Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Viruses Removal Help Please


  • This topic is locked This topic is locked
3 replies to this topic

#1 jamalone

jamalone

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 30 October 2009 - 10:39 AM

Hello,

Got these last night, first it puts 3 porn icons on desktop, cant move, cut, paste files to backup. Cant run dds, did run rootrepeal see below, ran S&D found 48 trojans/instances, it cleaned most but a few come back. Heres just a few i have found, win32vitro,win32sality,fastnetsrv,calc.exe,win32.delf.uc, virtumonde.sdn. Couldnt instal mbam either.

Please help. I have read similar post and understand this one is nasty. I disconnected internet as soon as I saw the porn icons come up. Can provide HJTHis log if needed.



Thanks very much

Aaron


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 08:30
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAECCC000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\garmin\poiloader.exe
Status: Allocation size mismatch (API: 6402048, Raw: 6385664)

Path: c:\garmin\sox.exe
Status: Allocation size mismatch (API: 1732608, Raw: 1712128)

Path: c:\gsak\gpsbabel.exe
Status: Allocation size mismatch (API: 1130496, Raw: 1110016)

Path: c:\gsak\xmlwf.exe
Status: Allocation size mismatch (API: 77824, Raw: 49152)

Path: c:\gsak\gsakactive.exe
Status: Allocation size mismatch (API: 36864, Raw: 12288)

Path: c:\gsak\gsakdual.exe
Status: Allocation size mismatch (API: 1093632, Raw: 1073152)

Path: c:\garmin\webupdater\webupdater.exe
Status: Allocation size mismatch (API: 4837376, Raw: 4820992)

Path: c:\gsak\cm2gpx\cm2gpx.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\gsak\cmconvert\cmconvert.exe
Status: Allocation size mismatch (API: 106496, Raw: 86016)

Path: c:\gsak\tourguide_tools\photoresize.exe
Status: Allocation size mismatch (API: 327680, Raw: 307200)

Path: c:\gsak\tourguide_tools\sox.exe
Status: Allocation size mismatch (API: 1732608, Raw: 1712128)

Path: c:\program files\abbyy finereader 8.0 professional edition\trigrammsinstaller.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\program files\abbyy finereader 8.0 professional edition\finesti.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\automation anywhere 5.0\kill.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\program files\automation anywhere 5.0\readreg.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\program files\automation anywhere 5.0\deployment.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\netmeeting\cb32.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\program files\netmeeting\wb32.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\program files\outlook express\msimn.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\outlook express\oemig50.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\outlook express\wab.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\outlook express\wabmig.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\program files\pamela\dmr.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\regcleaner\uninstall.exe
Status: Allocation size mismatch (API: 73728, Raw: 57344)

Path: c:\program files\lexmark x6100 series\fxsetutl.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\program files\thumbs7\cvt3.exe
Status: Allocation size mismatch (API: 57344, Raw: 32768)

Path: c:\program files\thumbs7\tpcmd.exe
Status: Allocation size mismatch (API: 86016, Raw: 61440)

Path: c:\program files\windows installer clean up\msicuu.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\program files\windows media connect 2\wmccds.exe
Status: Allocation size mismatch (API: 28672, Raw: 12288)

Path: c:\program files\windows media connect 2\wmccfg.exe
Status: Allocation size mismatch (API: 28672, Raw: 12288)

Path: c:\program files\windows media player\mplayer2.exe
Status: Allocation size mismatch (API: 24576, Raw: 8192)

Path: c:\program files\windows media player\wmpenc.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\program files\windows media player\wmpshare.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\program files\windows nt\hypertrm.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\program files\winrar\rarextloader.exe
Status: Allocation size mismatch (API: 69632, Raw: 45056)

Path: c:\program files\your uninstaller 2008\fos.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\windows\mui\muisetup.exe
Status: Allocation size mismatch (API: 110592, Raw: 94208)

