Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Personal Antivirus removal issue


  • Please log in to reply
10 replies to this topic

#1 pmullen

pmullen

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 16 July 2009 - 08:19 PM

In researching the removal of Personal Antivirus, I found this site and the removal instructions. The removal tool, mbam-setup.exe, will not run. Any other application will but not this. A process gets created for it but the app does not start. Has Personal Antivirus morphed to deal with this removal tool and the posted instructions do not take this into account?

It will not run even in Safe Mode.

Any help would be greatly appreciated. Thanks!!

pmullen

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:16 AM

Posted 16 July 2009 - 09:15 PM

Hello let's try getting around it..
first try reinstalling MBAM..
[/b]Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.[/color]
See if it runs. If still no joy. Do the next.


Next Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K.
Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner.
Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services


Now you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished,

click on Save Report.
Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there).
Please copy and paste that into your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 pmullen

pmullen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 18 July 2009 - 10:38 AM

Thank you boop. Will do. I don't have 24/7 access to the computer (helping a friend who helps keep my oil burner working) so will let you know as soon as I can. Sorry for the delay in this reply. I thought I had checked to be notified by email of any posts but never got one.

Thanks again!!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:16 AM

Posted 18 July 2009 - 01:13 PM

Fair enough.. Will look back when you post.. I willl be out for the rest of today..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 pmullen

pmullen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 20 July 2009 - 06:59 PM

Evening boop

Well, renaming it worked...sort of. It allowed the install to run but the first time, just before finishing installation, it hung. After that it would hang 2/3 of the way through the extract. In either regular or safe mode.

I looked for a restore point and there were none. The restore point calendar would not let me look at other months or click on any particular date.

I suspect there is more than just the Personal Antivirus at work here.

RootRepeal ran report is below. I appreciate your help. Been in IT 30 years but its all in the OSX world now.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/20 19:20
Program Version: Version 1.3.2.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9655000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8AC9000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7F7C000 Size: 49152 File Visible: No Signed: -
Status: -

Stealth Objects
-------------------
Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: winlogon.exe (PID: 648) Address: 0x00740000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: winlogon.exe (PID: 648) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: services.exe (PID: 696) Address: 0x00740000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: services.exe (PID: 696) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: lsass.exe (PID: 720) Address: 0x00800000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: lsass.exe (PID: 720) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: svchost.exe (PID: 916) Address: 0x00760000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: svchost.exe (PID: 916) Address: 0x007f0000 Address: 49152

Object: Hidden Module [Name: UACwxrrvklrln.dll]
Process: svchost.exe (PID: 916) Address: 0x00af0000 Address: 73728

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: svchost.exe (PID: 916) Address: 0x00d90000 Address: 45056

Object: Hidden Module [Name: UACsciyjgyidi.dll]
Process: svchost.exe (PID: 916) Address: 0x02b90000 Address: 204800

Object: Hidden Module [Name: UACaa5a.tmpjgyidi.dll]
Process: svchost.exe (PID: 916) Address: 0x10000000 Address: 204800

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: svchost.exe (PID: 916) Address: 0x02df0000 Address: 49152

Object: Hidden Module [Name: UACaa5a.tmpjgyidi.dll]
Process: svchost.exe (PID: 1028) Address: 0x10000000 Address: 204800

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: svchost.exe (PID: 1028) Address: 0x00760000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: svchost.exe (PID: 1028) Address: 0x007f0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: svchost.exe (PID: 1128) Address: 0x00760000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: svchost.exe (PID: 1128) Address: 0x007f0000 Address: 49152

Object: Hidden Module [Name: UACaa5a.tmpjgyidi.dll]
Process: svchost.exe (PID: 1128) Address: 0x10000000 Address: 204800

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: svchost.exe (PID: 1236) Address: 0x00760000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: svchost.exe (PID: 1236) Address: 0x007f0000 Address: 49152

Object: Hidden Module [Name: UACaa5a.tmpjgyidi.dll]
Process: svchost.exe (PID: 1236) Address: 0x10000000 Address: 204800

