Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

clickover.cn


  • Please log in to reply
11 replies to this topic

#1 gingerandhottie

gingerandhottie

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 02 August 2009 - 06:33 PM

Hi,

I'm new to the forum. When searching Google and Bing in IE or Firefox, I am constantly redirected to websites including clickover.cn.

I've run Malware Bytes and SUPERAntiSpyware.

Based on research (here and elsewhere), it seems pretty clear that my computer is infected by some kind of malware. Any help would be much appreciated!

Many thanks

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 02 August 2009 - 06:37 PM

Please download RootRepeal Rootkit Detector and save it to your Desktop.

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.
* Create a new folder on your hard drive called RootRepeal (C:\RootRepeal) and extract (unzip) RootRepeal.zip. (click here if you're not sure how to do this. Vista users refer to this link.)
* Open the folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
* Click on the Files tab, then click the Scan button.
* In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
* When the scan has completed, a list of files will be generated in the RootRepeal window.
* Click on the Save Report button and save it as rootrepeal.txt to your desktop or the same location where you ran the tool from.
* Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.
* Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "Safe Mode".
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 gingerandhottie

gingerandhottie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 02 August 2009 - 07:09 PM

Thanks for the help -- I'm copying and pasting the report from RootRepeal. NOTE: I couldn't turn off the Sophos anti-virus, not sure if that will be a problem.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/02 17:06
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF7575000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7426000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF7971000 Size: 11648 File Visible: - Signed: -
Status: -

Name: ADIHdAud.sys
Image Path: C:\WINDOWS\system32\drivers\ADIHdAud.sys
Address: 0xA866C000 Size: 323584 File Visible: - Signed: -
Status: -

Name: AEAudio.sys
Image Path: C:\WINDOWS\system32\drivers\AEAudio.sys
Address: 0xA85BA000 Size: 103424 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xF7885000 Size: 19328 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA625C000 Size: 138496 File Visible: - Signed: -
Status: -

Name: ANC.SYS
Image Path: C:\WINDOWS\System32\drivers\ANC.SYS
Address: 0xA6506000 Size: 11520 File Visible: - Signed: -
Status: -

Name: ApsHM86.sys
Image Path: ApsHM86.sys
Address: 0xF77E5000 Size: 32768 File Visible: - Signed: -
Status: -

Name: Apsx86.sys
Image Path: Apsx86.sys
Address: 0xF715A000 Size: 122880 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xA92FD000 Size: 60800 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF73C0000 Size: 96512 File Visible: - Signed: -
Status: -

Name: atmeltpm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
Address: 0xF78ED000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7C68000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF796D000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7B0F000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7965000 Size: 12288 File Visible: - Signed: -
Status: -

Name: BthEnum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\BthEnum.sys
Address: 0xA620A000 Size: 17024 File Visible: - Signed: -
Status: -

Name: bthpan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\bthpan.sys
Address: 0xA4E89000 Size: 101120 File Visible: - Signed: -
Status: -

Name: bthport.sys
Image Path: C:\WINDOWS\System32\Drivers\bthport.sys
Address: 0xA53F7000 Size: 274432 File Visible: - Signed: -
Status: -

Name: BTHUSB.sys
Image Path: C:\WINDOWS\System32\Drivers\BTHUSB.sys
Address: 0xA6222000 Size: 18944 File Visible: - Signed: -
Status: -

Name: btkrnl.sys
Image Path: C:\WINDOWS\system32\DRIVERS\btkrnl.sys
Address: 0xF48C0000 Size: 834720 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF75B5000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF7100000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF7969000 Size: 10240 File Visible: - Signed: -
Status: -

Name: CVPNDRVA.sys
Image Path: C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
Address: 0x9B01A000 Size: 589824 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF75A5000 Size: 36352 File Visible: - Signed: -
Status: -

Name: DLABOIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Address: 0xA547A000 Size: 25568 File Visible: - Signed: -
Status: -

