Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer.exe keeps crashing most applications corrupt cant really start up safe mode doesnt work


  • This topic is locked This topic is locked
7 replies to this topic

#1 wowser8

wowser8

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 12 December 2009 - 10:55 PM

Well there was a hacker in my computera trojan. Now i think he just messed up my registry cus when i try to log in explorer.exe doesnt start and when i start it it crashes after like 30 seconds. Most applications dont work i cant do anything. System restore doesnt work and before this happened i remember my stop zilla removed some haxdoor and hijack thing s tuff like that... Basicaly my computer is unusable and this makes me very mad. Hes been messing with all my stuff please help

PLEASE

:thumbsup: :flowers: :trumpet: :inlove: :huh: :huh: B)

EDIT: replaced it with a new explorer.exe kinda works but icons dont show up on tray and when i try to open something it closes and my internet doesnt work... spybot scan got a keylogger and trojan and stopzilla got more hijackers/trojan. basically the computer is uselesss B)!@!@!$

tried scf /scannow didnt have windows xp professional SP 2 so i tried some torrents and burned them to a cd. didnt register as the windows xp sp2 cd tho =\ so didnt work

Edited by wowser8, 13 December 2009 - 05:42 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:57 PM

Posted 14 December 2009 - 09:07 PM

Can you get into safe mode w/networking?
Do you have a thumb drive or another computer with a CD burner to download some tools

Maybe try these


The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware Free version and save it to your desktop.

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.


alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
---------------------------
Be sure to re-enable your AV and malware scan tools if they were disabled

=============================


We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 wowser8

wowser8
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 15 December 2009 - 12:24 AM

Ill try and do this stuff tomorrow. I have to go to bed but il try to get into safe mode with networking but i doubt it will be able to connect to the internet. I do have another comp im using it write now to type this and it does have a cd burner and i have a flash drive so i will try and do all these things tomorrow okay? ill post results then. Thanks for helping me.

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:57 PM

Posted 15 December 2009 - 07:50 PM

No problem
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 wowser8

wowser8
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 15 December 2009 - 10:36 PM

My comp wont connect to the internet at all not even in safe mode with networking so should i just install mbam on my flasdrive and run it on my computer from the flashdrive?

#6 wowser8

wowser8
  • Topic Starter

  • Members
  • 103 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 16 December 2009 - 01:38 AM

root repeal log: ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/16 00:34
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6D78000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C6D000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP3960
Image Path: \Driver\PCI_PNP3960
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF6303000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spwe.sys
Image Path: spwe.sys
Address: 0xF75EC000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: srescan.sys
Image Path: srescan.sys
Address: 0xF73B5000 Size: 81920 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\PIF\PIF
Status: Locked to the Windows API!

Path: C:\WINDOWS\addins\addins
Status: Locked to the Windows API!

Path: C:\WINDOWS\ftpcache\ftpcache
Status: Locked to the Windows API!

Path: C:\WINDOWS\Connection Wizard\Connection Wizard
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB925902\KB925902
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB928090\KB928090
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB928255\KB928255
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB928843\KB928843
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB929123\KB929123
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB929338\KB929338
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB930178\KB930178
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB931768\KB931768
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB931784\KB931784
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB932168\KB932168
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB933566\KB933566
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB933729\KB933729
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB935839\KB935839
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB936021\KB936021
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB936357\KB936357
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB937143\KB937143
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB938127\KB938127
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB938828\KB938828
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB938829\KB938829
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB939653\KB939653
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB941202\KB941202
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB941568\KB941568
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB941644\KB941644
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB941693\KB941693
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB942615\KB942615
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB943460\KB943460
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB943485\KB943485
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB944533\KB944533
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB945553\KB945553
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB947864\KB947864
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB948590\KB948590
Status: Locked to the Windows API!

Path: C:\WINDOWS\Registration\CRMLog\CRMLog
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp98\imejp98
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\classes\classes
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\trustlib\trustlib
Status: Locked to the Windows API!

Path: C:\WINDOWS\security\logs\logs
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Status: Locked to the Windows API!

Path: C:\WINDOWS\msapps\msinfo\msinfo
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\tmp\tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Temp\Temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\authcabs\Downloaded\Downloaded
Status: Locked to the Windows API!

Path: C:\WINDOWS\Sun\Java\Deployment\Deployment
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temporary Internet Files\Content.IE5\ARWTY56X\ARWTY56X
Status: Locked to the Windows API!

Path: C:\WINDOWS\Temporary Internet Files\Content.IE5\OPEBKL63\OPEBKL63
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\chsime\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\CHTIME\Applets\Applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imjp8_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\dicts\dicts
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\shared\res\res
Status: Locked to the Windows API!

Path: C:\WINDOWS\repair\Backup\BootableSystemState\BootableSystemState
Status: Locked to the Windows API!

Path: C:\WINDOWS\repair\Backup\ServiceState\ServiceState
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Config\News\News
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP450.tmp\ZAP450.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP996.tmp\ZAP996.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\17400AB28230347339DBAF1833357A38\3.1.21022\3.1.21022
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022\2.1.21022
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Burt\Local Settings\Apps\2.0\CETJ3JHP.ALQ\JWB4PRBY.9YX\manifests\Frolt Entertainment - SMS Bomber 360.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Burt\Local Settings\Apps\2.0\CETJ3JHP.ALQ\JWB4PRBY.9YX\manifests\Frolt Entertainment - SMS Bomber 360.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Burt\Local Settings\Apps\2.0\CETJ3JHP.ALQ\JWB4PRBY.9YX\manifests\Frolt Entertainment SMS Bomber.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Burt\Local Settings\Apps\2.0\CETJ3JHP.ALQ\JWB4PRBY.9YX\manifests\Frolt Entertainment SMS Bomber.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Burt\Local Settings\Apps\2.0\CETJ3JHP.ALQ\JWB4PRBY.9YX\manifests\PkIsle X.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Burt\Local Settings\Apps\2.0\CETJ3JHP.ALQ\JWB4PRBY.9YX\manifests\PkIsle X.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f75c80

