Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not able to run Malwarebytes,RootRepeal,Combofix -infected with Anti_spyware 2010


  • This topic is locked This topic is locked
4 replies to this topic

#1 lovenil

lovenil

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 29 August 2009 - 11:38 AM

Hi all,

My computer had been infected with Anti Spyware 2010 and braviax.exe which was causing fake alert of virus .

I already had Malwarebytes on machine, when i tried to run it , Malwarebyte would open once but than it would close by itself.

Next time i try to open Malwarebytes from start menu it gives error following error

"windows cannot access specified file,device or path.you may not have appropriate permission to access the file.".

I try uninstalling and fresh installation but no success.

There is same issue with RootRepeal and when i try to boot computer in safe mode it crashes.


Also, I tried collcting logs with Combo-fix but it is not able to run too.
By now i am able to remove Anti_spyware using spyware doctor. but above prob still exists.

Please someone help me.

My system has Windows XP Professional installed on it.

Thanks

Edited by lovenil, 29 August 2009 - 01:55 PM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:27 PM

Posted 29 August 2009 - 03:07 PM

Hello lovenil and :welcome to BleepingComputer.

Please delete the copy of RootRepeal that you have already downloaded then follow the below instructions exactly as given.

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • Click the "Drivers" tab, and then click the Posted Image button.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
RootRepeal log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 lovenil

lovenil
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 29 August 2009 - 04:33 PM

Blade,

Thanks for your quick response.

Below is the log you asked for collected from RootRepeal.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/29 14:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF8821000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF8C8C000 Size: 11648 File Visible: - Signed: -
Status: -

Name: aeaudio.sys
Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xF835C000 Size: 96576 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xEBE8D000 Size: 138496 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF88D0000 Size: 42368 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF87BB000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D5000 Size: 290816 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF85AC000 Size: 624256 File Visible: - Signed: -
Status: -

Name: ati3d1ag.dll
Image Path: C:\WINDOWS\System32\ati3d1ag.dll
Address: 0xBFA1C000 Size: 954368 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF8F85000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\BATTC.SYS
Address: 0xF8C88000 Size: 16384 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF8C80000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB9DC6000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF8920000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF88B0000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\CmBatt.sys
Address: 0xF8D3C000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF8C84000 Size: 10240 File Visible: - Signed: -
Status: -

Name: CVirtA.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CVirtA.sys
Address: 0xF8DBC000 Size: 5248 File Visible: - Signed: -
Status: -

Name: CVPNDRVA.sys
Image Path: C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
Address: 0xBA869000 Size: 544768 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF88A0000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dne2000.sys
Image Path: C:\WINDOWS\system32\DRIVERS\dne2000.sys
Address: 0xF8341000 Size: 110080 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF8950000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBAFD7000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8DFA000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF8D1C000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8F09000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: C:\WINDOWS\System32\DRIVERS\e100b325.sys
Address: 0xF84B2000 Size: 117760 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF8BF0000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF8A80000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF879B000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF8DC4000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF87D3000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 81152 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB9FFE000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF8900000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF8910000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF8D74000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF8AD0000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xEBDCC000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xEBF30000 Size: 75264 File Visible: - Signed: -
Status: -

Name: irda.sys
Image Path: C:\WINDOWS\System32\DRIVERS\irda.sys
Address: 0xBACF1000 Size: 88192 File Visible: - Signed: -
Status: -

Name: irenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\irenum.sys
Address: 0xF8D30000 Size: 11264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF8870000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF8C00000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF8D70000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB96AE000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xF8429000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF8761000 Size: 92288 File Visible: - Signed: -
Status: -

Name: loop.sys
Image Path: C:\WINDOWS\system32\DRIVERS\loop.sys
Address: 0xF8DBE000 Size: 4992 File Visible: - Signed: -
Status: -

Name: ltmdmxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ltmdmxp.sys
Address: 0xF84FD000 Size: 633408 File Visible: - Signed: -
Status: -

