Very very bad virus, malware need help

January 29, 2010 at 17:17:53
Specs: Windows Vista
Okay, so a while back i was trying to watch a video on Google video and i was dumb enough to download some fake flashplayer that they said i needed to watch it(im a very smart person that was just bad judgement) so i did, and this virus has been affecting me for months! The only (and i mean only) type of virus protection that somewhat works is ZoneAlarm Firewall(which blocks the outgoing emails that are being sent so my internet doesn't get shut off) I've downloaded them all. I've downloaded MalwareBytes and HJT but whenever I try to use them they instantly crash my comp. I'm running in safe mode right now, mainly because It takes 5 times as long to get the BSOD then on normal mode which usually gets the BSOD within 30 minutes. Im getting very sick of the virus because there is absoleutly nothing i can do!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I have a an Attach.txt log and a DDS.txt log and also a RootRepeal.txt log which just said it found 4 stealth objects and a hidden service...Whenever i try to use google it redirects me also, i'm running on vista, need any more info please ask! Thanks for the help i appreciate it.

See More: Very very bad virus, malware need help

Report •


#1
January 29, 2010 at 17:24:52
RootRepealReport 01-29-10 (20-13-07).txt
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/29 20:00
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8A391000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8A386000 Size: 45056 File Visible: No Signed: -
Status: -

Name: MSIVXiktynyrpsthoxcpugusttrptymosxpdi.sys
Image Path: C:\Windows\system32\drivers\MSIVXiktynyrpsthoxcpugusttrptymosxpdi.sys
Address: 0x899C9000 Size: 176128 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x92886000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{af68d28e-60d6-11de-8024-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{af68d294-60d6-11de-8024-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{af68d2bf-60d6-11de-8024-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{af68d2cf-60d6-11de-8024-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{af68d2dc-60d6-11de-8024-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{af68d2ee-60d6-11de-8024-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6b54f5d7-5706-11de-bb15-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{af68d27d-60d6-11de-8024-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d5ea9bb9-6524-11de-9ea0-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{651fd96c-67d9-11de-94f3-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6b54f5e6-5706-11de-bb15-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6b54f5f6-5706-11de-bb15-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6b54f606-5706-11de-bb15-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6b54f610-5706-11de-bb15-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6b54f622-5706-11de-bb15-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6b54f62b-5706-11de-bb15-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{766305f0-68ff-11de-ae24-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{76630604-68ff-11de-ae24-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{76630613-68ff-11de-ae24-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7663061c-68ff-11de-ae24-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7663062e-68ff-11de-ae24-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d5ea9bd7-6524-11de-9ea0-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e1d0ebe6-6052-11de-8ec3-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e6b31458-65ed-11de-8e30-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e6b3146c-65ed-11de-8e30-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ecf6dcea-6722-11de-9e1d-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ecf6dcf7-6722-11de-9e1d-001bb9e78e25}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\MSIVXcount
Status: Invisible to the Windows API!

Path: C:\Windows\System32\MSIVXdtdniiryxnieipxpqmwperpuxcvuvybt.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\MSIVXvtwdievhcpsvvdacvnuikpnxeknbfhaf.dll
Status: Invisible to the Windows API!

Path: c:\windows\temp\tmp000000130d39f77add72f0f3
Status: Allocation size mismatch (API: 524288, Raw: 0)

Path: c:\windows\internet logs\fwpktlog.txt
Status: Allocation size mismatch (API: 32768, Raw: 4096)

Path: C:\Windows\System32\drivers\MSIVXiktynyrpsthoxcpugusttrptymosxpdi.sys
Status: Invisible to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_99b61f5e8371c1d4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_3da38fdebd0e6822.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16721_none_400572c0c425beea\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20885_none_4052312bdd706bb6\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18000_none_42004f0ec13d017b\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18112_none_41f7819cc1434d41\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\$$DeleteMe.BFE.DLL.01ca4525dabfdb9c.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\$$DeleteMe.FWPUCLNT.DLL.01ca4525daa5a1be.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd246fe92a8ad809\$$DeleteMe.IKEEXT.DLL.01ca4525dad7b320.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22233_none_426c7ed9da703e44\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22299_none_4231a10dda9b7df4\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows.old\Users\Administrator\Application Data
Status: Locked to the Windows API!

Path: C:\Windows.old\Users\Administrator\Cookies
Status: Locked to the Windows API!

Path: C:\Windows.old\Users\Administrator\Local Settings
Status: Locked to the Windows API!

Path: C:\Windows.old\Users\Administrator\My Documents
Status: Locked to the Windows API!