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: svchost.exe (PID: 1332) Address: 0x00760000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: svchost.exe (PID: 1332) Address: 0x007f0000 Address: 49152

Object: Hidden Module [Name: UACaa5a.tmpjgyidi.dll]
Process: svchost.exe (PID: 1332) Address: 0x10000000 Address: 204800

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: aawservice.exe (PID: 1376) Address: 0x00e20000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: aawservice.exe (PID: 1376) Address: 0x00f90000 Address: 49152

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: Explorer.EXE (PID: 1680) Address: 0x00d00000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: Explorer.EXE (PID: 1680) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: Iexplore.exe (PID: 1704) Address: 0x00c10000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: Iexplore.exe (PID: 1704) Address: 0x00b60000 Address: 45056

Object: Hidden Module [Name: UACaa5a.tmpjgyidi.dll]
Process: Iexplore.exe (PID: 1704) Address: 0x10000000 Address: 204800

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: ctfmon.exe (PID: 1840) Address: 0x00a80000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: ctfmon.exe (PID: 1840) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: ehtray.exe (PID: 1896) Address: 0x00b80000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: ehtray.exe (PID: 1896) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: hkcmd.exe (PID: 1928) Address: 0x003b0000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: hkcmd.exe (PID: 1928) Address: 0x00a50000 Address: 49152

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: igfxpers.exe (PID: 1936) Address: 0x00a30000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: igfxpers.exe (PID: 1936) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: jusched.exe (PID: 1952) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: jusched.exe (PID: 1952) Address: 0x00c50000 Address: 49152

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: stsystra.exe (PID: 1964) Address: 0x00b30000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: stsystra.exe (PID: 1964) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: IntelMEM.exe (PID: 1972) Address: 0x009b0000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: IntelMEM.exe (PID: 1972) Address: 0x00b40000 Address: 49152

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: DVDLauncher.exe (PID: 1980) Address: 0x00ae0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: DVDLauncher.exe (PID: 1980) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: RealPlay.exe (PID: 2008) Address: 0x00f40000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: RealPlay.exe (PID: 2008) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: tfswctrl.exe (PID: 2024) Address: 0x00940000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: tfswctrl.exe (PID: 2024) Address: 0x00af0000 Address: 49152

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: issch.exe (PID: 160) Address: 0x00a30000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: issch.exe (PID: 160) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: ScanToPc.exe (PID: 204) Address: 0x00970000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: ScanToPc.exe (PID: 204) Address: 0x00b10000 Address: 49152

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: pptd40nt.exe (PID: 224) Address: 0x00c30000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: pptd40nt.exe (PID: 224) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: MediaDetect.exe (PID: 420) Address: 0x00af0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: MediaDetect.exe (PID: 420) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: avgcc.exe (PID: 484) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: avgcc.exe (PID: 484) Address: 0x014e0000 Address: 49152

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: iTunesHelper.exe (PID: 132) Address: 0x00ca0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: iTunesHelper.exe (PID: 132) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: pav.exe (PID: 872) Address: 0x00ec0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: pav.exe (PID: 872) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: NetFilter.exe (PID: 724) Address: 0x00c90000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: NetFilter.exe (PID: 724) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: GoogleToolbarNotifier.exe (PID: 1080) Address: 0x00a40000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: GoogleToolbarNotifier.exe (PID: 1080) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: DSAgnt.exe (PID: 1096) Address: 0x00ce0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: DSAgnt.exe (PID: 1096) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: TeaTimer.exe (PID: 1196) Address: 0x00eb0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: TeaTimer.exe (PID: 1196) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: mim.exe (PID: 1280) Address: 0x00aa0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: mim.exe (PID: 1280) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: MMDiag.exe (PID: 1580) Address: 0x00b00000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: MMDiag.exe (PID: 1580) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: spoolsv.exe (PID: 228) Address: 0x00a70000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: spoolsv.exe (PID: 228) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: svchost.exe (PID: 1620) Address: 0x00760000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: svchost.exe (PID: 1620) Address: 0x007f0000 Address: 49152