Name: DLACDBHM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Address: 0xF7B0B000 Size: 5568 File Visible: - Signed: -
Status: -

Name: DLADResN.SYS
Image Path: C:\WINDOWS\System32\DLA\DLADResN.SYS
Address: 0x9BF51000 Size: 2432 File Visible: - Signed: -
Status: -

Name: DLAIFS_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Address: 0x9B75E000 Size: 86464 File Visible: - Signed: -
Status: -

Name: DLAOPIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Address: 0xF47A4000 Size: 14624 File Visible: - Signed: -
Status: -

Name: DLAPoolM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Address: 0xF7AA5000 Size: 6304 File Visible: - Signed: -
Status: -

Name: DLARTL_N.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
Address: 0xA66B5000 Size: 22624 File Visible: - Signed: -
Status: -

Name: DLAUDF_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Address: 0x9B731000 Size: 86944 File Visible: - Signed: -
Status: -

Name: DLAUDFAM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Address: 0x9B747000 Size: 92640 File Visible: - Signed: -
Status: -

Name: dne2000.sys
Image Path: C:\WINDOWS\system32\DRIVERS\dne2000.sys
Address: 0xF48A2000 Size: 119936 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF6728000 Size: 61440 File Visible: - Signed: -
Status: -

Name: DRVMCDB.SYS
Image Path: DRVMCDB.SYS
Address: 0xF728F000 Size: 86560 File Visible: - Signed: -
Status: -

Name: DRVNDDM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Address: 0xF7725000 Size: 38304 File Visible: - Signed: -
Status: -

Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0x9B774000 Size: 819200 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0x9BC8A000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xA259C000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e1e5132.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xF4DDF000 Size: 266240 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xA661F000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF72D8000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7B0D000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF73D8000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF4D93000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xA66AD000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hjgruiyapqjovb.sys
Image Path: C:\WINDOWS\system32\drivers\hjgruiyapqjovb.sys
Address: 0xA6400000 Size: 163840 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xA83E1000 Size: 731520 File Visible: - Signed: -
Status: -

Name: HSF_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Address: 0xA8494000 Size: 989696 File Visible: - Signed: -
Status: -

Name: HSFHWAZL.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
Address: 0xA8586000 Size: 211456 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0x99EA8000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7785000 Size: 52480 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xF72F8000 Size: 819200 File Visible: - Signed: -
Status: -

Name: IBMBLDID.sys
Image Path: C:\WINDOWS\system32\Drivers\IBMBLDID.sys
Address: 0xF7B17000 Size: 4224 File Visible: - Signed: -
Status: -

Name: ibmpmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
Address: 0xF78F5000 Size: 17152 File Visible: - Signed: -
Status: -

Name: igxpdv32.DLL
Image Path: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF04F000 Size: 1671168 File Visible: - Signed: -
Status: -

Name: igxpdx32.DLL
Image Path: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF1E7000 Size: 2699264 File Visible: - Signed: -
Status: -

Name: igxpgd32.dll
Image Path: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000 Size: 176128 File Visible: - Signed: -
Status: -

Name: igxpmp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xF4E34000 Size: 5854752 File Visible: - Signed: -
Status: -

Name: igxprd32.dll
Image Path: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000 Size: 73728 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF7775000 Size: 36352 File Visible: - Signed: -
Status: -

Name: iPassP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\iPassP.sys
Address: 0xA6695000 Size: 19328 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA627E000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA6325000 Size: 75264 File Visible: - Signed: -
Status: -

Name: irda.sys
Image Path: C:\WINDOWS\system32\DRIVERS\irda.sys
Address: 0x9B6A3000 Size: 88192 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7555000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF78DD000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A55000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0x98866000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF4827000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7245000 Size: 92288 File Visible: - Signed: -
Status: -

Name: ldblank.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ldblank.sys
Address: 0xF7108000 Size: 11904 File Visible: - Signed: -
Status: -

Name: ldmirror.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ldmirror.sys
Address: 0xF7C5E000 Size: 3328 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0x9AE22000 Size: 12672 File Visible: - Signed: -
Status: -

