Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have trojan.vundo.h and it wont go away


  • Please log in to reply
3 replies to this topic

#1 impulse2901

impulse2901

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 03 October 2009 - 03:48 AM

Hi, my computer started freezing and my screen would turn all these crazy colors and then freeze. After I rebooted, i immediately ran malwarebytes antimalware and said I had files infected with trojan.vundo.h and i deleted the files and rebooted. I thought it worked, then about 40 mins the same problem and i freeze. I again reboot and run MBAM and again it has the trojan and again i delete etc. Same thing keeps happening over and over again. I also started doing system restores and that didnt work (after I reboot it sends me back to current system) and running MBAM over and over. Now, when i boot my computer, the words are all fuzzy and a lot of the letters after my initial load screen (where it says like partition/system/etc) has been replaced with random letters. For example, partition looks like parfyityon or system looks like sftysem etc. Also, it just does rolling reboots unless I press f8 (the menu is all messed up. again, all the words are messed up) and boot in safe mode and run MBAM (which detects nothing) and then I reboot. Then my system will look like it did before the trojan for about 30mins and then it'll lock and the cycle repeats. I don't know what to do. MBAM says nothing is detected in safe mode OR normal mode. Just to recap, I turned off system restore (but the option gets turned back on everytime I reboot), updated MBAM, and downloaded hijackthis. I am at a loss and this is driving me crazy. please help! Oh, my OS is XP sp2. I hope I explained this clearly.

BC AdBot (Login to Remove)

 


#2 Mr LunchBox

Mr LunchBox

  • Members
  • 318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:21 AM

Posted 03 October 2009 - 02:44 PM

Greetings impulse2901

Welcome to Bleeping Computer!.


We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


And also follow this

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


#3 impulse2901

impulse2901
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:21 AM

Posted 04 October 2009 - 11:44 AM

Here is my rootrepeal log

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/03 23:33
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB5402000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADD6000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAFD66000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\LastGood.Tmp
Status: Invisible to the Windows API!

Path: c:\windows\system32\catroot2\dberr.txt
Status: Size mismatch (API: 14819, Raw: 13290)

