Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect - virus scans and malware removals wont run


  • Please log in to reply
7 replies to this topic

#1 Fly10

Fly10

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 25 August 2009 - 11:16 PM

Hi guys and gals. I'm getting redirected on google and other search engines, to google then (or) to other websites. I tried malwarebytes, superanti-virus, and hijackthis but it will either not run at all, or it will only run for short time then it stops. I renamed those before downloading and it still wont run for long. After it stops and I click the icon it will then get something like "file not found, path way to ..." I even tried it in safe-mode, but it doesn't work.

Not sure if this helps, but rootrepeal ran:

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/08/25 21:14
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF7560000 Size: 57344 File Visible: - Signed: -
Status: -

Name: Aavmker4.SYS
Image Path: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xF7910000 Size: 19072 File Visible: No Signed: -
Status: -

Name: ABP480N5.SYS
Image Path: ABP480N5.SYS
Address: 0xF7808000 Size: 23552 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7411000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF795C000 Size: 11648 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: adpu160m.sys
Address: 0xF727E000 Size: 101888 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xEF99E000 Size: 15968 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF1EA0000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AFS2K.SYS
Image Path: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Address: 0xF6A68000 Size: 38528 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7680000 Size: 42368 File Visible: - Signed: -
Status: -

Name: agpCPQ.sys
Image Path: agpCPQ.sys
Address: 0xF7690000 Size: 44928 File Visible: - Signed: -
Status: -

Name: aha154x.sys
Image Path: aha154x.sys
Address: 0xF7964000 Size: 12800 File Visible: - Signed: -
Status: -

Name: aic78u2.sys
Image Path: aic78u2.sys
Address: 0xF75C0000 Size: 55168 File Visible: - Signed: -
Status: -

Name: aic78xx.sys
Image Path: aic78xx.sys
Address: 0xF7590000 Size: 56960 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xF7A44000 Size: 5248 File Visible: - Signed: -
Status: -

Name: alim1541.sys
Image Path: alim1541.sys
Address: 0xF7660000 Size: 42752 File Visible: - Signed: -
Status: -

Name: amdagp.sys
Image Path: amdagp.sys
Address: 0xF7670000 Size: 43008 File Visible: - Signed: -
Status: -

Name: amsint.sys
Image Path: amsint.sys
Address: 0xF7970000 Size: 12032 File Visible: - Signed: -
Status: -

Name: asc.sys
Image Path: asc.sys
Address: 0xF77D8000 Size: 26496 File Visible: - Signed: -
Status: -

Name: asc3350p.sys
Image Path: asc3350p.sys
Address: 0xF7810000 Size: 22400 File Visible: - Signed: -
Status: -

Name: asc3550.sys
Image Path: asc3550.sys
Address: 0xF7974000 Size: 14848 File Visible: - Signed: -
Status: -

Name: aswFsBlk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
Address: 0xF7870000 Size: 32768 File Visible: No Signed: -
Status: -

Name: aswMon2.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0xEF6B0000 Size: 87424 File Visible: No Signed: -
Status: -

Name: aswSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswSP.SYS
Address: 0xF1DBC000 Size: 135168 File Visible: No Signed: -
Status: -

Name: aswTdi.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xF7780000 Size: 41664 File Visible: No Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7297000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF058000 Size: 499712 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF6741000 Size: 3174400 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF16B000 Size: 3121152 File Visible: - Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0D2000 Size: 450560 File Visible: - Signed: -
Status: -

Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF140000 Size: 176128 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF465000 Size: 1662976 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7BEF000 Size: 3072 File Visible: - Signed: -
Status: -

Name: aujasnkj.sys
Image Path: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\aujasnkj.sys
Address: 0xEDD07000 Size: 84352 File Visible: No Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF7958000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A86000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7950000 Size: 12288 File Visible: - Signed: -
Status: -

Name: cbidf2k.sys
Image Path: cbidf2k.sys
Address: 0xF797C000 Size: 13952 File Visible: - Signed: -
Status: -

Name: cd20xrnt.sys
Image Path: cd20xrnt.sys
Address: 0xF7A50000 Size: 7680 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7105000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF6A58000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7620000 Size: 53248 File Visible: - Signed: -
Status: -