Name: mirrorflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mirrorflt.sys
Address: 0xF7C5F000 Size: 3712 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7B11000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF788D000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF78E5000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7585000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0x9B536000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA611A000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xA668D000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7615000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF5638000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7140000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7178000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF5648000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0x9B725000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF488B000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7665000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xA932D000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA62A4000 Size: 162816 File Visible: - Signed: -
Status: -

Name: NETw5x32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
Address: 0xF4A1C000 Size: 3630080 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF75F5000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xA667D000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF71A5000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7C5A000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7565000 Size: 61696 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7B1E000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF77DD000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7415000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7B1D000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF77D5000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF73F7000 Size: 120192 File Visible: - Signed: -
Status: -

Name: PGPdisk.SYS
Image Path: C:\WINDOWS\System32\Drivers\PGPdisk.SYS
Address: 0x9B4D1000 Size: 249856 File Visible: - Signed: -
Status: -

Name: PGPfsfd.sys
Image Path: PGPfsfd.sys
Address: 0xF72B7000 Size: 135168 File Visible: - Signed: -
Status: -

Name: PGPsdk.sys
Image Path: C:\WINDOWS\System32\Drivers\PGPsdk.sys
Address: 0x9AEF2000 Size: 49152 File Visible: - Signed: -
Status: -

Name: PGPwded.sys
Image Path: PGPwded.sys
Address: 0xF725C000 Size: 208896 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA8648000 Size: 147456 File Visible: - Signed: -
Status: -

Name: PROCDD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
Address: 0xA66BD000 Size: 28672 File Visible: - Signed: -
Status: -

Name: psadd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psadd.sys
Address: 0xF791D000 Size: 21376 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF487A000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF790D000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF75C5000 Size: 35648 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA9877000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasirda.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasirda.sys
Address: 0xF78FD000 Size: 19584 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF77B5000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF77C5000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7605000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7915000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA618A000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7B13000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF484A000 Size: 196224 File Visible: - Signed: -
Status: -

Name: RDPWD.SYS
Image Path: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Address: 0x9ABBD000 Size: 139520 File Visible: - Signed: -
Status: -

Name: rfcomm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rfcomm.sys
Address: 0xF6738000 Size: 59136 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9A881000 Size: 49152 File Visible: No Signed: -
Status: -

Name: s24trans.sys
Image Path: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Address: 0xA6512000 Size: 12416 File Visible: - Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xA6553000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0x9BAA8000 Size: 20480 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xA61B5000 Size: 151552 File Visible: - Signed: -
Status: -

Name: savonaccesscontrol.sys
Image Path: C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
Address: 0xA6498000 Size: 110848 File Visible: - Signed: -
Status: -

Name: savonaccessfilter.sys
Image Path: C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
Address: 0xA937D000 Size: 38528 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xF4A08000 Size: 79232 File Visible: - Signed: -
Status: -

Name: Smapint.sys
Image Path: C:\WINDOWS\System32\drivers\Smapint.sys
Address: 0xA655B000 Size: 32768 File Visible: - Signed: -
Status: -

Name: smihlp.sys
Image Path: C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
Address: 0xF7AA7000 Size: 4224 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF72A5000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0x9ACD0000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7AAD000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA1E5A000 Size: 60800 File Visible: - Signed: -
Status: -

Name: Tb2Device.sys
Image Path: C:\WINDOWS\NetopiaRC\Tb2Device.sys
Address: 0xA66A5000 Size: 24576 File Visible: - Signed: -
Status: -

Name: Tb2MirrorSys.sys
Image Path: C:\WINDOWS\NetopiaRC\Tb2MirrorSys.sys
Address: 0xA935D000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA62CC000 Size: 361600 File Visible: - Signed: -
Status: -

Name: tcusb.sys
Image Path: C:\WINDOWS\System32\Drivers\tcusb.sys
Address: 0xA6370000 Size: 40448 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7905000 Size: 20480 File Visible: - Signed: -
Status: -