Path: C:\Windows.old\Users\Administrator\NetHood
Status: Locked to the Windows API!

Path: C:\Windows.old\Users\Administrator\PrintHood
Status: Locked to the Windows API!

Path: C:\Windows.old\Users\Administrator\Recent
Status: Locked to the Windows API!

Path: C:\Windows.old\Users\Administrator\SendTo
Status: Locked to the Windows API!

Path: C:\Windows.old\Users\Administrator\Start Menu
Status: Locked to the Windows API!

Path: C:\Windows.old\Users\Administrator\Templates
Status: Locked to the Windows API!

Path: c:\windows\system32\logfiles\scm\scm.evm
Status: Allocation size mismatch (API: 2097152, Raw: 0)

Path: C:\Windows\System32\migwiz\dlmanifests\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MICROS~3.MAN
Status: Locked to the Windows API!

Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.001
Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: c:\windows\system32\wdi\logfiles\wdicontextlog.etl.002
Status: Allocation size mismatch (API: 262144, Raw: 0)

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2365545147-1999384947-2466353664-500_UserData.bin
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3618451047-413754284-3646962667-1000_UserData.bin
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{3d256bcc-c8f2-492f-9644-9ca63a2ebca8}
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{592a00dd-5fab-4307-ab1b-daf29909a3cc}
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{68d269bf-6e2a-4fdb-b853-b7a289f57743}
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{6ecbad0d-d7d1-4ac1-a01b-a666ac829ffa}
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{a647c9cb-c570-48d7-a5b3-a2cfa6bb5573}
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{c059ca02-eec5-42c8-91d2-dafbae45b569}
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{c2fa0855-2fab-4c52-b280-4367513cbc05}
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{ded421a3-4138-457d-9968-93718b3b14a8}
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{2333d587-768d-4efd-b5d0-924c0303389e}
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{29952d5c-b0f9-4eef-ba10-87ddd27a8c2a}
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{395d2bc6-5f24-4509-b81d-88b40b2693cc}
Status: Invisible to the Windows API!

Path: C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{592a00dd-5fab-4307-ab1b-daf29909a3cc}
Status: Invisible to the Windows API!

Path: C:\Windows.old\Users\Administrator\Documents\My Music
Status: Locked to the Windows API!

Path: C:\Windows.old\Users\Administrator\Documents\My Pictures
Status: Locked to the Windows API!

Path: C:\Windows.old\Users\Administrator\Documents\My Videos
Status: Locked to the Windows API!

Path: C:\Windows.old\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: c:\users\user\appdata\local\temp\~df3c8d.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df3cd3.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df3d0f.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df3df8.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df3f61.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df3fa.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df4090.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df4094.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df410f.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df457a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df457c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df45d1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df4980.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df4e2d.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df51ec.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df56b0.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df5abd.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\flab3bf.tmp
Status: Allocation size mismatch (API: 13959168, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df10c4.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df5ad5.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df7fc.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfbe31.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfe747.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dff38a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df7ff.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df802.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df805.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df808.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df8083.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df80e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df8143.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df816.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df845.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df848e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df858f.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df864.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfc058.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfc32b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfc46c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfc4da.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfc961.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfc997.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfcd5f.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfd074.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfd2a1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfd3cc.tmp
Status: Allocation size mismatch (API: 196608, Raw: 16384)

Path: c:\users\user\appdata\local\temp\flad521.tmp
Status: Allocation size mismatch (API: 393216, Raw: 0)

Path: c:\users\user\appdata\local\temp\flae944.tmp
Status: Allocation size mismatch (API: 655360, Raw: 0)

Path: c:\users\user\appdata\local\temp\flaf66b.tmp
Status: Allocation size mismatch (API: 655360, Raw: 0)

Path: c:\users\user\appdata\local\temp\flafd7c.tmp
Status: Allocation size mismatch (API: 655360, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df10c8.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df1271.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df14.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df149a.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df150.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df156.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df15b.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df17d4.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df1da9.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df1f29.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df1fba.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df1ff1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df20fd.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df6c3c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df6c5b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df6dd3.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df6eb1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df705f.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df7077.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df7081.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df709a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df724e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df72ea.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df72fc.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df7300.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df73a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df73d6.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df747.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfe855.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfe878.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfe990.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfe9be.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfefab.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dff0aa.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dff231.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dff334.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dff35e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df9939.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df9c38.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df9f1b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfa08.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfa0a5.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfa1e6.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfa28e.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfa91a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfa94d.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfae4c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfb011.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfb05c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfb483.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfb4c4.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfb4c8.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfb4cb.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfb757.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfb7af.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfbbbd.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~dfbdda.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df5bc7.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df5cd5.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df5d0.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df5e18.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df5f65.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df5fd2.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df6342.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df6361.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df6403.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df649.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df658c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df664.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df6659.tmp
Status: Allocation size mismatch (API: 24576, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df6715.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df74d.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df752b.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df756f.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df7bf2.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df7c06.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df7cb9.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df7ef8.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df7f6.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df7f9.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df7f9c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df248c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df260d.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df263c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df27a1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\users\user\appdata\local\temp\~df288c.tmp
Status:Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