Object: Hidden Module [Name: UACaa5a.tmpjgyidi.dll]
Process: svchost.exe (PID: 1620) Address: 0x10000000 Address: 204800

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: AppleMobileDeviceService.exe (PID: 1400) Address: 0x007d0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: AppleMobileDeviceService.exe (PID: 1400) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: avgamsvr.exe (PID: 2052) Address: 0x00a90000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: avgamsvr.exe (PID: 2052) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: avgupsvc.exe (PID: 2072) Address: 0x007b0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: avgupsvc.exe (PID: 2072) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: mDNSResponder.exe (PID: 2140) Address: 0x00810000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: mDNSResponder.exe (PID: 2140) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: ehRecvr.exe (PID: 2228) Address: 0x00710000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: ehRecvr.exe (PID: 2228) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: ehSched.exe (PID: 2304) Address: 0x006f0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: ehSched.exe (PID: 2304) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: MDM.EXE (PID: 2612) Address: 0x00aa0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: MDM.EXE (PID: 2612) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: svchost.exe (PID: 2684) Address: 0x00760000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: svchost.exe (PID: 2684) Address: 0x007f0000 Address: 49152

Object: Hidden Module [Name: UACaa5a.tmpjgyidi.dll]
Process: svchost.exe (PID: 2684) Address: 0x10000000 Address: 204800

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: svchost.exe (PID: 2700) Address: 0x00760000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: svchost.exe (PID: 2700) Address: 0x007f0000 Address: 49152

Object: Hidden Module [Name: UACaa5a.tmpjgyidi.dll]
Process: svchost.exe (PID: 2700) Address: 0x10000000 Address: 204800

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: wdfmgr.exe (PID: 2784) Address: 0x006d0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: wdfmgr.exe (PID: 2784) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: mcrdsvc.exe (PID: 3040) Address: 0x00700000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: mcrdsvc.exe (PID: 3040) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: CALMAIN.exe (PID: 3208) Address: 0x007b0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: CALMAIN.exe (PID: 3208) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: iPodService.exe (PID: 3720) Address: 0x00830000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: iPodService.exe (PID: 3720) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: dllhost.exe (PID: 3824) Address: 0x007f0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: dllhost.exe (PID: 3824) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: alg.exe (PID: 2260) Address: 0x00820000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: alg.exe (PID: 2260) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: ehmsas.exe (PID: 940) Address: 0x00960000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: ehmsas.exe (PID: 940) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: wuauclt.exe (PID: 3496) Address: 0x007f0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: wuauclt.exe (PID: 3496) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: wuauclt.exe (PID: 2220) Address: 0x00a70000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: wuauclt.exe (PID: 2220) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: WinRAR.exe (PID: 2540) Address: 0x00b90000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: WinRAR.exe (PID: 2540) Address: 0x10000000 Address: 45056

Object: Hidden Module [Name: UACmlweqtbqfu.dll]
Process: RootRepeal.exe (PID: 2668) Address: 0x00be0000 Address: 49152

Object: Hidden Module [Name: UACkmxfqhbowb.dll]
Process: RootRepeal.exe (PID: 2668) Address: 0x10000000 Address: 45056

==EOF==

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:16 AM

Posted 20 July 2009 - 08:10 PM

Hi,, Yep well this is the new world where now they write malware that blocks every"Anti" tool first..
We didn't get a good log. The joy!

Run RootRepeal
Click Settings - Options
Set the Disk Access Level slider in the general tab to High

Try scanning now with the settings as described above.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 pmullen

pmullen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 20 July 2009 - 08:34 PM

Will do. Thanks.

