Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects to www.thefarmyard.com, 1st in Reddit, then hotmail, then others...


  • Please log in to reply
5 replies to this topic

#1 gaberax

gaberax

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 22 August 2009 - 06:13 PM

Hello, I was having a similar problem as the another poster (cmcdona8) and following that threads advice, began trying to correct the problem. I ran the Malwarebytes software and did the quick scan. The problem seems to have gone away (redirect in digg, reddit, hotmail, google...) but I was wondering if A) you recommend that should run the RootRepeal software as well? I DO use this PC for banking and concerned about backdoor processing that might compromise my accounts. This problem seems to have started yesterday.

Thanks in advance for any help you can offer. :thumbsup:


Here were the log from the Malware Bytes software.

Malwarebytes' Anti-Malware 1.40
Database version: 2675
Windows 5.1.2600 Service Pack 3

8/22/2009 1:59:04 AM
mbam-log-2009-08-22 (01-59-04).txt

Scan type: Quick Scan
Objects scanned: 108897
Time elapsed: 29 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\CNHN28SF\Install[1].exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bob\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Bob\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Bob\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Bob\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by gaberax, 22 August 2009 - 06:14 PM.


BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 22 August 2009 - 06:23 PM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.


Yes, lets run Rootrepeal to make sure that nothing is hiding:

Please install RootRepeal

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K
Unzip that to your Desktop and then click RootRepeal.exe to open the scanner.

*Open the folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
* Click on the FILES tab, then click the Scan button.
* In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
* When the scan has completed, a list of files will be generated in the RootRepeal window.
* Click on the Save Report button and save it as rootrepeal.txt to your desktop or the same location where you ran the tool from.
* Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.
* Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High


Note 2: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "Safe Mode".
Computer Pro

#3 gaberax

gaberax
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 23 August 2009 - 10:31 AM

Thanks. I am now tracking the thread. Here is the RootRepeal Report...

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/23 11:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7692000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: aeaudio.sys
Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xF7C19000 Size: 4384 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF42A1000 Size: 138496 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7771000 Size: 42368 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF75C9000 Size: 96512 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7E08000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7C37000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7AF1000 Size: 12288 File Visible: - Signed: -
Status: -

Name: BrScnUsb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
Address: 0xF7BD9000 Size: 14336 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7911000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF6AF2000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7751000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7741000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF75E1000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7BE7000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7801000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dsNcAdpt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
Address: 0xF7811000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF40D2000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C3F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF7B79000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7D5C000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Address: 0xF6683000 Size: 145408 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xB688A000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7A71000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF78E1000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF7AB9000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF75A9000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7C35000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7607000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF77B1000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806FF000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF7901000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7979000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF7BD5000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB7FB9000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF6B12000 Size: 52480 File Visible: - Signed: -
Status: -

Name: ibuwu.sys
Image Path: ibuwu.sys
Address: 0xF76E1000 Size: 61440 File Visible: No Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF77F1000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7BE5000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF6B42000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Address: 0xF78C1000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xF42EB000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xF4391000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF76F1000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7A79000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7BE1000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB746E000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF664C000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7580000 Size: 92928 File Visible: - Signed: -
Status: -

Name: MCSTRM.SYS
Image Path: C:\WINDOWS\System32\Drivers\MCSTRM.SYS
Address: 0xF7C17000 Size: 7360 File Visible: - Signed: -
Status: -

Name: mfeavfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0xB8392000 Size: 73152 File Visible: - Signed: -
Status: -

Name: mfebopk.sys
Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xF7A41000 Size: 28544 File Visible: - Signed: -
Status: -

Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xF4112000 Size: 207296 File Visible: - Signed: -
Status: -

Name: mfesmfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfesmfk.sys
Address: 0xB9E0D000 Size: 33824 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7C39000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7AA1000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xF7BDD000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7721000 Size: 42368 File Visible: - Signed: -
Status: -

Name: Mpfp.sys
Image Path: C:\WINDOWS\System32\Drivers\Mpfp.sys
Address: 0xF4311000 Size: 159744 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB920E000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xF4145000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7AD1000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7851000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7AF5000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF74D9000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.SYS
Image Path: C:\WINDOWS\SYSTEM32\Drivers\NDIS.SYS
Address: 0xF7626000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7494000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xBACF8000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF658B000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7871000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF78D1000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xF42C3000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7AD9000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF74F3000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7D9A000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D5000 Size: 4530176 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xF6722000 Size: 3994624 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF666F000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7971000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7C75000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7681000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\Drivers\PCIIDEX.SYS
Address: 0xF7969000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF65A2000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF657A000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7A91000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7761000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7B9D000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF7821000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF7831000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7841000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7A99000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xF41B5000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7C3B000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF654A000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF77A1000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8302000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF7AE1000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0xF7A59000 Size: 20480 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xF41E0000 Size: 135168 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF74A0000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF6B02000 Size: 64512 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xF65C6000 Size: 545024 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7597000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB90A4000 Size: 333952 File Visible: - Signed: -
Status: -