Path: c:\windows\$ntuninstallwmp11$\setup_wm.exe
Status: Allocation size mismatch (API: 438272, Raw: 425984)

Path: c:\windows\msagent\agentsvr.exe
Status: Allocation size mismatch (API: 278528, Raw: 258048)

Path: c:\windows\$ntuninstallkb896358$\hh.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\windows\$ntuninstallkb896423$\spoolsv.exe
Status: Allocation size mismatch (API: 49152, Raw: 32768)

Path: c:\windows\$ntuninstallkb920213$\agentsvr.exe
Status: Allocation size mismatch (API: 188416, Raw: 172032)

Path: c:\windows\$ntuninstallkb925720$\narrator.exe
Status: Allocation size mismatch (API: 49152, Raw: 36864)

Path: c:\windows\$ntuninstallkb925720$\utilman.exe
Status: Allocation size mismatch (API: 40960, Raw: 32768)

Path: c:\windows\$ntuninstallkb938828$\explorer.exe
Status: Allocation size mismatch (API: 618496, Raw: 610304)

Path: c:\lxk6100\program\32\regsvr32.exe
Status: Allocation size mismatch (API: 57344, Raw: 40960)

Path: c:\lxk6100\program\32\setup32.exe
Status: Allocation size mismatch (API: 188416, Raw: 167936)

Path: c:\program files\installshield installation information\{43801800-cfee-11d2-a41b-006097b55ad3}\setup.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\program files\installshield installation information\{9b94be6f-7ca3-4c40-a266-62667ff746cc}\setup.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\installshield installation information\{f0a37341-d692-11d4-a984-009027ec0a9c}\setup.exe
Status: Allocation size mismatch (API: 155648, Raw: 135168)

Path: c:\program files\abbyy finereader 8.0 professional edition\scan\scanman.exe
Status: Allocation size mismatch (API: 1548288, Raw: 1527808)

Path: c:\program files\abbyy finereader 8.0 professional edition\support\ainfo.exe
Status: Allocation size mismatch (API: 794624, Raw: 774144)

Path: c:\program files\adobe\adobe device central cs4\logtransport2.exe
Status: Allocation size mismatch (API: 278528, Raw: 258048)

Path: c:\program files\adobe\adobe encore cs4\crashreporterapp.exe
Status: Allocation size mismatch (API: 442368, Raw: 421888)

Path: c:\program files\adobe\adobe encore cs4\gpusniffer.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\program files\adobe\adobe encore cs4\logtransport.exe
Status: Allocation size mismatch (API: 241664, Raw: 221184)

Path: c:\program files\adobe\adobe encore cs4\logtransport2.exe
Status: Allocation size mismatch (API: 278528, Raw: 258048)

Path: c:\program files\adobe\adobe encore cs4\photoshopserver.exe
Status: Allocation size mismatch (API: 90112, Raw: 69632)

Path: c:\program files\adobe\adobe extension manager cs4\replace.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\adobe\adobe media encoder cs4\crashreporterapp.exe
Status: Allocation size mismatch (API: 442368, Raw: 421888)

Path: c:\program files\adobe\adobe media encoder cs4\logtransport.exe
Status: Allocation size mismatch (API: 241664, Raw: 221184)

Path: c:\program files\adobe\adobe media encoder cs4\logtransport2.exe
Status: Allocation size mismatch (API: 278528, Raw: 258048)

Path: c:\program files\adobe\adobe media encoder cs4\photoshopserver.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\program files\adobe\adobe premiere pro cs4\crashreporterapp.exe
Status: Allocation size mismatch (API: 442368, Raw: 421888)

Path: c:\program files\adobe\adobe premiere pro cs4\gpusniffer.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\program files\adobe\adobe premiere pro cs4\importerprocessserver.exe
Status: Allocation size mismatch (API: 245760, Raw: 225280)

Path: c:\program files\adobe\adobe premiere pro cs4\logtransport.exe
Status: Allocation size mismatch (API: 241664, Raw: 221184)