#8 pmullen

pmullen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 27 July 2009 - 07:53 PM

Evening boop
Apologize for the delay in posting this. This is a RootRepeal report with Disk Access set to high.
Hope you are still around.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/27 20:00
Program Version: Version 1.3.2.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF8446000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: aec.sys
Image Path: C:\WINDOWS\system32\drivers\aec.sys
Address: 0xA8D68000 Size: 142592 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA989C000 Size: 138496 File Visible: - Signed: -
Status: -

Name: ASCTRM.SYS
Image Path: C:\WINDOWS\System32\Drivers\ASCTRM.SYS
Address: 0xF8B1B000 Size: 7488 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF83D8000 Size: 96512 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF8BCB000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avg7core.sys
Image Path: C:\WINDOWS\System32\Drivers\avg7core.sys
Address: 0xA9738000 Size: 821856 File Visible: - Signed: -
Status: -

Name: avg7rsw.sys
Image Path: C:\WINDOWS\System32\Drivers\avg7rsw.sys
Address: 0xF8ACD000 Size: 4224 File Visible: - Signed: -
Status: -

Name: avg7rsxp.sys
Image Path: C:\WINDOWS\System32\Drivers\avg7rsxp.sys
Address: 0xF887D000 Size: 27776 File Visible: - Signed: -
Status: -

Name: avgclean.sys
Image Path: C:\WINDOWS\System32\Drivers\avgclean.sys
Address: 0xF8C68000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF8ABD000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF8985000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA9220000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF6F20000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF85B5000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF85A5000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF83F0000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF8A79000 Size: 5888 File Visible: - Signed: -
Status: -

Name: DMusic.sys
Image Path: C:\WINDOWS\system32\drivers\DMusic.sys
Address: 0xA93F8000 Size: 52864 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF8745000 Size: 61440 File Visible: - Signed: -
Status: -

Name: drmkaud.sys
Image Path: C:\WINDOWS\system32\drivers\drmkaud.sys
Address: 0xF8C52000 Size: 2944 File Visible: - Signed: -
Status: -

Name: drvmcdb.sys
Image Path: drvmcdb.sys
Address: 0xF8391000 Size: 85344 File Visible: - Signed: -
Status: -

Name: drvnddm.sys
Image Path: C:\WINDOWS\system32\drivers\drvnddm.sys
Address: 0xF8685000 Size: 38240 File Visible: - Signed: -
Status: -

Name: DSproct.sys
Image Path: C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
Address: 0xF8A9F000 Size: 4736 File Visible: - Signed: -
Status: -

Name: dsunidrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Address: 0xF8A87000 Size: 5376 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9720000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8ACF000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAA76B000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8CBD000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Address: 0xF6B7A000 Size: 155648 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA99A0000 Size: 143744 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF87A5000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF83B8000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF8ABB000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF8416000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF6F00000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF6DA3000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF8765000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF883D000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF8A29000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA8741000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF762F000 Size: 8576 File Visible: - Signed: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBF075000 Size: 925696 File Visible: - Signed: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBF041000 Size: 212992 File Visible: - Signed: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF020000 Size: 135168 File Visible: - Signed: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Address: 0xF6DDF000 Size: 1049056 File Visible: - Signed: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF012000 Size: 57344 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF6F30000 Size: 42112 File Visible: - Signed: -
Status: -

Name: IntelC51.sys
Image Path: C:\WINDOWS\system32\DRIVERS\IntelC51.sys
Address: 0xF6C35000 Size: 1205920 File Visible: - Signed: -
Status: -

Name: IntelC52.sys
Image Path: C:\WINDOWS\system32\DRIVERS\IntelC52.sys
Address: 0xF6BA0000 Size: 609120 File Visible: - Signed: -
Status: -

Name: IntelC53.sys
Image Path: C:\WINDOWS\system32\DRIVERS\IntelC53.sys
Address: 0xF6F40000 Size: 58080 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF6F50000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA98E6000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA998D000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF8575000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF8975000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xF8A35000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF8A75000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA8D3D000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6D5C000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF837A000 Size: 92288 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF8ABF000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF8955000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xF764F000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mohfilt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mohfilt.sys
Address: 0xF894D000 Size: 23520 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF897D000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xF8A2D000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF8585000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA8A7A000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA9801000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF884D000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF86E5000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF8261000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF82A6000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF82C0000 Size: 182656 File Visible: - Signed: -
Status: -

