Jump to content

Recommended Posts

ROOTREPEAL © AD, 2007-2008

==================================================

Scan Time: 2009/03/09 23:24

Program Version: Version 1.2.3.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xEFC54000 Size: 98304 File Visible: No

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF8BD3000 Size: 8192 File Visible: No

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xEF54E000 Size: 45056 File Visible: No

Status: -

Hidden/Locked Files

-------------------

Path: C:\WINDOWS\WindowsUpdate.log

Status: Size mismatch (API: 543111, Raw: 541964)

Path: C:\WINDOWS\SoftwareDistribution\ReportingEvents.log

Status: Size mismatch (API: 835524, Raw: 835070)

Path: C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG

Status: Size mismatch (API: 1024, Raw: 24576)

Path: C:\WINDOWS\SoftwareDistribution\Download\f9a482c6548f5fe0d3c6095f8a2de4fc

Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\6468021b2765d1cbe95cbb4632ff65b7

Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\e32e42b86ada41fe0c947743c71f222c

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\SoftwareDistribution\Download\f9a482c6548f5fe0d3c6095f8a2de4fc\_downloadprogress_.state

Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\f9a482c6548f5fe0d3c6095f8a2de4fc\_useselfcontained_.state

Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\f9a482c6548f5fe0d3c6095f8a2de4fc\BIT1.TMP

Status: Invisible to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\6468021b2765d1cbe95cbb4632ff65b7\_downloadprogress_.state

Status: Invisible to the Windows API!

also

23:25:11: Could not enumerate files in dir '\\?\C:\WINDOWS\SoftwareDistribution\Download\f9a482c6548f5fe0d3c6095f8a2de4fc\*' with the Windows API! Error code - 0x00000003

23:25:11: Could not enumerate files in dir '\\?\C:\WINDOWS\SoftwareDistribution\Download\6468021b2765d1cbe95cbb4632ff65b7\*' with the Windows API! Error code - 0x00000003

23:25:11: Could not enumerate files in dir '\\?\C:\WINDOWS\SoftwareDistribution\Download\704dacb1466b612a883116cd01445169\*' with the Windows API! Error code - 0x00000003

Link to post
Share on other sites

  • Root Admin

Hello Tyler. I'm sorry but you can't just wait a month and post a log like that. Malware and Viruses alter and change daily and information needs to be up to date.

STEP 01

Update and Scan with Malwarebytes' Anti-Malware

  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update

    [*]When the update is complete, select the Scanner tab

    [*]Select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is checked, and click Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log and a new Hijackthis log.

STEP 02

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:

  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

STEP 03

    Please create a BOOTLOG
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.