Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works


  • Please log in to reply




  • Member
  • PipPipPip
  • 212 posts
My cursor will just jump about on it's own....with no rhyme or reason.

The following are logs generated from the steps in the Malware and Spyware Cleaning Guide. But OTL would not finish...I keep getting and error msg, "Access violation at address 7C919C2F in module 'ntdll.dll'. Read of address FFFFFFFA.

MBAM & RootRepeal Logs:

Malwarebytes' Anti-Malware 1.41
Database version: 2806
Windows 5.1.2600 Service Pack 3

9/15/2009 9:57:14 PM
mbam-log-2009-09-15 (21-57-14).txt

Scan type: Quick Scan
Objects scanned: 105178
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\winsock.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.

ROOTREPEAL © AD, 2007-2009
Scan Start Time: 2009/09/15 22:03
Program Version: Version
Windows Version: Windows XP SP3

Name: dump_IdeChnDr.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_IdeChnDr.sys
Address: 0xBAC32000 Size: 98304 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEC299000 Size: 49152 File Visible: No Signed: -
Status: -

#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf776687e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf7766bfe

  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP