍l, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8673e1e8 Size: 121

Object: Hidden Code [Driver: iScsiPrt В䔀䑎䕍⁍l, IRP_MJ_PNP]
Process: System Address: 0x8673e1e8 Size: 121

Object: Hidden Code [Driver: aver06dt Ѓ潉†Serenum, IRP_MJ_CREATE]
Process: System Address: 0x865501e8 Size: 121

Object: Hidden Code [Driver: aver06dt Ѓ潉†Serenum, IRP_MJ_CLOSE]
Process: System Address: 0x865501e8 Size: 121

Object: Hidden Code [Driver: aver06dt Ѓ潉†Serenum, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x865501e8 Size: 121

Object: Hidden Code [Driver: aver06dt Ѓ潉†Serenum, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x865501e8 Size: 121

Object: Hidden Code [Driver: aver06dt Ѓ潉†Serenum, IRP_MJ_POWER]
Process: System Address: 0x865501e8 Size: 121

Object: Hidden Code [Driver: aver06dt Ѓ潉†Serenum, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x865501e8 Size: 121

Object: Hidden Code [Driver: aver06dt Ѓ潉†Serenum, IRP_MJ_PNP]
Process: System Address: 0x865501e8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x84c6f1e8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x84c6f1e8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x84c6f1e8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84c6f1e8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84c6f1e8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84c6f1e8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84c6f1e8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x84c6f1e8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x84c6f1e8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84c6f1e8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x84c6f1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86467790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86467790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86467790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86467790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86467790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86467790 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86467790 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_CREATE]
Process: System Address: 0x84c711e8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_CLOSE]
Process: System Address: 0x84c711e8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84c711e8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_POWER]
Process: System Address: 0x84c711e8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84c711e8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_PNP]
Process: System Address: 0x84c711e8 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_CREATE]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_CLOSE]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_READ]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_WRITE]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_QUERY_EA]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_SET_EA]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_SHUTDOWN]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_CLEANUP]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_SET_SECURITY]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_POWER]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_SET_QUOTA]
Process: System Address: 0x8653e790 Size: 121

Object: Hidden Code [Driver: mrxsmb , IRP_MJ_PNP]
Process: System Address: 0x8653e790 Size: 121

==EOF==

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:23 AM

Posted 08 October 2009 - 06:01 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:23 AM

Posted 14 October 2009 - 05:32 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users