Name: cmdide.sys
Image Path: cmdide.sys
Address: 0xF7A4C000 Size: 6656 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF7954000 Size: 10240 File Visible: - Signed: -
Status: -

Name: cpqarray.sys
Image Path: cpqarray.sys
Address: 0xF7960000 Size: 14976 File Visible: - Signed: -
Status: -

Name: dac2w2k.sys
Image Path: dac2w2k.sys
Address: 0xF7252000 Size: 179584 File Visible: - Signed: -
Status: -

Name: dac960nt.sys
Image Path: dac960nt.sys
Address: 0xF796C000 Size: 14720 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7610000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF739D000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7A4E000 Size: 5888 File Visible: - Signed: -
Status: -

Name: dpti2o.sys
Image Path: dpti2o.sys
Address: 0xF7818000 Size: 20192 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7770000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF1D7E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A98000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF2008000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7C51000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF77A0000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF7232000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A84000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF73C3000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF76B0000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF66BE000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF70D5000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF78F0000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF6576000 Size: 10368 File Visible: - Signed: -
Status: -

Name: hpn.sys
Image Path: hpn.sys
Address: 0xF7828000 Size: 25952 File Visible: - Signed: -
Status: -

Name: HPZid412.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xEF56B000 Size: 50688 File Visible: - Signed: -
Status: -

Name: HPZipr12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xEF543000 Size: 15808 File Visible: - Signed: -
Status: -

Name: HPZius12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xEE0D7000 Size: 22112 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xEF502000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF7A28000 Size: 8576 File Visible: - Signed: -
Status: -

Name: i2omp.sys
Image Path: i2omp.sys
Address: 0xF77E8000 Size: 18560 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF76C0000 Size: 52480 File Visible: - Signed: -
Status: -

Name: IASTOR.SYS
Image Path: IASTOR.SYS
Address: 0xF72AF000 Size: 874240 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF6A78000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ini910u.sys
Image Path: ini910u.sys
Address: 0xF7978000 Size: 16000 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7A46000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF6A88000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xF1D96000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xF1F43000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7540000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7898000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xF656E000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A40000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xEDCDC000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF66E6000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7209000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A88000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF78A0000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7570000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mraid35x.sys
Image Path: mraid35x.sys
Address: 0xF77E0000 Size: 17280 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xEF633000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xF1DDD000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7900000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF7710000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7059000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7135000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF714F000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7A3C000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF6693000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7730000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7790000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xF1EC2000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7908000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF717C000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7B85000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7550000 Size: 61696 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7B09000 Size: 4096 File Visible: - Signed: -
Status: -

Name: osjrw.sys
Image Path: C:\WINDOWS\system32\drivers\osjrw.sys
Address: 0xF2060000 Size: 61440 File Visible: No Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF66AA000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF77C8000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7AEE000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7400000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7B08000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF77C0000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF73E2000 Size: 120192 File Visible: - Signed: -
Status: -

Name: perc2.sys
Image Path: perc2.sys
Address: 0xF7820000 Size: 27296 File Visible: - Signed: -
Status: -

Name: perc2hib.sys
Image Path: perc2hib.sys
Address: 0xF7A52000 Size: 5504 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF20B0000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF6682000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF78B8000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7630000 Size: 35712 File Visible: - Signed: -
Status: -

Name: ql1080.sys
Image Path: ql1080.sys
Address: 0xF75E0000 Size: 40320 File Visible: - Signed: -
Status: -

Name: ql10wnt.sys
Image Path: ql10wnt.sys
Address: 0xF75A0000 Size: 33152 File Visible: - Signed: -
Status: -

Name: ql12160.sys
Image Path: ql12160.sys
Address: 0xF7600000 Size: 45312 File Visible: - Signed: -
Status: -

Name: ql1240.sys
Image Path: ql1240.sys
Address: 0xF75B0000 Size: 40448 File Visible: - Signed: -
Status: -

Name: ql1280.sys
Image Path: ql1280.sys
Address: 0xF75F0000 Size: 49024 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF660C000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76E0000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF76F0000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF7700000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF78C0000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xF1E75000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A8A000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF6610000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF6A48000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEDFBC000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xF20D4000 Size: 4636672 File Visible: - Signed: -
Status: -