Path: C:\WINDOWS\system32\CatRoot2\edbtmp.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\0044c05f784f01d2208480e0d7e7d170
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\00766461b1b00d8469999536d8f8d6e4
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\0091ab299e899a5920ad91739ad99c67
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\022593ca08eb4cd8e9681a7116f902d9
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\04ca01d3516e62847eb74defda094165
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\07fc28da31fb67510471389f08fbbe93
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\080070f6461c8001578e5e4cd4bb024b
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\0a120212db9f8797932f46def01672fc
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\86a5d4ec598b957d3e4d2a7951b2c258
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\86b0a3da81bf3edf55c9e9c6ef2e8b55
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\86c1313b3b7233a513215d577f5db5c4
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\881d7070640a4412a784782616794afa
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\8a10de02595aa748279afc6c628f49a8
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\8a43415b80a3070aa22efa6c72b3f657
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\8c38d732c1d8905e381f200acddd63a3
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\962449eaea2a809dd7a3a95c81a023bd
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\963193362d99ddbedffb21408a40248b
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\972f9ceb5c3be430fe6cdcb43653d74d
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\97f18c7ac91916468f96bb79c87bff6c
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\985a4860635d6b1a586d2df5ae754c21
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\adc42e4e6905251cac80b18a8dccd42a
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\aebb83db003f77a45671fd2c1557da38
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\afd49fba6b1973b6aec2e8b47e1ef5d5
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\b0264899240408ce315fe572c84c0e59
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\b29e2a9f14df0d88f5323f96793e432b
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\b3ba2a040ecf3ac2cd2da399851bda00
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\b45151c33087fb9df3e7d6e3700f80ed
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\b763712ee43f0fd0430236022685ae9e6e5707bb
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\b79f0480d592be3a8c6db381ffc0c693
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\b7f0b2892b21211a5630518d058f48d9
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\b86b6a4fb33f1418ba334c3807fa2a23
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\b94a62fef50572dbc9aa8e5671f39e77
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\bac760fbf1de6d36eb9b957dbbe3310c
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\bc4e6fcaa9203ecadcb2a32f173ae7a6
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\15fdc8419110b73ae498d2bf87f8bd8a
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\1cb2d95674c46f4e0127e576ae985871
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\1d8773e3b9bba05290b442f31de09a2e
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\1ece269e23f4ef02dbea7dfa6a74a7d0
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\1eec13b5c1997fc7de00e3422db4b84d
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\1f5186f5e58b4412570020701d3c5b06a12cc9fa
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\1fb659e25c21839251d560da33cbcfad
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\208c1a8c52f47d7b2df4baa21f58d3da
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\26a7ba71936ef28fcb3bb73b860e289e
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\299966e551b4462ae94e39e251e277b6
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\29f79ad83880337acafe2a37966d9d29
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\29fac2778ef9276807b5af52b3f981b9
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\2abaeb659824de5967ddf7181c6befdb
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\2ad1413c5dc0d16e6d56d3e6ca94ed48
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\2dc9fc30bc273b9e96c8bbe5860f5315
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\304c19f1612f37ffa8967147d3cb7464
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\d61766d223927760d60364c3824ce500
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\d74289c815a4c14cbe709a0654bda77e
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\d8816d09f86abbe0c321ddc90d5c0948
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\da70638ee8e6f6c7eff37e755cd6f449
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\db250b969298d4b9909ab53611417a5a
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\db524307f1cae2f6443879522082afe1
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\dc3b8fb011c281dea1cb7a45f880da78
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\dca9d8a1ecbaf4bd0e18d083156f30c9
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\dd1d31f82e16f1dce87e833fd358b78e
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\dd6c2e7701be1a2e63281605463e5e51
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\dfb1b328cf19d4352aeb86f82e39c295
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\e3c3121982c8a4d0c1605cfbcb9bb7c8
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\e4c2007810f05e435207a9313d458bee
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\e533f2b7494d7e198f7fd652beea5687
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\e7d26e5776f9930c6ad9dff351940707
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\e9ba84652946a0f1afd3e49f8e447c26
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\3112269c39ef5d624522fb876634b1d2
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\32e99364da67a7850c38a7a4e067a1ed
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\3361704fe1a0367fcfe17758efab6972
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\33831624a2e810dc854ea2f820d0dd53
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\343df13f0a7d4e9264393401164eed58
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\35d340428a8f32f0a91986e753c6e613
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\37fefde58a963f27982e5f97ce053f7f
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\40a830826de015286a7a5523023b1e09
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\4185df9bd0b35509f908e14df73d4fab
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\467d56591ed085161e5bb3d2f520fada
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\491a2c8e1582f5cdd01f8b3da4b8ef7d
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\495213e4cb2a90b1fa5505a5fab8e00b
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\4b975c8f39482ac4287e885ca058f798
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\4cbc0c1da652794a86c37dbd177bef9d
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\bf65315470cb5ca5b60a434e42ef37a4
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\c1b0851ac9312d2f7e1ab716c11967b5
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\c23140ab2b4cffaee396a230df8b1229
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\c2b0b0096c5575d796164ca0d50a2e49
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\c3c3c6d9de8be474641d4bbceb22a36f
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\c40d3e3035b8cea714f27532fea37c05b2d4dc65
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\c79a760b77d34ccd877ca1bd959fe478
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\c9cdbfcd49200c55d94bb81819c80f2b
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\cb2769f3b1daf367a31ed046299a3790
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\cef3a8d8eda5a26f4b054f9be7f25498
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\d037d9bbbbdf880e477c3840b38c3180
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\d1c98689cdcd0ea9312780ffc77a2cbe
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\d378d94379aa314a2f8a03df7faef1bc
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\d424e8f655073b64c82b6f4f138d5f7e
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\d492dac6f594bf63184cb839b64eb87d
