Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly infected with rootkit


  • Please log in to reply
1 reply to this topic

#1 ronin_451

ronin_451

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 11 September 2009 - 06:51 AM

After reading some of the symptoms mentioned by other members of this forum I think I have a rootkit virus. Anytime i try to run an antivirus program (MBAM, SuperAntiSpyware, HJThis, etc...) I either get this error:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item."

Or the app flat out crashes and closes down. I've downloaded RootRepeal to run a driver scan and here are the results:

Thanks in advance :thumbsup:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/11 07:33
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF7474000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: 1394BUS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS
Address: 0xF7617000 Size: 53248 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7582000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB7D57000 Size: 138368 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7677000 Size: 42368 File Visible: - Signed: -
Status: -

Name: AnyDVD.sys
Image Path: C:\WINDOWS\System32\Drivers\AnyDVD.sys
Address: 0xF7757000 Size: 31232 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\System32\DRIVERS\arp1394.sys
Address: 0xBA295000 Size: 60800 File Visible: - Signed: -
Status: -

Name: Aspi32.SYS
Image Path: C:\WINDOWS\System32\Drivers\Aspi32.SYS
Address: 0xB7639000 Size: 16096 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA9000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7A9B000 Size: 3072 File Visible: - Signed: -
Status: -

Name: aw_host5.sys
Image Path: C:\WINDOWS\system32\drivers\aw_host5.sys
Address: 0xBAFB7000 Size: 15744 File Visible: - Signed: -
Status: -

Name: awechomd.sys
Image Path: C:\WINDOWS\system32\drivers\awechomd.sys
Address: 0xF79AF000 Size: 7648 File Visible: - Signed: -
Status: -

Name: awlegacy.sys
Image Path: C:\WINDOWS\System32\Drivers\awlegacy.sys
Address: 0xB9300000 Size: 10272 File Visible: - Signed: -
Status: -

Name: bdftdif.sys
Image Path: C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
Address: 0xB7DEA000 Size: 130560 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79AD000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB7741000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF74F1000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7657000 Size: 53248 File Visible: - Signed: -
Status: -

Name: d347bus.sys
Image Path: d347bus.sys
Address: 0xF75B0000 Size: 155136 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7647000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF748C000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798D000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF76A7000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7BBC000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C1000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB7E85000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA8EE000 Size: 4096 File Visible: - Signed: -
Status: -

Name: el90xbc5.sys
Image Path: C:\WINDOWS\System32\DRIVERS\el90xbc5.sys
Address: 0xB951D000 Size: 66560 File Visible: - Signed: -
Status: -

Name: ElbyCDIO.sys
Image Path: C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
Address: 0xB7F1D000 Size: 8064 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF773F000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF76E7000 Size: 34944 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF77B7000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7454000 Size: 128896 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79AB000 Size: 7936 File Visible: - Signed: -
Status: -

Name: fsbldrv.sys
Image Path: c:\docume~1\agent\locals~1\temp\d67bb87c-847f-4986-9fee-0459fa49af4a\fsbldrv.sys
Address: 0xB65D1000 Size: 40960 File Visible: No Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74B2000 Size: 125056 File Visible: - Signed: -
Status: -

Name: gameenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\gameenum.sys
Address: 0xBAFD8000 Size: 10624 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF74D1000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Gernuwa.sys
Image Path: Gernuwa.sys
Address: 0xF789B000 Size: 13088 File Visible: - Signed: -
Status: -

Name: ghpciscan.sys
Image Path: C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
Address: 0xF77C7000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EC000 Size: 81280 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF77CF000 Size: 28672 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF7511000 Size: 52736 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF7432000 Size: 41856 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF798B000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xBA225000 Size: 36096 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xB7DC9000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xB7E62000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF7747000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB6516000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB952E000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7870000 Size: 92032 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79B1000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7727000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xBAFF0000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF774F000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7627000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xB7C9C000 Size: 453632 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF77DF000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF7887000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF7927000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF796C000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7830000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xBAFA3000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xB94F2000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBACA2000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF76C7000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xB7D79000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nic1394.sys
Address: 0xF7697000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF77E7000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000 Size: 574464 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA8ED000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D5000 Size: 6111232 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB9658000 Size: 6557408 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7607000 Size: 61056 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xB9509000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 18688 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xB7F27000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7571000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcouffin.sys
Image Path: C:\WINDOWS\System32\Drivers\pcouffin.sys
Address: 0xBACE2000 Size: 47360 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB7F4F000 Size: 147456 File Visible: - Signed: -
Status: -