SSDT
-------------------
#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c5738

#: 054 Function Name: NtConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c5398

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c27c6

#: 064 Function Name: NtCreateKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cdbf8

#: 071 Function Name: NtCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c5aee

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cb5f6

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cb810

#: 075 Function Name: NtCreateSection
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cf528

#: 115 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c5b96

#: 122 Function Name: NtDeleteFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c2ca6

#: 123 Function Name: NtDeleteKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2ce4f4

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2ce270

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2caff6

#: 166 Function Name: NtLoadKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cea22

#: 167 Function Name: NtLoadKey2
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cea9a

#: 168 Function Name: NtLoadKeyEx
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2ceb12

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c2b3e

#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2ccd6e

#: 201 Function Name: NtOpenThread
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2ccb6c

#: 267 Function Name: NtRenameKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cf154

#: 268 Function Name: NtReplaceKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2ceb8a

#: 276 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c5022

#: 280 Function Name: NtRestoreKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cef94

#: 286 Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c5538

#: 301 Function Name: NtSetInformationFile
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c2e94

#: 324 Function Name: NtSetValueKey
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cdf76

#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cbf84

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cbe60

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cba2e

Stealth Objects
-------------------
Object: Hidden Module [Name: MSIVXdtdniiryxnieipxpqmwperpuxcvuvybt.dll]
Process: svchost.exe (PID: 724) Address: 0x10000000 Size: 53248

Object: Hidden Module [Name: MSIVXvtwdievhcpsvvdacvnuikpnxeknbfhaf.dll]
Process: iexplore.exe (PID: 388) Address: 0x10000000 Size: 237568

Object: Hidden Module [Name: MSIVXvtwdievhcpsvvdacvnuikpnxeknbfhaf.dll]
Process: iexplore.exe (PID: 1932) Address: 0x10000000 Size: 237568

Object: Hidden Module [Name: MSIVXvtwdievhcpsvvdacvnuikpnxeknbfhaf.dll]
Process: firefox.exe (PID: 560) Address: 0x00900000 Size: 237568

Hidden Services
-------------------
Service Name: MSIVXserv.sys
Image Path: C:\Windows\system32\drivers\MSIVXiktynyrpsthoxcpugusttrptymosxpdi.sys

Shadow SSDT
-------------------
#: 317 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2cc0b0

#: 479 Function Name: NtUserMessageCall
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c458a

#: 497 Function Name: NtUserPostMessage
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c45fe

#: 498 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c4686

#: 513 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c368a

#: 525 Function Name: NtUserSendInput
Status: Hooked by "C:\Windows\system32\DRIVERS\vsdatant.sys" at address 0x8a2c483e

==EOF==


Report •

#2
January 29, 2010 at 19:20:04
Yep.. that's a bad one. Had one like that once many months ago. Took a while to get rid of it.

For now, I made a real quick VB6 browser for when my other browsers are hacked. It always seems to work. Feel free to download it and use it. It's an .exe, but I assure you it's legit and there's nothing bad in it (I assure this as long as it's coming from my site url). http://jeffkastner.com/JeffsBrowser... or (if you prefer a zipped file): http://jeffkastner.com/JeffsBrowser...

Being that it's an .exe, it's not tied in to the rest of your system like IE and Firefox and most browsers, so you can bring up Google without any problem and go where you need. Also.. when the sytem starts to shut down, go to a command prompt and type in: shutdown -a
That tells the system to abort a shutdown. Even better, make a batch file (text file with: shutdown -a and named shutdown.bat) and put it on your desktop. If the system acts like it's going to shut down, click it real quick to keep it up.
Should at least get you going in the right direction. Good luck.


Report •

#3
January 29, 2010 at 19:29:31
One more reference.. Go to http://www.bleepingcomputer.com/vir...

It's the best site out there on being knowledgeable all the different viruses. In the right hand column, you'll see the 'Removal Tool Guides'. Select ComboFix first. I've always had the best results with that one or download from their link here: http://www.bleepingcomputer.com/com...


Report •
Related Solutions


Ask Question