Name: NDISRD.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDISRD.SYS
Address: 0xF8875000 Size: 24576 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF8A69000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA95D8000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6B63000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF8705000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF8785000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA990C000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF8855000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF82ED000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8C62000 Size: 2944 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF87FD000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF8435000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF8B3D000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF87F5000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAA76F000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6B52000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF8965000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF8805000 Size: 20000 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF8A4D000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF6EF0000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF6EE0000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF86D5000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF896D000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA9871000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF8AC1000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF6B22000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF6F10000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA829D000 Size: 49152 File Visible: No Signed: -
Status: -

Name: splitter.sys
Image Path: C:\WINDOWS\system32\drivers\splitter.sys
Address: 0xF8AC7000 Size: 6272 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF83A6000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA86C7000 Size: 333952 File Visible: - Signed: -
Status: -

Name: sscdbhk5.sys
Image Path: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Address: 0xF8AB3000 Size: 5568 File Visible: - Signed: -
Status: -

Name: ssrtln.sys
Image Path: C:\WINDOWS\system32\drivers\ssrtln.sys
Address: 0xF8835000 Size: 23488 File Visible: - Signed: -
Status: -

Name: sthda.sys
Image Path: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0xAA793000 Size: 180864 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF8AB5000 Size: 4352 File Visible: - Signed: -
Status: -

Name: swmidi.sys
Image Path: C:\WINDOWS\system32\drivers\swmidi.sys
Address: 0xF87B5000 Size: 56576 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA93C8000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA9934000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF895D000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF86F5000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tfsnboio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnboio.sys
Address: 0xF889D000 Size: 25824 File Visible: - Signed: -
Status: -

Name: tfsncofs.sys
Image Path: C:\WINDOWS\system32\dla\tfsncofs.sys
Address: 0xF8695000 Size: 34784 File Visible: - Signed: -
Status: -

Name: tfsndrct.sys
Image Path: C:\WINDOWS\system32\dla\tfsndrct.sys
Address: 0xF8BCD000 Size: 4064 File Visible: - Signed: -
Status: -

Name: tfsndres.sys
Image Path: C:\WINDOWS\system32\dla\tfsndres.sys
Address: 0xF8BCA000 Size: 2176 File Visible: - Signed: -
Status: -

Name: tfsnifs.sys
Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys
Address: 0xA95A2000 Size: 86528 File Visible: - Signed: -
Status: -

Name: tfsnopio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnopio.sys
Address: 0xA9640000 Size: 15168 File Visible: - Signed: -
Status: -

Name: tfsnpool.sys
Image Path: C:\WINDOWS\system32\dla\tfsnpool.sys
Address: 0xF8AD3000 Size: 6304 File Visible: - Signed: -
Status: -

Name: tfsnudf.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudf.sys
Address: 0xA9589000 Size: 98656 File Visible: - Signed: -
Status: -

Name: tfsnudfa.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudfa.sys
Address: 0xA9570000 Size: 100544 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF6AC4000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF885D000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF8AB7000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF8945000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF8735000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6D7F000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF8865000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xF8A39000 Size: 15104 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF893D000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF8845000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6DCB000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF8595000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF8775000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF8885000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA8D8B000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF8A77000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:16 AM

Posted 27 July 2009 - 08:23 PM

Need to try another tool.

Please download Rooter.exe and save to your desktop.
alternate download link
  • Double-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...
  • Click the Scan button to begin.
  • Once the scan is complete, Notepad will open with a report named Rooter_#.txt (where # is the number assigned to the report).
  • A folder will be created at the %systemdrive% (usually, C:\Rooter$) where the log will be saved.
  • Rooter will automatically close. If it doesn't, just press the Close button.
  • Copy and paste the contents of Rooter_#.txt in your next reply.
Important: Before performing a scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 pmullen

pmullen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:16 AM

Posted 10 August 2009 - 06:40 PM

Thank you so much for your help. In the end they took the machine to someone. I couldn't put enough time into it. Sorry for the delay in passing this on. Thanks again for your help.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:16 AM

Posted 10 August 2009 - 09:15 PM

Thanks for letting us know. We are at least happy you will be fixed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users