Name: RTL8139.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
Address: 0xF78A8000 Size: 20992 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xEDE87000 Size: 151552 File Visible: No Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xF7385000 Size: 98304 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF7A38000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF76D0000 Size: 64512 File Visible: - Signed: -
Status: -

Name: sisagp.sys
Image Path: sisagp.sys
Address: 0xF7640000 Size: 40960 File Visible: - Signed: -
Status: -

Name: sparrow.sys
Image Path: sparrow.sys
Address: 0xF77D0000 Size: 19072 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7220000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xEF218000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A7E000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sym_hi.sys
Image Path: sym_hi.sys
Address: 0xF77F8000 Size: 28384 File Visible: - Signed: -
Status: -

Name: sym_u3.sys
Image Path: sym_u3.sys
Address: 0xF7800000 Size: 30688 File Visible: - Signed: -
Status: -

Name: symc810.sys
Image Path: symc810.sys
Address: 0xF7968000 Size: 16256 File Visible: - Signed: -
Status: -

Name: symc8xx.sys
Image Path: symc8xx.sys
Address: 0xF77F0000 Size: 32640 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xEF716000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xF1EEA000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF78B0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7720000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tmcomm.sys
Image Path: C:\WINDOWS\system32\drivers\tmcomm.sys
Address: 0xEF3AA000 Size: 97280 File Visible: - Signed: -
Status: -

Name: toside.sys
Image Path: toside.sys
Address: 0xF7A48000 Size: 4992 File Visible: - Signed: -
Status: -

Name: ultra.sys
Image Path: ultra.sys
Address: 0xF75D0000 Size: 36736 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF658A000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xF70E5000 Size: 60032 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF7918000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A80000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF7890000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF7760000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF7888000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6709000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF1FA8000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xEDD74000 Size: 15104 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF78E0000 Size: 26368 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF78F8000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaagp.sys
Image Path: viaagp.sys
Address: 0xF7650000 Size: 42240 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF7A4A000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF672D000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7580000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF77B0000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7930000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEF1DB000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7878000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xEFAC6000 Size: 61440 File Visible: No Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7A42000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Edited by Fly10, 25 August 2009 - 11:19 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 25 August 2009 - 11:21 PM

Try running the RootRepeal Files scan.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Fly10

Fly10
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 26 August 2009 - 12:51 AM

Try running the RootRepeal Files scan.


I just tried to run the Files scan but all of a sudden it just closed. Then it tried clicking the rootrepeal icon to run it again, but now all I get is the "windows cannot access specified pathway..."

Same thing that happened with the other programs.

Edited by Fly10, 26 August 2009 - 12:54 AM.


#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 26 August 2009 - 12:56 AM

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Fly10

Fly10
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 26 August 2009 - 02:53 AM