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\d4b922f8ea9f36c40dca2e04a81b4c1c
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\582374c56f566bb2a83a59d0c2cd7d87
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\58b417d4f9467dc5c1babe51c3278018
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\593d5ddb620b1f1b4bef986c655fd062
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\612ce0df709f1f49b2994166ec93f292
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\66004d0acd607f44c08ee787c065c450
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\660425732726e9b33577f4657b36117d
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\678162639e69c808c1768ab6340eae25
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\6b5f9b6e24a379bdb34ad3589556de3e
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\71346ae154833814462aa3a4477d3137
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\71a994314faa34c74b73fcac7756eea1
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\7468a12466bf1d654d6ea07899fe1523
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\74a19a19cc31989be4bb0df6ac36d839
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\74d40968c7359f317caf83e0765c138c8661bc76
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\0a7407b49e4a15c0b9a45c0426de5360
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\0ad26524c298df9a41026d3b49a38936
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\0c114cf5b19927cfea8b29c83de1ed86
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\0dd0244816ffb4b094c1caba4c3b1178
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\0fd33c77398fa2b50df56456525ef5c3
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\109fef93c24da62cf8f31668d6ba9060
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\131ae35a2f5be2cefedd349d083bb253
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\14d19c27b28cc3990260d7191f6e0ff6c7483623
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\9a2e823865bda9a995ce09c66f6dacf3
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\9bfdf87212011d9eb5be47a0a5dc66ec
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\a4a9ccd1806461c53ce89bdd6f4591bf
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\a4eec31189780c76a955690dc00fbe64
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\a8a198f29fa1e0036a0893ee4e32b46a
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\a94a6432dbac6901fc5bf15157f718f8
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\aa0fb978e2349db3550eea285e93f7f0
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\aa19f15378aa75d2b2c7ba5771e0c521
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\ab02de9444a68e46b9d94dbc7903bc14
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\ab9217b6e5750f9481b4ee261d21b730
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\ad744bdeedce85bf37a096f34577ff3a
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\ad9c4c2a779933f83b51a49a2c88838d
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\ec4eaabcd12e69f3a00a5aee112d61fd
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\ed49db3e3eb4e8cd7de32a9e4fb59630
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\ed6cff8bccff865b52b93292e144ada6
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\ee52836d5c671146809a1dc54498be1f
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\f1717a50ad70787e0b2e37537d202992
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\f6ae6c01481096f08117233982ca37f9
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\f7a4b3723a3aad7955ede9785b307e88
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\f7c10c2b68f88196f082e36f7313e169
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\f90f6c0c452945125b5a22f96ec4c469
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\f934b30a3337b488590ef3c1f3bbfd68
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\f941c900a413f153861a4032214a1aec
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\fa53e640686f7f15b5ee3f532304b804
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\fd021e0d3be9e9d32612eef4c870a5b4
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\4cc8107fde988bba1481bb736cc96c29
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\4d2c05da13ad8b38b98d290938bbb7de3fd6d985
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\4f16665ac0e64727d0b09512c7b6d40c
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\51401b498f4675531d9efb941ee01ef3
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\526e15b6e1b5300357490c8089b5f84e
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\542ca89b62f4b2b2eebea38f60812a7c
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\55ae228715888b68a08f491655790fa6
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\55b5c397ff94db07e8c1c336efaf0a7b
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\561c9bea035f5195ab841bef0d7c79b4
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\569d9f4ac4075c88e15e54f5d0847e2b
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\788a709ca6976915e46d02310f43b6dc
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\7d6100e060a1f93df520847b1cd9dc71
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\7d89c78bdb29ecd56cfe2f1e3d8cdbac
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\7fc28d97b1595fa7b9dce8dd43cee6b0
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\803c0e086cd96b31ea1a46ae4ef17823
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\843953281f8497f8e20b19c4e3fe3e01
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\851ca0947900bb8445d41485b8290a6f
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\85a284e6f7f613c7e0090c004d4f9187
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\EventCache\85df2c3311b9f19cc118068642925ba1
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem10.CAT
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\bc4e6fcaa9203ecadcb2a32f173ae7a6
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\8c38d732c1d8905e381f200acddd63a3\BIT60.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\8c38d732c1d8905e381f200acddd63a3\backup
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\8c38d732c1d8905e381f200acddd63a3\download
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\8c38d732c1d8905e381f200acddd63a3\spmsg.dll
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\8c38d732c1d8905e381f200acddd63a3\spuninst.exe
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\8c38d732c1d8905e381f200acddd63a3\susdl.req
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\8c38d732c1d8905e381f200acddd63a3\update
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\8c38d732c1d8905e381f200acddd63a3\WindowsXP-KB960225-x86-ENU.psm
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\8c38d732c1d8905e381f200acddd63a3\_unpacked_.state
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\BIT5A.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\download
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\spmsg.dll
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\spuninst.exe
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\susdl.req
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\update
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\WindowsXP-KB925902-x86-ENU.psm
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\_unpacked_.state
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\atl.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\sp2gdr
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\sp2qfe
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\sp3gdr
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\sp3qfe
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\spmsg.dll
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\spuninst.exe
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\susdl.rq0
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\update
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\WindowsXP-KB973507-x86-ENU.psm
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\_downloadprogress_.state
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\_unpacked_.state
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\_usedelta_.state
Status: Visible to the Windows API, but not on disk.