Path: c:\program files\adobe\adobe premiere pro cs4\logtransport2.exe
Status: Allocation size mismatch (API: 278528, Raw: 258048)

Path: c:\program files\adobe\adobe premiere pro cs4\mpeghdvexport.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\program files\adobe\adobe premiere pro cs4\photoshopserver.exe
Status: Allocation size mismatch (API: 90112, Raw: 69632)

Path: c:\program files\adobe\adobe premiere pro cs4\pproheadless.exe
Status: Allocation size mismatch (API: 258048, Raw: 237568)

Path: c:\program files\adobe\adobe soundbooth cs4\crashreporterapp.exe
Status: Allocation size mismatch (API: 442368, Raw: 421888)

Path: c:\program files\adobe\adobe soundbooth cs4\gpusniffer.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\program files\adobe\adobe soundbooth cs4\logtransport.exe
Status: Allocation size mismatch (API: 241664, Raw: 221184)

Path: c:\program files\adobe\adobe soundbooth cs4\logtransport2.exe
Status: Allocation size mismatch (API: 278528, Raw: 258048)

Path: c:\program files\analog devices\soundmax\aeenable.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\program files\analog devices\soundmax\dlsloader.exe
Status: Allocation size mismatch (API: 126976, Raw: 106496)

Path: c:\program files\analog devices\soundmax\install.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\program files\analog devices\soundmax\remadi.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\program files\analog devices\soundmax\remove.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\program files\analog devices\soundmax\smagenti.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\program files\analog devices\soundmax\smagentx.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\program files\analog devices\soundmax\smtray.exe
Status: Allocation size mismatch (API: 163840, Raw: 143360)

Path: c:\program files\analog devices\soundmax\_iscppr.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\easeus\data recovery wizard professional 4.3.6\drw0.exe
Status: Allocation size mismatch (API: 5861376, Raw: 5840896)

Path: c:\program files\easeus\data recovery wizard professional 4.3.6\drwreport.exe
Status: Allocation size mismatch (API: 118784, Raw: 98304)

Path: c:\program files\easeus\data recovery wizard professional 4.3.6\officeviewer.exe
Status: Allocation size mismatch (API: 368640, Raw: 348160)

Path: c:\program files\easeus\data recovery wizard professional 4.3.6\rdfcheck.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\program files\google\google earth\earthflashsol.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\program files\google\google earth\googleearth.exe
Status: Allocation size mismatch (API: 17977344, Raw: 17956864)

Path: c:\program files\google\google earth\gpsbabel.exe
Status: Allocation size mismatch (API: 520192, Raw: 487424)

Path: c:\program files\msecache\wicu3\msicuu.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\program files\msecache\wicu3\msizapa.exe
Status: Allocation size mismatch (API: 102400, Raw: 81920)

Path: c:\program files\msecache\wicu3\msizapu.exe
Status: Allocation size mismatch (API: 114688, Raw: 98304)

Path: c:\program files\msn gaming zone\windows\bckgzm.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\program files\msn gaming zone\windows\chkrzm.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\program files\msn gaming zone\windows\hrtzzm.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\program files\msn gaming zone\windows\rvsezm.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\program files\msn gaming zone\windows\shvlzm.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\program files\msn gaming zone\windows\zclientm.exe
Status: Allocation size mismatch (API: 57344, Raw: 40960)

Path: c:\program files\intuit\quickbooks 2008\support.exe
Status: Allocation size mismatch (API: 245760, Raw: 225280)

Path: c:\program files\intuit\quickbooks 2008\install.exe
Status: Allocation size mismatch (API: 241664, Raw: 221184)

Path: c:\program files\intuit\quickbooks 2008\dbmlsync.exe
Status: Allocation size mismatch (API: 225280, Raw: 204800)

Path: c:\program files\vuze\.install4j\i4jdel.exe
Status: Allocation size mismatch (API: 24576, Raw: 8192)