Name: PQNTDrv.SYS
Image Path: C:\WINDOWS\System32\Drivers\PQNTDrv.SYS
Address: 0xF7AB6000 Size: 2688 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xB94E1000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF7787000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7667000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xBAFEC000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF7422000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF7412000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF7402000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF778F000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xB7D0B000 Size: 174592 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79B3000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xB9308000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF74E1000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rootrepealkk.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepealkk.sys
Address: 0xB6F19000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF77EF000 Size: 28672 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xB7D36000 Size: 135168 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xBAFAF000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF7501000 Size: 64896 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7442000 Size: 73472 File Visible: - Signed: -
Status: -

Name: sunkfilt62.sys
Image Path: C:\WINDOWS\System32\Drivers\sunkfilt62.sys
Address: 0xF7551000 Size: 32864 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF79DD000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB7601000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tbcos.sys
Image Path: C:\WINDOWS\system32\drivers\tbcos.sys
Address: 0xF79CF000 Size: 8192 File Visible: - Signed: -
Status: -

Name: tbcspud.sys
Image Path: C:\WINDOWS\system32\drivers\tbcspud.sys
Address: 0xB9551000 Size: 149632 File Visible: - Signed: -
Status: -

Name: tbcwdm.sys
Image Path: C:\WINDOWS\system32\drivers\tbcwdm.sys
Address: 0xB7F73000 Size: 554304 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xB7E0A000 Size: 360320 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF777F000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xBACC2000 Size: 40704 File Visible: - Signed: -
Status: -

Name: Udfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xB7F0A000 Size: 66176 File Visible: - Signed: -
Status: -

Name: ULCDRHlp.sys
Image Path: C:\WINDOWS\System32\Drivers\ULCDRHlp.sys
Address: 0xF775F000 Size: 27232 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xB9287000 Size: 364160 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF79DF000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF7737000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xBACB2000 Size: 57600 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Address: 0xF772F000 Size: 17024 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xB9576000 Size: 143360 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Address: 0xF780F000 Size: 26496 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF7777000 Size: 20480 File Visible: - Signed: -
Status: -

Name: USIUDF.sys
Image Path: C:\WINDOWS\System32\Drivers\USIUDF.sys
Address: 0xB7EC5000 Size: 281344 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF77D7000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9644000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7637000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF7541000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7817000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB74B4000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF776F000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xBA265000 Size: 61440 File Visible: No Signed: -
Status: -

Name: winachcf.sys
Image Path: C:\WINDOWS\System32\DRIVERS\winachcf.sys
Address: 0xB9599000 Size: 696928 File Visible: - Signed: -
Status: -

Name: windrvNT.sys
Image Path: C:\WINDOWS\system32\windrvNT.sys
Address: 0xB8133000 Size: 25664 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xBAFBB000 Size: 12032 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF785D000 Size: 77568 File Visible: - Signed: -
Status: -

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:24 PM

Posted 11 September 2009 - 10:15 PM

As you suspected, you have a serious rootkit infection. With the information you have provided I believe you will need help from the malware removal team. Please read the information about getting started. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The HJT team is very busy, so it could be several days before you receive a reply. But rest assured, help is on the way!

Due to the nature of this infection it is likely that you will be unable to run traditional scanning utilities or run a full scan with RootRepeal as directed in the Preparation Guide linked above. If this is the case, you should still create your new thread in the HJT forum, but instead of DDS and full RootRepeal logs you should post your partial RootRepeal log (the one you just generated for me), as well as a log generated by this special utility. Note that the utility takes some time to run, so don't worry if it appears that nothing is happening.

Sorry I couldn't do more for you here; they'll be able to help in HJT.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users