Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with Windows Antivirus Pro


  • Please log in to reply
8 replies to this topic

#1 daveneedshelp

daveneedshelp

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 24 August 2009 - 11:51 AM

Hi..I got this yesterday and ran otm..I am in safe mode with no desktop and only able to access the internet..I tried starting system restore but it would not allow me to do so. I cannot run any .exe programs. I cannot scan. I do not have a xp cd. What do I do? I was thinking of running the combo fix but I am not a computer guru. Finally I get redirected if I enter into some websites..Thanks

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:03 AM

Posted 24 August 2009 - 12:39 PM

Hello let's try to run MBAM.. Rename it and/or the extention before running.

Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.

Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first
***
Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..

run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 daveneedshelp

daveneedshelp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 24 August 2009 - 01:06 PM

Hi..I ran the bmam changed the name and it started to run and then stopped..I then went into program files to change the name mbam.exe and it would not allow me to do so..

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:03 AM

Posted 24 August 2009 - 01:15 PM

OK,let's try getting in this way.

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 daveneedshelp

daveneedshelp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 24 August 2009 - 03:53 PM

Hi...I was able to get it to scan and transfered it to notebook and I pasted it below..Not really sure what ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/24 13:48
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7788000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: aeaudio.sys
Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xF71F3000 Size: 94976 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xEEA8F000 Size: 138368 File Visible: - Signed: -
Status: -

Name: amon.sys
Image Path: C:\WINDOWS\system32\drivers\amon.sys
Address: 0xEE2F8000 Size: 501952 File Visible: - Signed: -
Status: -

Name: ANIO.SYS
Image Path: C:\WINDOWS\system32\ANIO.SYS
Address: 0xF7B5F000 Size: 28128 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF771A000 Size: 95360 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7E48000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7CF5000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7BE7000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7997000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7887000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7817000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7807000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF7732000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7CDD000 Size: 5888 File Visible: - Signed: -
Status: -

Name: Dot4.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Dot4.sys
Address: 0xEE99A000 Size: 207360 File Visible: - Signed: -
Status: -

Name: Dot4Prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
Address: 0xF7CCF000 Size: 12928 File Visible: - Signed: -
Status: -

Name: dot4usb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\dot4usb.sys
Address: 0xF7B1F000 Size: 23808 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF78B7000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_IdeChnDr.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_IdeChnDr.sys
Address: 0xEE982000 Size: 98304 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xEEBA1000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7F14000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Address: 0xF72C3000 Size: 140800 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xED33C000 Size: 143360 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7BC7000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7977000 Size: 34944 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF7AE7000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF76E2000 Size: 128896 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7CF1000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7758000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EC000 Size: 131968 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xEDC9D000 Size: 262784 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF7877000 Size: 52736 File Visible: - Signed: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBFA21000 Size: 765952 File Visible: - Signed: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBFA02000 Size: 126976 File Visible: - Signed: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF9E3000 Size: 126976 File Visible: - Signed: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Address: 0xF7507000 Size: 681408 File Visible: - Signed: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF9D5000 Size: 57344 File Visible: - Signed: -
Status: -

Name: IdeBusDr.sys
Image Path: IdeBusDr.sys
Address: 0xF7BEB000 Size: 12544 File Visible: - Signed: -
Status: -

Name: IdeChnDr.sys
Image Path: IdeChnDr.sys
Address: 0xF7702000 Size: 95840 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF78A7000 Size: 41856 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7CDB000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF7857000 Size: 36096 File Visible: - Signed: -
Status: -

Name: IntelS51.sys
Image Path: C:\WINDOWS\system32\DRIVERS\IntelS51.sys
Address: 0xF7309000 Size: 1861984 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xEEAD9000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xEEB76000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF77D7000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7A97000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7CD7000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xED311000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF72E6000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF76CB000 Size: 92032 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7CF9000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7B97000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xF75AE000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7AAF000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF77E7000 Size: 42240 File Visible: - Signed: -
Status: -