Name: mcdbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mcdbus.sys
Address: 0xF81C9000 Size: 116736 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF8DC6000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF8BE0000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF8C08000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF8880000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mqac.sys
Image Path: C:\WINDOWS\system32\drivers\mqac.sys
Address: 0xBA788000 Size: 92544 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xBA916000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xEBDF2000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF8C50000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF89E0000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF8D60000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF868D000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF86A7000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF8D44000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xBAE9B000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF832A000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF8A00000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF8A60000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xEBEAF000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF8C58000 Size: 30848 File Visible: - Signed: -
Status: -

Name: nscirda.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nscirda.sys
Address: 0xF8BF8000 Size: 28672 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF86D4000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8E85000 Size: 2944 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
Address: 0xF8E38000 Size: 4096 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF847A000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF8AF8000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF8E08000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF8810000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF8AF0000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF87F2000 Size: 120192 File Visible: - Signed: -
Status: -

Name: PCTCore.sys
Image Path: PCTCore.sys
Address: 0xF8778000 Size: 143360 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF8374000 Size: 147456 File Visible: - Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF8E34000 Size: 7872 File Visible: No Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF8319000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF8C20000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF88C0000 Size: 37376 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF8D20000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasirda.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasirda.sys
Address: 0xF8C10000 Size: 19584 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF89B0000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF89C0000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF89D0000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF8C28000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xEBE62000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF8DC8000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xF8286000 Size: 196224 File Visible: - Signed: -
Status: -

Name: RDPWD.SYS
Image Path: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Address: 0xBAB16000 Size: 139520 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF8930000 Size: 57600 File Visible: - Signed: -
Status: -

Name: RMCast.sys
Image Path: C:\WINDOWS\system32\drivers\RMCast.sys
Address: 0xBA666000 Size: 203136 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9E36000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rspndr.sys
Address: 0xF8A70000 Size: 62336 File Visible: - Signed: -
Status: -

Name: rtl8180.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rtl8180.sys
Address: 0xB96D9000 Size: 184832 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xF81B1000 Size: 98304 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF8D2C000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF8AE0000 Size: 64512 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xF8398000 Size: 591936 File Visible: - Signed: -
Status: -

Name: splitter.sys
Image Path: C:\WINDOWS\system32\drivers\splitter.sys
Address: 0xF8DCC000 Size: 6272 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xBA817000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF8DC0000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xF844C000 Size: 186016 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xBAB61000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xEBED7000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF8C18000 Size: 20480 File Visible: - Signed: -
Status: -

Name: TDTCP.SYS
Image Path: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Address: 0xF8BC8000 Size: 21760 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF89F0000 Size: 40704 File Visible: - Signed: -
Status: -

Name: Udfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xBAFEF000 Size: 66048 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF8153000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF8DBA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF8A30000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Address: 0xF8BE8000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF848E000 Size: 147456 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF8C48000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF8598000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF8890000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF8A90000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF8C70000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xBAB01000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF8B50000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF8970000 Size: 61440 File Visible: No Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF8D72000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF8D24000 Size: 12032 File Visible: - Signed: -
Status: -

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:27 PM

Posted 29 August 2009 - 04:40 PM

As I suspected; active rootkit confirmed. With the information you have provided I believe you will need help from the malware removal team. Please read the information about getting started. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The HJT team is very busy, so it could be several days before you receive a reply. But rest assured, help is on the way!

Due to the nature of this infection it is likely that you will be unable to run traditional scanning utilities or run a full scan with RootRepeal as directed in the Preparation Guide linked above. If this is the case, you should still create your new thread in the HJT forum, but instead of DDS and full RootRepeal logs you should post your partial RootRepeal log (the one you just generated for me), as well as a log generated by this special utility.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:27 PM

Posted 29 August 2009 - 11:04 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/253530/active-rootkit-on-computer-not-able-to-run-any-antivirusanti-spyware/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users