Name: TDSMAPI.SYS
Image Path: C:\WINDOWS\System32\drivers\TDSMAPI.SYS
Address: 0xA6563000 Size: 24576 File Visible: - Signed: -
Status: -

Name: TDTCP.SYS
Image Path: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Address: 0x9BFD8000 Size: 21760 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7625000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tp4track.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tp4track.sys
Address: 0xF7795000 Size: 40960 File Visible: - Signed: -
Status: -

Name: TPHKDRV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
Address: 0xA6573000 Size: 16544 File Visible: - Signed: -
Status: -

Name: Tppwrif.sys
Image Path: C:\WINDOWS\System32\drivers\Tppwrif.sys
Address: 0xA657B000 Size: 20480 File Visible: - Signed: -
Status: -

Name: TSMAPIP.SYS
Image Path: C:\WINDOWS\System32\drivers\TSMAPIP.SYS
Address: 0xA6583000 Size: 24576 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF47C9000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7AD7000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF78D5000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7655000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF4DBB000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF78CD000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xA669D000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF4E20000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7595000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xA931D000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0x9BFC8000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdf01000.sys
Image Path: C:\WINDOWS\System32\Drivers\wdf01000.sys
Address: 0xF498C000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Address: 0xF77A5000 Size: 53248 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0x9B46C000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7A57000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF7232000 Size: 77568 File Visible: - Signed: -
Status: -

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 02 August 2009 - 07:12 PM

This is not the correct log. Make sure you click on the Files tab (bottom left), then click the Scan button.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 gingerandhottie

gingerandhottie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 02 August 2009 - 07:44 PM

Sorry about that. See below -- thanks again!


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/02 17:43
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\hjgruiirkigokk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\hjgruiqjlkteso.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\hjgruirnkndyib.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\hjgruixnhyebmy.dat
Status: Invisible to the Windows API!

Path: c:\windows\temp\perflib_perfdata_ae0.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\WINDOWS\Temp\hjgruiefvsiryqjb.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\hjgruihxcceoqbqh.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\hjgruiyapqjovb.sys
Status: Invisible to the Windows API!

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 02 August 2009 - 07:47 PM

Rerun Rootrepeal. After the scan completes, go to the files tab and find this file:

C:\WINDOWS\system32\drivers\hjgruiyapqjovb.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes. Keep rebooting and running quick-scans with Malwarebytes until it shows zero infections. If after 3 scans it is still not clean post the final log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 gingerandhottie

gingerandhottie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 03 August 2009 - 12:26 PM

Problem solved! Many thanks!

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 03 August 2009 - 04:25 PM

If you’re clean, you should create a new Restore Point to prevent possible re-infection from an old one.

Go Start > Programs > Accessories > System Tools and click System Restore. Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name and then click Create. Then use Disk Cleanup to remove all but the most recently created Restore Point. Go Start > Run and type: "Cleanmgr" (without the quotes). Click Ok > More Options tab > Clean Up in the System Restore section to remove all previous restore points except the newly created one.

Also, go Start > Control Panel and double-click Add or Remove Programs. Post back and report any Java entries that you have.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 gingerandhottie

gingerandhottie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 04 August 2009 - 06:36 PM

Okay, thanks. I created a new System Restore point.

Here are the java entries in Add or Remove Programs:

1.

Java™ 2 Platform Standard Edition
Runtime Environment
Version 5.0

2.

Java™ Platform, Standard Edition
Runtime Environment
Version 6


Cheers

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 04 August 2009 - 06:42 PM

You can remove Version 5 as it is out-of-date.

What update is your Version 6? The current one is Update 14.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 gingerandhottie

gingerandhottie
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 04 August 2009 - 07:12 PM

Update 2. Does this mean I should go find an update?

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:50 AM

Posted 04 August 2009 - 07:19 PM

You can get it here:

http://java.com/en/download/index.jsp

Actually, they just released Update 15.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users