Name: ssfs0bbc.sys
Image Path: ssfs0bbc.sys
Address: 0xF7711000 Size: 45056 File Visible: - Signed: -
Status: -

Name: SSHRMD.SYS
Image Path: SSHRMD.SYS
Address: 0xF7701000 Size: 36864 File Visible: - Signed: -
Status: -

Name: SSIDRV.SYS
Image Path: SSIDRV.SYS
Address: 0xF7653000 Size: 188416 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7C1B000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xBAC20000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xF4338000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\SYSTEM32\Drivers\TDI.SYS
Address: 0xF7961000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7861000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF64EC000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF7AE9000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7C2D000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7A69000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7881000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF66EA000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF7991000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7A61000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7AC9000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF670E000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7731000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF78B1000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7999000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xBA163000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7BE3000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -
Status: -

#4 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 23 August 2009 - 04:30 PM

Please run the Files scan from the files tab and post back the log.
Computer Pro

#5 gaberax

gaberax
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 24 August 2009 - 09:25 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/24 22:24
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\20080911\050199.BAK
Status: Invisible to the Windows API!

Path: C:\20080911\090812163800-large.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\2008 January.doc
Status: Invisible to the Windows API!

Path: C:\20080911\20080911
Status: Invisible to the Windows API!

Path: C:\20080911\397a69bd0d32c4bc40af
Status: Invisible to the Windows API!

Path: C:\20080911\drvrtmp
Status: Invisible to the Windows API!

Path: C:\20080911\EFPrint
Status: Invisible to the Windows API!

Path: C:\20080911\FAFSAPINS.txt
Status: Invisible to the Windows API!

Path: C:\20080911\FEAR.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\FRANK
Status: Invisible to the Windows API!

Path: C:\20080911\gaberax2009.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\gaberax200905.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\gaberax2009A.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\gaberax2009Ac.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\gaberax2009ACr.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\gaberax2009ACrx.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\gaberax2009b3.JPG
Status: Invisible to the Windows API!

Path: C:\20080911\gaberax2009green.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\gaberax2009green2.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\gaberax2009red.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\gaberaxleakycauldronA.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\Program Files
Status: Invisible to the Windows API!

Path: C:\20080911\project-nomad_0.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\project-nomad_1.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\project-nomad_2.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\project-nomad_4.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\project-nomad_5.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\pumpkinhead.JPG
Status: Invisible to the Windows API!

Path: C:\20080911\PumpkinPancakes.txt
Status: Invisible to the Windows API!

Path: C:\20080911\QUARANTINE
Status: Invisible to the Windows API!

Path: C:\20080911\RachelsIDBack.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\RachelsIDFront.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\RECYCLER
Status: Invisible to the Windows API!

Path: C:\20080911\RegSeeker
Status: Invisible to the Windows API!

Path: C:\20080911\Riddle
Status: Invisible to the Windows API!

Path: C:\20080911\riddleDoormat
Status: Invisible to the Windows API!

Path: C:\20080911\sandcrab1.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\Santa500.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\spirit_Bear.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\Stanley.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\boot.ini
Status: Invisible to the Windows API!

Path: C:\20080911\carina2_hst_big.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\catgen.exe
Status: Invisible to the Windows API!

Path: C:\20080911\ChadJessJackThanksgiving2007.zip
Status: Invisible to the Windows API!

Path: C:\20080911\Changes in Latitudes.doc
Status: Invisible to the Windows API!

Path: C:\20080911\Chloe20090718.JPG
Status: Invisible to the Windows API!

Path: C:\20080911\CJ1.zip
Status: Invisible to the Windows API!

Path: C:\20080911\CJ2.zip
Status: Invisible to the Windows API!

Path: C:\20080911\CJ3.zip
Status: Invisible to the Windows API!

Path: C:\20080911\CJ4.zip
Status: Invisible to the Windows API!

Path: C:\20080911\CJ5.zip
Status: Invisible to the Windows API!

Path: C:\20080911\Config.Msi
Status: Invisible to the Windows API!

Path: C:\20080911\CONFIG.SYS
Status: Invisible to the Windows API!

Path: C:\20080911\CroceOneLessSetOfFootsteps.txt
Status: Invisible to the Windows API!