#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf74f7e52

#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f8d900

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f8db10

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f91b10

#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f76210

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf74f8640

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf74f88f4

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f8d280

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spwe.sys" at address 0xf760bca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spwe.sys" at address 0xf760c030

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f90f10

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f90f90

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f76070

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf74f6b44

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f8f180

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f8ef40

#: 160 Function Name: NtQueryKey
Status: Hooked by "spwe.sys" at address 0xf760c108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spwe.sys" at address 0xf760bf88

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf74f8d60

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f91150

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f91540

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f79190

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f76440

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf74f8112

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f8e200

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f8e080

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x873701f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x86e581f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x8734e1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x872141f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x872141f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x872141f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x872141f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x872141f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x872141f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x872141f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x872141f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x872141f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x872141f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x872141f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x8647f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x8647f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x8647f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x8647f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8647f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8647f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x8647f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8647f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x8647f1f8 Size: 121

Object: Hidden Code [Driver: ay5lpnn2ȅం扏楄艀셨蜳Ȃ剒敬ȁఆ剒敬, IRP_MJ_CREATE]
Process: System Address: 0x871df1f8 Size: 121

Object: Hidden Code [Driver: ay5lpnn2ȅం扏楄艀셨蜳Ȃ剒敬ȁఆ剒敬, IRP_MJ_CLOSE]
Process: System Address: 0x871df1f8 Size: 121

Object: Hidden Code [Driver: ay5lpnn2ȅం扏楄艀셨蜳Ȃ剒敬ȁఆ剒敬, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871df1f8 Size: 121

Object: Hidden Code [Driver: ay5lpnn2ȅం扏楄艀셨蜳Ȃ剒敬ȁఆ剒敬, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x871df1f8 Size: 121

Object: Hidden Code [Driver: ay5lpnn2ȅం扏楄艀셨蜳Ȃ剒敬ȁఆ剒敬, IRP_MJ_POWER]
Process: System Address: 0x871df1f8 Size: 121

Object: Hidden Code [Driver: ay5lpnn2ȅం扏楄艀셨蜳Ȃ剒敬ȁఆ剒敬, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x871df1f8 Size: 121

Object: Hidden Code [Driver: ay5lpnn2ȅం扏楄艀셨蜳Ȃ剒敬ȁఆ剒敬, IRP_MJ_PNP]
Process: System Address: 0x871df1f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x873421f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x873421f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x873421f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x873421f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873421f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873421f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873421f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873421f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x873421f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873421f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x873421f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x872311f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x872311f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x872311f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x872311f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x872311f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x872311f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x872311f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x871b61f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x871b61f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871b61f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x871b61f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x871b61f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x871b61f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x871b61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8734c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8734c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8734c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8734c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8734c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8734c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8734c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8734c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8734c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8734c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8734c1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8706e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x86edd1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_CREATE]
Process: System Address: 0x86e80500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_CLOSE]
Process: System Address: 0x86e80500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_READ]
Process: System Address: 0x86e80500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86e80500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86e80500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86e80500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86e80500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86e80500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e80500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86e80500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86e80500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_CLEANUP]
Process: System Address: 0x86e80500 Size: 121

Object: Hidden Code [Driver: Cdfs؅ఄ灐†kbdhid.sysF, IRP_MJ_PNP]
Process: System Address: 0x86e80500 Size: 121

Shadow SSDT
-------------------
#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f77e70

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f77f20

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f77fe0

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f76d60

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\System32\vsdatant.sys" at address 0xf6f78250

==EOF==






Mbam log: It wouldnt give me the removal log when i restarted cus when i start up its all messed up but im pretty sure it removed it all and the runescape thing was just a test virus i made to try and remove =\ so that shouldnt be a problem.




Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

12/16/2009 1:21:58 AM
mbam-log-2009-12-16 (01-21-19).txt

Scan type: Quick Scan
Objects scanned: 111324
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\smartshopper.hbax (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smartshopper.hbax.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smartshopper.hbinfoband (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smartshopper.hbinfoband.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smartshopper.iebutton (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smartshopper.iebutton.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smartshopper.iebuttona (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smartshopper.iebuttona.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smartshopper.iebuttonb (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smartshopper.iebuttonb.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smartshopper.smrtshprctl (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smartshopper.smrtshprctl.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{08aa0598-6a23-4364-9bf4-6d5f57f42993} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c7f127df-8877-4e1e-a196-fbbecbc5bc6d} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cb0d9d8c-535e-4352-ba8f-65c3c8676612} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5jf-4fcb-11cf-aaa5-00401c6xx500} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SmartShopper (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\SmartShopper (Adware.SmartShopper) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\addins\addins (Trojan.Agent) -> No action taken.

Files Infected:
C:\WINDOWS\system32\RuneScapeGoldHackV7.exe (Trojan.Downloader) -> No action taken.

#7 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:57 PM

Posted 16 December 2009 - 06:53 PM

No action taken.

Are you checking the Remove Selected box at the end of the mbam scan??


Now that you were successful in creating a Root Repeal log you need to post it in our HJT forum There they will help you with the removal through some custom scripts and programs that we cannot run here in this forum

First, try to run a DDS / HJT log as outlined in our preparation guide:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If it won't run, don't worry, just give a brief description and tell them that this log was all you could get to run successfully

Post them here:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,807 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:57 PM

Posted 17 December 2009 - 08:55 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/279392/nasty-virus-making-computer-useless/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users