Path: c:\program files\western digital corporation\data lifeguard diagnostic for windows\windlg.exe
Status: Allocation size mismatch (API: 815104, Raw: 794624)

Path: c:\program files\western digital technologies\diagnostics\windlg.exe
Status: Allocation size mismatch (API: 802816, Raw: 782336)

Path: c:\program files\windows nt\pinball\pinball.exe
Status: Allocation size mismatch (API: 303104, Raw: 282624)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0000003.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0000008.exe
Status: Allocation size mismatch (API: 241664, Raw: 221184)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0000020.exe
Status: Allocation size mismatch (API: 335872, Raw: 319488)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0000021.exe
Status: Allocation size mismatch (API: 237568, Raw: 217088)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0000027.exe
Status: Allocation size mismatch (API: 180224, Raw: 159744)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001076.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001077.exe
Status: Allocation size mismatch (API: 204800, Raw: 184320)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001078.exe
Status: Allocation size mismatch (API: 24576, Raw: 4096)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001079.exe
Status: Allocation size mismatch (API: 36864, Raw: 20480)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001080.exe
Status: Allocation size mismatch (API: 278528, Raw: 258048)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001081.exe
Status: Allocation size mismatch (API: 118784, Raw: 98304)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001082.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001083.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001084.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001085.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001086.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001087.exe
Status: Allocation size mismatch (API: 45056, Raw: 28672)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001088.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001089.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001090.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001091.exe
Status: Allocation size mismatch (API: 36864, Raw: 20480)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001109.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001127.exe
Status: Allocation size mismatch (API: 57344, Raw: 32768)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001145.exe
Status: Allocation size mismatch (API: 126976, Raw: 106496)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001163.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001181.exe
Status: Allocation size mismatch (API: 245760, Raw: 225280)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001199.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001092.exe
Status: Allocation size mismatch (API: 65536, Raw: 45056)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001093.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001094.exe
Status: Allocation size mismatch (API: 159744, Raw: 139264)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001095.exe
Status: Allocation size mismatch (API: 24576, Raw: 8192)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001096.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001097.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001098.exe
Status: Allocation size mismatch (API: 135168, Raw: 114688)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001099.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001102.exe
Status: Allocation size mismatch (API: 6402048, Raw: 6385664)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001103.exe
Status: Allocation size mismatch (API: 1732608, Raw: 1712128)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001104.exe
Status: Allocation size mismatch (API: 1130496, Raw: 1110016)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001105.exe
Status: Allocation size mismatch (API: 77824, Raw: 49152)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001106.exe
Status: Allocation size mismatch (API: 36864, Raw: 12288)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001107.exe
Status: Allocation size mismatch (API: 1093632, Raw: 1073152)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001108.exe
Status: Allocation size mismatch (API: 4837376, Raw: 4820992)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001110.exe
Status: Allocation size mismatch (API: 106496, Raw: 86016)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001111.exe
Status: Allocation size mismatch (API: 327680, Raw: 307200)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001112.exe
Status: Allocation size mismatch (API: 1732608, Raw: 1712128)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001113.exe
Status: Allocation size mismatch (API: 36864, Raw: 16384)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001114.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001115.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001116.exe
Status: Allocation size mismatch (API: 86016, Raw: 65536)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001117.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001118.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001119.exe
Status: Allocation size mismatch (API: 32768, Raw: 12288)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001120.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001121.exe
Status: Allocation size mismatch (API: 81920, Raw: 61440)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001122.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001123.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001124.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001125.exe
Status: Allocation size mismatch (API: 73728, Raw: 57344)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001126.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001128.exe
Status: Allocation size mismatch (API: 86016, Raw: 61440)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001129.exe