Name: Mpfp.sys
Image Path: C:\WINDOWS\System32\Drivers\Mpfp.sys
Address: 0xEEAFA000 Size: 147456 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xEE373000 Size: 179584 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xEE9F5000 Size: 453632 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7B17000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF78F7000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7CBB000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF75F6000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7611000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7C93000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xEE87A000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF71DC000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7917000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7967000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xEEAB1000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nod32drv.sys
Image Path: C:\WINDOWS\system32\drivers\nod32drv.sys
Address: 0xF7D03000 Size: 7648 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7B27000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF763E000 Size: 574464 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7E8C000 Size: 2944 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF72AF000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7A5F000 Size: 18688 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7D39000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7777000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCIIde.sys
Image Path: PCIIde.sys
Address: 0xF7D9F000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\Drivers\PCIIDEX.SYS
Address: 0xF7A57000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF720B000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF71CB000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7B67000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7827000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF7C7B000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF78C7000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF78D7000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF78E7000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7B77000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xEEA64000 Size: 174592 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7CFD000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF719A000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF7897000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rootrepeal.com.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.com.sys
Address: 0xEDB1D000 Size: 49152 File Visible: No Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF7C77000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF7867000 Size: 64896 File Visible: - Signed: -
Status: -

Name: serscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serscan.sys
Address: 0xF7CE1000 Size: 6784 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xF722F000 Size: 522688 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xEE256000 Size: 333184 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7CE7000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xEE6BA000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xEEB1E000 Size: 360320 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7B3F000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7907000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF7119000 Size: 364160 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7CED000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7A9F000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7937000 Size: 57600 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF74D0000 Size: 143360 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7A6F000 Size: 20480 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7B07000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF74F3000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF77F7000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF7957000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7B4F000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEE585000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7AEF000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF7079000 Size: 61440 File Visible: No Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7CD9000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2180480 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF718E000 Size: 12032 File Visible: - Signed: -
Status: -

I am looking for...

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:03 AM

Posted 24 August 2009 - 07:13 PM

Ok we need to run the first part of the Automated Removal Instructions for Windows Antivirus Pro .
Then Run Malwarebytes(instructions are there also).
Now rerun Rootrepeal but select ONLY the Files tab at the bottom.

Post the MBAM and ROOT logs please.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 daveneedshelp

daveneedshelp
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 25 August 2009 - 01:26 PM

Hi..I tried this..It would not allow me to run the program..It said the adminstrator stopped it..I then changed the extention on the file to .com and it ran..A box came up (16 bit ms-dos subystem) said the ntvdm cpu has encounted an illegal instrucion and ask med if I should close or ignore..I chose to ignore which I hope was not a mistake...Now all I have is the task manager..I cannot access the internet with that computer..What should I do?

#8 mimory

mimory

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 25 August 2009 - 02:23 PM

Hi daveneedshelp,

I'm no expert on computer security, but I had a similar problem with Windows Antivirus Pro 2009 and I pretty much lost all functionality (even in safe mode). Frantically searching the internet I tried to find any program that would first of all run and second, actually do something against this major inconvenience. One of the programs that I happened upon was called killbox, and I tried deleting locked .dll files with it. It didn't really work on that end. One of the options in killbox lets you open the local services for windows. It was in there that I found windows antivirus pro running as a service. I disabled it and stuck an admin password on it hoping that would do something (although by that point I also couldn't install or run anything because I didn't have admin rights anymore). I forgot to go back into safe mode upon restarting but I was pleasantly surprised that I was able to get back into normal mode albeit slowly.

The above is not instruction. It's just what happened to me, but I'm pretty sure the key to beating this thing is to get into windows local services and disabling the virus's service. Hope this helps and good luck.

-M

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:03 AM

Posted 25 August 2009 - 06:10 PM

Fix the local security policy.

Open Control Panel and go to Administrative Tools.
In Administrative tools open Local Security Policy.
Then in Local Security Policy right click Software Restriction Policies and click “New Software Rectriction Policy”.
Now Left click on software restriction policies and in the right-hand window you should see enforcement.
Double-click on enforcement and set the policy to apply to “ALL USERS EXCEPT LOCAL ADMINISTRATORS”
Now approve the changes and see if you are now able to install software.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users