Jump to content

Jackpumpkinhead

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. UPDATE! okay so i like to fiddle around until i can fix problems myself (See my last post) but this one is still giving me trouble i decided to try running in safe mode and that worked and there were no errors from "security tool" (sorry it was a misprint earlier) so i ran malwarebytes malwarebytes found 10 problems, so i removed them and rebooted everything seemed fine but i just wasnt convinced because when i tried to run mbam it wouldnt run so i tried to uninstall and reinstall mbam but i kept getting these errors when i tried to reinstall first then after canceling this i got this error so i press okay (since its the only option) and i got this error so i ran another malware catching program SuperAntiSpyware (which by the way has an option to prevent hijacking programs from stopping it from running) after running this i got several infected files and i removed them and rebooted then just to be sure i ran a full scan or deep scan with SAS and it found a few more infected files and i again i removed and rebooted but this time the "Security Tool" virus was back with a vengeance!!! argh! all of my icons on the desktop were gone, my background was reset to to the default of blue (bleh) and i was completely locked out of everything that i clicked on from the start menu and trusty old Ctrl+Alt+Delete (ie taskmanager) received and error from "Security Tool" warning me that it was a malicious program trying to connect to the internet and give out my credit card info which is a total lie because i have never bought anything online from this computer to make matters worse this error and ones similar continued to rear their ugly head and bombard my desktop with errors and false virus software checks i would like to remind you that at this point in the evening it was about 3:00AM and frustration was starting to get the best of me so i tried one last thing before i turned in for the night i tried SuperAntiSpyware and lo and behold it worked turns out the option to prevent hijacking viruses and malware from stopping it from running worked SAS was able to find 14 infected files so for what i hoped would be the last time i removed and rebooted and my icons were back and the "Security Tool" virus seemed to be gone there werent anymore fake virus scans or warnings that my credit info was going to be stolen which told me that SAS worked and removed what was causing me trouble but just to be sure i tried installing mbam once more (because malwarebytes is the standard by which all spyware/malware/virus removal software is set in my opinion) i still got the SQL errors but this time no "Unable to Execute file:" error and malwarbytes started up, updated, and ran without a hitch! it was able to detect and additional 12 more problems so for a billionth time i removed and rebooted there was still no sign of "Security Tool" though i did get this error on startup of windows i dont know what this means and i hope that mbam didnt delete some dll file that i need regardless my pc is running okay but before i left for work this morning i ran a full scan of my system with mbam it is probably still running as i write this but hopefully it comes back with no problems i would like to post a new hijackthis log and rootrepeal report for review just to be sure that there are no problems so when i get home tonight i will post them for the "masters of spyware removal" to review please dont ignore this post and help a man in disparate need of help and i would love to get some much needed sleep tonight Thanx alot
  2. here is my hijack this log file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:16:31 PM, on 10/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\iNet Protector\iprotect.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\rundll32.exe d:\Program Files\iNet Protector\IProtectorService.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Harris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Harris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abc.go.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O1 - Hosts: 91.212.127.220 intsecure.microsoft.com O1 - Hosts: 91.212.127.220 intsecure-2009.com O1 - Hosts: 91.212.127.220 www.intsecure-2009.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [inetprot] "d:\Program Files\iNet Protector\iprotect.exe" tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "d:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\DOCUME~1\Harris\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup:
  3. also when i go to install malwarebytes it says that it can't execute the mbam.exe file please help asap!!!!!
  4. well once again i am in a very bad place i got the infamous "system tools" bug and was unable to run mbam.exe and there were no .sys files to wipe with rootrepeal so i started up in safe mode and was able to rum mbam but now it wont update so i tried redownloading it and when malwarebytes tries to register the product i get a SQL error i uninstalled malwarebytes so now i dont even have that i am in desparate need of help here is my rootrepeal report in its entirety ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/08 21:00 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: a8qj9j39.SYS Image Path: C:\WINDOWS\System32\Drivers\a8qj9j39.SYS Address: 0xB90B5000 Size: 421888 File Visible: No Signed: - Status: - Name: mchInjDrv.sys Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys Address: 0xBAEF4000 Size: 2560 File Visible: No Signed: - Status: - Name: PCI_NTPNP1660 Image Path: \Driver\PCI_NTPNP1660 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB5EDA000 Size: 49152 File Visible: No Signed: - Status: - Name: simoq.sys Image Path: simoq.sys Address: 0xBA8A8000 Size: 61440 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: c:\documents and settings\harris\local settings\temp\etilqs_fksepbpw29hfjirfiqam Status: Allocation size mismatch (API: 8192, Raw: 0) Path: c:\documents and settings\harris\local settings\temp\etilqs_gnx60hnonextkkwqgrsa Status: Allocation size mismatch (API: 32768, Raw: 0) Path: c:\documents and settings\harris\local settings\application data\google\chrome\user data\default\current session Status: Size mismatch (API: 221307, Raw: 221296) Path: C:\Documents and Settings\Harris\Local Settings\Apps\2.0\XNXB9WD5.H5O\LBZTZ4C2.VQ5\manifests\clickonce_bootstrap.