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 8/25/2009 at 23:18:54 PM
User "Christine" on computer "CHRISTINA"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kbiwkmcttdmxdv
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kbiwkmcvkqlmfy
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\kbiwkmcttdmxdv
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\kbiwkmcvkqlmfy
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Documents and Settings\Christine\Local Settings\Application Data\Microsoft\Messenger\dubug26@live.com\SharingMetadata\xx_classique_belleza_xx@hotmail.com\DFSR\Staging\CS{CEA364F2-F829-4494-CAEB-0A6EF9D0D247}\01\10-{CEA364F2-F829-4494-CAEB-0A6EF9D0D247}-v1-{41654F3B-D14B-44BE-9B8D-90A77F818F94}-v10-Downloaded.frx
Hidden: file C:\Documents and Settings\Christine\Local Settings\Application Data\Microsoft\Messenger\dubug26@live.com\SharingMetadata\xx_classique_belleza_xx@hotmail.com\DFSR\Staging\CS{CEA364F2-F829-4494-CAEB-0A6EF9D0D247}\11\11-{41654F3B-D14B-44BE-9B8D-90A77F818F94}-v11-{41654F3B-D14B-44BE-9B8D-90A77F818F94}-v11-Downloaded.frx
Hidden: file C:\Documents and Settings\Christine\Local Settings\Application Data\Microsoft\Messenger\dubug26@live.com\SharingMetadata\xx_classique_belleza_xx@hotmail.com\DFSR\Staging\CS{CEA364F2-F829-4494-CAEB-0A6EF9D0D247}\12\12-{41654F3B-D14B-44BE-9B8D-90A77F818F94}-v12-{41654F3B-D14B-44BE-9B8D-90A77F818F94}-v12-Downloaded.frx
Hidden: file C:\Documents and Settings\Christine\Local Settings\Application Data\Microsoft\Messenger\dubug26@live.com\SharingMetadata\xx_classique_belleza_xx@hotmail.com\DFSR\Staging\CS{CEA364F2-F829-4494-CAEB-0A6EF9D0D247}\13\13-{41654F3B-D14B-44BE-9B8D-90A77F818F94}-v13-{41654F3B-D14B-44BE-9B8D-90A77F818F94}-v13-Downloaded.frx
Hidden: file C:\Documents and Settings\Christine\Local Settings\Application Data\Microsoft\Messenger\dubug26@live.com\SharingMetadata\xx_classique_belleza_xx@hotmail.com\DFSR\Staging\CS{CEA364F2-F829-4494-CAEB-0A6EF9D0D247}\14\14-{41654F3B-D14B-44BE-9B8D-90A77F818F94}-v14-{41654F3B-D14B-44BE-9B8D-90A77F818F94}-v14-Downloaded.frx
Hidden: file C:\WINDOWS\system32\kbiwkmdoutkcco.dll
Hidden: file C:\Documents and Settings\Christine\Local Settings\Temp\kbiwkmqvomwqvcxt.tmp
Hidden: file C:\Documents and Settings\Christine\Local Settings\Temp\kbiwkmnxwevpqsxt.tmp
Hidden: file C:\Program Files\Trend Micro2\HijackThis\HijackThis.exe
Hidden: file C:\WINDOWS\system32\kbiwkmjrvfievx.dat
Hidden: file C:\WINDOWS\system32\drivers\kbiwkmnmupoaiq.sys
Hidden: file C:\WINDOWS\system32\kbiwkmjgtbwvgf.dll
Hidden: file C:\WINDOWS\system32\eventlog.dll
Hidden: file C:\Documents and Settings\Christine\Desktop\RootRepeal.exe
Hidden: file C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Hidden: file C:\WINDOWS\system32\kbiwkmejkrocnx.dat
Hidden: file C:\WINDOWS\system32\kbiwkmkvorpjko.dll
Hidden: file C:\WINDOWS\system32\kbiwkmwdelamsq.dat
Hidden: file C:\WINDOWS\system32\kbiwkmnkousaou.dll
Hidden: file C:\WINDOWS\system32\kbiwkmrdvqonxn.dat
Hidden: file C:\WINDOWS\system32\dumprep.exe
Hidden: file C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Info: Starting disk scan of I: (FAT).
Error: Encountered corrupt data structures during scan of drive I:.
We suggest you check this disk for errors.
Stopped logging on 8/25/2009 at 23:53:52 PM


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 8/26/2009 at 0:10:10 AM
User "Christine" on computer "CHRISTINA"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Info: Starting disk scan of I: (FAT).
Stopped logging on 8/26/2009 at 0:44:40 AM

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 26 August 2009 - 04:04 AM

Have Sophos remove this file:

C:\WINDOWS\system32\drivers\kbiwkmnmupoaiq.sys

Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes. Keep rebooting and running quick-scans with Malwarebytes until it shows zero infections. If after 3 scans it is still not clean post the final log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Fly10

Fly10
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:52 PM

Posted 26 August 2009 - 09:44 PM

I ran Sophos, avast and malwarebytes a couple times. No more viruses or malware are shown. I'm not getting anymore redirects, is the computer clean now?

sophos

Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Stopped logging on 8/26/2009 at 9:22:36 AM

Malwarebytes

Malwarebytes' Anti-Malware 1.40
Database version: 2697
Windows 5.1.2600 Service Pack 3

8/26/2009 7:37:32 PM
mbam-log-2009-08-26 (19-37-32).txt

Scan type: Quick Scan
Objects scanned: 104137
Time elapsed: 12 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Fly10, 26 August 2009 - 09:44 PM.


#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 AM

Posted 26 August 2009 - 10:05 PM

Looks good. Run a scan with SUPERAntiSpyware in Safe Mode as a double-check.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users