Path: \\?\C:\WINDOWS\SoftwareDistribution\Download\bc4e6fcaa9203ecadcb2a32f173ae7a6\*
Status: Could not enumerate files with the Windows API (0x00000003)!


Path: C:\WINDOWS\SoftwareDistribution\Download\bc4e6fcaa9203ecadcb2a32f173ae7a6\BIT5D.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\bc4e6fcaa9203ecadcb2a32f173ae7a6\_downloadprogress_.state
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\bc4e6fcaa9203ecadcb2a32f173ae7a6\_useselfcontained_.state
Status: Invisible to the Windows API!

Path: \\?\C:\WINDOWS\SoftwareDistribution\Download\1cb2d95674c46f4e0127e576ae985871\*
Status: Could not enumerate files with the Windows API (0x00000003)!


Path: C:\WINDOWS\SoftwareDistribution\Download\1cb2d95674c46f4e0127e576ae985871\BIT5F.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\1cb2d95674c46f4e0127e576ae985871\_downloadprogress_.state
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\1cb2d95674c46f4e0127e576ae985871\_useselfcontained_.state
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\e4c2007810f05e435207a9313d458bee\BIT62.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\e4c2007810f05e435207a9313d458bee\backup
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\e4c2007810f05e435207a9313d458bee\download
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\e4c2007810f05e435207a9313d458bee\spmsg.dll
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\e4c2007810f05e435207a9313d458bee\spuninst.exe
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\e4c2007810f05e435207a9313d458bee\susdl.req
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\e4c2007810f05e435207a9313d458bee\update
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\e4c2007810f05e435207a9313d458bee\WindowsXP-KB971657-x86-ENU.psm
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\e4c2007810f05e435207a9313d458bee\_unpacked_.state
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\BIT61.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\backup
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\download
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\spmsg.dll
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\spuninst.exe
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\susdl.req
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\update
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\WindowsXP-KB946026-x86-ENU.psm
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\37fefde58a963f27982e5f97ce053f7f\_unpacked_.state
Status: Visible to the Windows API, but not on disk.

Path: c:\windows\softwaredistribution\download\cef3a8d8eda5a26f4b054f9be7f25498\bit63.tmp
Status: Size mismatch (API: 16883552, Raw: 0)=

--------------------------------------------------


here is my superantispyware logSUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/04/2009 at 09:37 AM

Application Version : 4.29.1002

Core Rules Database Version : 4144
Trace Rules Database Version: 2075

Scan type : Complete Scan
Total Scan Time : 01:52:26

Memory items scanned : 216
Memory threats detected : 0
Registry items scanned : 4806
Registry threats detected : 0
File items scanned : 40556
File threats detected : 0

#4 Mr LunchBox

Mr LunchBox

  • Members
  • 318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:21 AM

Posted 06 October 2009 - 12:20 AM

Impulse,

I am sorry I typed some questions and I must of not clicked on click reply before closing my screen.


Super Anti Spyware came back as clean. I know you ran malwarebytes, however I would like for you to run it once more.


The main question I wanted to ask was if you are still having problems. Now I am sure you probably are because you would have stated that your PC is clean.


Run mbam past the log and tell me if you are still having problems after you run mbam



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users