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Harris\Local Settings\Apps\2.0\XNXB9WD5.H5O\LBZTZ4C2.VQ5\manifests\clickonce_bootstrap.exe.manifest Status: Locked to the Windows API! SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "sptd.sys" at address 0xba6be0d0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "sptd.sys" at address 0xba6c3fb2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sptd.sys" at address 0xba6c4340 #: 119 Function Name: NtOpenKey Status: Hooked by "sptd.sys" at address 0xba6be0b0 #: 160 Function Name: NtQueryKey Status: Hooked by "sptd.sys" at address 0xba6c4418 #: 177 Function Name: NtQueryValueKey Status: Hooked by "sptd.sys" at address 0xba6c4298 #: 247 Function Name: NtSetValueKey Status: Hooked by "sptd.sys" at address 0xba6c44aa Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8a7df1e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x8a6e11e8 Size: 121 Object: Hidden Code [Driver: a8qj9j39Ѕ扏煓쥰荈Ђఉ瑁䅭፨g쁧, IRP_MJ_CREATE] Process: System Address: 0x8a63e5f8 Size: 121 Object: Hidden Code [Driver: a8qj9j39Ѕ扏煓쥰荈Ђఉ瑁䅭፨g쁧, IRP_MJ_CLOSE] Process: System Address: 0x8a63e5f8 Size: 121 Object: Hidden Code [Driver: a8qj9j39Ѕ扏煓쥰荈Ђఉ瑁䅭፨g쁧, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a63e5f8 Size: 121 Object: Hidden Code [Driver: a8qj9j39Ѕ扏煓쥰荈Ђఉ瑁䅭፨g쁧, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a63e5f8 Size: 121 Object: Hidden Code [Driver: a8qj9j39Ѕ扏煓쥰荈Ђఉ瑁䅭፨g쁧, IRP_MJ_POWER] Process: System Address: 0x8a63e5f8 Size: 121 Object: Hidden Code [Driver: a8qj9j39Ѕ扏煓쥰荈Ђఉ瑁䅭፨g쁧, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a63e5f8 Size: 121 Object: Hidden Code [Driver: a8qj9j39Ѕ扏煓쥰荈Ђఉ瑁䅭፨g쁧, IRP_MJ_PNP] Process: System Address: 0x8a63e5f8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8a5905d0 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8a5905d0 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8a5905d0 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8a5905d0 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a5905d0 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a5905d0 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a5905d0 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a5905d0 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x8a5905d0 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a5905d0 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x8a5905d0 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x8a84f1e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x8a84f1e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x8a84f1e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x8a84f1e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a84f1e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a84f1e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a84f1e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a84f1e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x8a84f1e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a84f1e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x8a84f1e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x8a646790 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x8a646790 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a646790 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a646790 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x8a646790 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a646790 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x8a646790 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x8a7e11e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x8a7e11e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x8a7e11e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a7e11e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a7e11e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a7e11e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a7e11e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x8a7e11e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x8a7e11e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a7e11e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x8a7e11e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x8a11f5f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x8a11f5f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a11f5f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a11f5f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x8a11f5f8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x8a11f5f8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x8a63b790 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x8a63b790 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a63b790 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a63b790 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x8a63b790 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a63b790 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x8a63b790 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x8a09e1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_CREATE] Process: System Address: 0x8a5f4470 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_CLOSE] Process: System Address: 0x8a5f4470 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_READ] Process: System Address: 0x8a5f4470 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a5f4470 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a5f4470 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a5f4470 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a5f4470 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a5f4470 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a5f4470 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a5f4470 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a5f4470 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_CLEANUP] Process: System Address: 0x8a5f4470 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ汇䁡ख䰐, IRP_MJ_PNP] Process: System Address: 0x8a5f4470 Size: 121 Hidden Services ------------------- Service Name: geyekrbburmnmj Image Path: C:\WINDOWS\system32\drivers\geyekrnxayqpcs.sys ==EOF== RootRepeal_report_10_08_09__21_19_43_.txt
  5. never mind i just went ahead and wiped it and it worked thanx anyway
  6. sorry i am not meaning to bump this but i just read my post a wrote it really late last night and i don't think that i made myself clear or not my question is if UACkroyonlind.sys is what i needed to wipe also, and i don't know if the report shows this or not, but i am running a program called inet protector it is a program that allows me to disable the internet when i am not using it it prevents my kids from accessing the computer when i am not home some anti-virus programs register this as a virus but it isn't i didn't know if inet protector would show up or not in the report if so i want to avoid doing anything that will mess that up thanx again
  7. Okay here is my Original Post So i followed the Steps as i was told i think i know which .sys to wipe but i wanted to post here first just to be sure i think its UACkroyonlind.sys what do you all think and then after wiping this file do i run malwarebytes? or will i be able to install it thanx for the help RootRepeal_report_08_18_09.txt
  8. okay i have the free version of mbam and i recently got an error of rasvsnet.tmp couldn't run so i figured i had picked up some maleware somewhere so i tried to run malewarebytes and nadda the thing wouldn't run i opened up task manager and it says the mbam.exe is running in the process section but not in the applications section so i tried redownloading it and running it but again nothing it wouldn't even run the setup so i thought it was a bad download so i red/led it which renamed it "malwarebytes-setup(1).exe" because i d/led it to the same place as the other one this "malwarebytes-setup(1).exe" ran okay until the extraction part and then it hung up so i stopped it and came here where i was told to run hijackthis so i d/led hijackthis and tried to run it and again nothing happens i am ready to tear my hair out and i am sure i still have spyware please help i want to be able to run malwarebytes again!!! thanx
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.