Path: C:\20080911\DadsPix
Status: Invisible to the Windows API!

Path: C:\20080911\DAVE
Status: Invisible to the Windows API!

Path: C:\20080911\Dell
Status: Invisible to the Windows API!

Path: C:\20080911\dj640
Status: Invisible to the Windows API!

Path: C:\20080911\DJ648c
Status: Invisible to the Windows API!

Path: C:\20080911\DoctorsDay2009
Status: Invisible to the Windows API!

Path: C:\20080911\Documents and Settings
Status: Invisible to the Windows API!

Path: C:\20080911\MArtian_FInk
Status: Invisible to the Windows API!

Path: C:\20080911\Maytag.txt
Status: Invisible to the Windows API!

Path: C:\20080911\MAytag2.txt
Status: Invisible to the Windows API!

Path: C:\20080911\MIlkyWayCave.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\Mongolian_Death_Worm.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\monster13.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\MorrisonMoondance.txt
Status: Invisible to the Windows API!

Path: C:\20080911\mr308_Squee.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\MRJonesCOuntingCrows.txt
Status: Invisible to the Windows API!

Path: C:\20080911\MR_Old_El_Paso.txt
Status: Invisible to the Windows API!

Path: C:\20080911\MSDOS.SYS
Status: Invisible to the Windows API!

Path: C:\20080911\6013_107310491610_689926610_2634460_3991649_n.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\downloads
Status: Invisible to the Windows API!

Path: C:\20080911\MSOCache
Status: Invisible to the Windows API!

Path: C:\20080911\PowershotA40
Status: Invisible to the Windows API!

Path: C:\20080911\StubInstaller.exe
Status: Invisible to the Windows API!

Path: C:\20080911\sunsetfromshuttle.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\swan-nebula.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\System Volume Information
Status: Invisible to the Windows API!

Path: C:\20080911\temp
Status: Invisible to the Windows API!

Path: C:\20080911\theoriginal_eforest_2_jpg.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\theoriginal_eforest_3_jpg.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\theoriginal_eforest_4_jpg.jpg
Status: Invisible to the Windows API!

Path: c:\20080911\thumbs.db
Status: Size mismatch (API: 5120, Raw: 217600)

Path: C:\20080911\troll_Mourier4_avatar.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\U2SundayBloody.txt
Status: Invisible to the Windows API!

Path: C:\20080911\galeshisorcerer.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\goblin-head.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\goblin0106.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\goblinmacefront.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\Goblins02_1_.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\GOBLIN_latex.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\GOBLIN_latex.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\GOBLIN_latex2.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\GOBLIN_latex2a.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\GOBLIN_latex2a.JPG
Status: Invisible to the Windows API!

Path: C:\20080911\GOBLIN_latex2ax.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\goblin_statue.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\GrandRounds200801.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\green_monster.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\hiberfil.sys
Status: Invisible to the Windows API!

Path: C:\20080911\hippo1.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\Hossieni
Status: Invisible to the Windows API!

Path: C:\20080911\Hossieni2
Status: Invisible to the Windows API!

Path: C:\20080911\install.dat
Status: Invisible to the Windows API!

Path: C:\20080911\IO.SYS
Status: Invisible to the Windows API!

Path: C:\20080911\kitty1.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\kubrickworksheet.txt
Status: Invisible to the Windows API!

Path: C:\20080911\libexpatw.dll
Status: Invisible to the Windows API!

Path: C:\20080911\LindaRonstadt
Status: Invisible to the Windows API!

Path: C:\20080911\lone-ranger.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\ManOfConstantSorrow.txt
Status: Invisible to the Windows API!

Path: C:\20080911\6013_107310586610_689926610_2634477_3290446_n.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\6013_107310616610_689926610_2634481_1119587_n.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\6013_107310746610_689926610_2634501_7432447_n.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\6013_107310751610_689926610_2634502_7122746_n.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\6013_107310881610_689926610_2634520_7392419_n.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\6013_107310886610_689926610_2634521_6100736_n.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\6013_107311046610_689926610_2634551_5158334_n.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\697316_goblin.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\A
Status: Invisible to the Windows API!

Path: C:\20080911\AUTOEXEC.BAT
Status: Invisible to the Windows API!

Path: C:\20080911\av-15385Xmas2.JPG
Status: Invisible to the Windows API!

Path: C:\20080911\babygoblin.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\Binaries
Status: Invisible to the Windows API!

Path: C:\20080911\black_raven.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\boost_thread.dll
Status: Invisible to the Windows API!

Path: C:\20080911\Ultimate_Warrior.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\unicows.dll
Status: Invisible to the Windows API!