Status: Allocation size mismatch (API: 61440, Raw: 40960)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001130.exe
Status: Allocation size mismatch (API: 28672, Raw: 12288)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001131.exe
Status: Allocation size mismatch (API: 28672, Raw: 12288)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001132.exe
Status: Allocation size mismatch (API: 24576, Raw: 8192)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001133.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001134.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001135.exe
Status: Allocation size mismatch (API: 49152, Raw: 28672)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001136.exe
Status: Allocation size mismatch (API: 69632, Raw: 45056)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001137.exe
Status: Allocation size mismatch (API: 53248, Raw: 32768)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001138.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001139.exe
Status: Allocation size mismatch (API: 57344, Raw: 36864)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001140.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001141.exe
Status: Allocation size mismatch (API: 49152, Raw: 32768)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001142.exe
Status: Allocation size mismatch (API: 114688, Raw: 94208)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001143.exe
Status: Allocation size mismatch (API: 110592, Raw: 94208)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001144.exe
Status: Allocation size mismatch (API: 40960, Raw: 20480)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001146.exe
Status: Allocation size mismatch (API: 794624, Raw: 774144)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001147.exe
Status: Allocation size mismatch (API: 229376, Raw: 208896)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001148.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001149.exe
Status: Allocation size mismatch (API: 278528, Raw: 258048)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001150.exe
Status: Allocation size mismatch (API: 77824, Raw: 61440)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001151.exe
Status: Allocation size mismatch (API: 98304, Raw: 77824)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001152.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001153.exe
Status: Allocation size mismatch (API: 278528, Raw: 258048)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001154.exe
Status: Allocation size mismatch (API: 45056, Raw: 24576)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001155.exe
Status: Allocation size mismatch (API: 94208, Raw: 73728)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001156.exe
Status: Allocation size mismatch (API: 73728, Raw: 57344)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001157.exe
Status: Allocation size mismatch (API: 237568, Raw: 217088)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001158.exe
Status: Allocation size mismatch (API: 73728, Raw: 53248)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001159.exe
Status: Allocation size mismatch (API: 1052672, Raw: 1032192)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001160.exe
Status: Allocation size mismatch (API: 126976, Raw: 106496)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001161.exe
Status: Allocation size mismatch (API: 57344, Raw: 40960)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001162.exe
Status: Allocation size mismatch (API: 188416, Raw: 167936)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001164.exe
Status: Allocation size mismatch (API: 69632, Raw: 49152)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001165.exe
Status: Allocation size mismatch (API: 155648, Raw: 135168)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001166.exe
Status: Allocation size mismatch (API: 1548288, Raw: 1527808)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001167.exe
Status: Allocation size mismatch (API: 794624, Raw: 774144)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001168.exe
Status: Allocation size mismatch (API: 278528, Raw: 258048)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001169.exe
Status: Allocation size mismatch (API: 442368, Raw: 421888)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001170.exe
Status: Allocation size mismatch (API: 28672, Raw: 8192)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001171.exe
Status: Allocation size mismatch (API: 241664, Raw: 221184)

Path: c:\system volume information\_restore{0b98414b-224f-4946-9e1d-240cb1847acf}\rp1\a0001172.exe
Status: AllocaSSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecad72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9eab9a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xb9eabb98

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecb568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecb820

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xb9ec9a80

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecbc8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xb9ecb036

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xb9eab656

==EOF==

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:47 AM

Posted 30 October 2009 - 05:26 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %systemdrive%\*.exe
    %systemroot%\system32\drivers\*.sys


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 jamalone

jamalone
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 31 October 2009 - 10:01 PM

Hey Sam,

Thanks for the reply. I got so sick of not being able to fix this myself and after reading about the potential banking trojan risks I took out the drive to save my data files onto a portable thru my laptop and lo and behold the laptop got it. Needless to say I was &^^%%$$, so reformated both computers and didnt copy over any exe,html,zip or rar. So far so good. Thanks again for your trouble, you can close this post if need be.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:47 AM

Posted 01 November 2009 - 09:36 AM

Sounds good. Thanks for following up with me. :(

This topic will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users