Path: C:\20080911\Updater.exe
Status: Invisible to the Windows API!

Path: C:\20080911\VMTUpeloHoney.txt
Status: Invisible to the Windows API!

Path: C:\20080911\Water_Vortex.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\whale1.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\Wilco
Status: Invisible to the Windows API!

Path: C:\20080911\wildman.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\WINDOWS
Status: Invisible to the Windows API!

Path: C:\20080911\XamsBuck1002009.JPG
Status: Invisible to the Windows API!

Path: C:\20080911\XamsBuck1002009Side.JPG
Status: Invisible to the Windows API!

Path: C:\20080911\XmasBux2009.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\XmasBux2009.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\Music
Status: Invisible to the Windows API!

Path: C:\20080911\My Recordings
Status: Invisible to the Windows API!

Path: C:\20080911\NAmes.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\NAmes.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\NAmesxxx.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\New Folder (2)
Status: Invisible to the Windows API!

Path: C:\20080911\ngc4725F_siniscalchi.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\NTDETECT.COM
Status: Invisible to the Windows API!

Path: C:\20080911\ntldr
Status: Invisible to the Windows API!

Path: C:\20080911\NVIDIA
Status: Invisible to the Windows API!

Path: C:\20080911\ostrich1.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\otters1.bmp
Status: Invisible to the Windows API!

Path: C:\20080911\oy.jpg
Status: Invisible to the Windows API!

Path: C:\20080911\pagefile.sys
Status: Invisible to the Windows API!

Path: C:\20080911\Pixdaus
Status: Invisible to the Windows API!

Path: C:\20080911\Thumbs.db
Status: Invisible to the Windows API!

Path: C:\20080911\New Folder
Status: Invisible to the Windows API!

Path: C:\DAVE\Robin_Trower_Bridge_of_Sighs\Dc554.mp3
Status: Locked to the Windows API!

Path: C:\DAVE\Robin_Trower_Bridge_of_Sighs\Dc555.mp3
Status: Locked to the Windows API!

Path: C:\DAVE\Robin_Trower_Bridge_of_Sighs\Dc556.mp3
Status: Locked to the Windows API!

Path: C:\DAVE\Robin_Trower_Bridge_of_Sighs\Dc557.mp3
Status: Locked to the Windows API!

Path: C:\DAVE\Robin_Trower_Bridge_of_Sighs\Dc558.mp3
Status: Locked to the Windows API!

Path: C:\DAVE\Robin_Trower_Bridge_of_Sighs\Dc559.mp3
Status: Locked to the Windows API!

Path: C:\DAVE\Robin_Trower_Bridge_of_Sighs\Dc560.mp3
Status: Locked to the Windows API!

Path: C:\DAVE\Robin_Trower_Bridge_of_Sighs\Dc561.mp3
Status: Locked to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_AfpInfo
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_Resource
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_AfpInfo
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_Resource
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_AfpInfo
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_Resource
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_AfpInfo
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_Resource
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_AfpInfo
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_Resource
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_AfpInfo
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_Resource
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_AfpInfo
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_Resource
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_AfpInfo
Status: Invisible to the Windows API!

Path: C:\Dell\Drivers\R133743:AFP_Resource
Status: Invisible to the Windows API!

Path: c:\windows\temp\sqlite_cubnhfsmgbskana
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcmsc_qnie2ykpnqvtoci
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_st7ei4eo6xddypr
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ubigwymn4wd9mz1
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_uhonznntd9ymrli
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_v4fulat7hah8sbo
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_iqppr19ti5ozozq
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_dnpbfawtl4hrf1q
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\mcafee_cammzacpsb4fyf6
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\perflib_perfdata_7c8.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\mcmsc_xjxrakcnsxnhbrl
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_6hvnv8rg0z0jvxd
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\bob\application data\mozilla\firefox\profiles\mntwiaa4.default\sessionstore.js
Status: Size mismatch (API: 11122, Raw: 10796)

#6 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 25 August 2009 - 05:08 PM

Ok, lets try another Anti-Rootkit scan:

Please download Sophos Anti-rootkit& save it to your desktop.
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Credits to DaChew
Be sure to print out and read the User Manualand Release Notes
Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
Make sure the following are checked:
o Running processes
o Windows Registry
o Local Hard Drives

Click Start scan.
Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
o Files tagged as Removable: No are not marked for removal and cannot be removed.
o Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
o Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
After reboot, a dialog box displays the files you selected for removal and the action taken.
Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
Disconnect from the Internet or physically unplug you Internet cable connection.
Clean out your temporary files.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Computer Pro




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users