Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desote.exe and Windows Police Pro


  • This topic is locked This topic is locked
7 replies to this topic

#1 norsewulf

norsewulf

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 30 August 2009 - 02:46 PM

Hi! I came to this forum via google after searching for how to remove the Windows Police Pro software from my (girlfriends) computer. The user in that thread was told to run root repeal, and even though I can't seem to run any .exe's, i managed to run it by right clicking on the .exe and using the 'Run as' in windows xp. I still got prompted with a bunch of errors, but was able to use the program in the end.

Note that although I was able to run root repeal, and am running firefox as I type this, other programs such as Malwarebytes Anti-Malware and Super Anti Spyware don't seem to be operational, even when I use the 'Run as' option.

Anyhow, I'm trying to take an initial step by posting my root repeal log, though I'm not sure thats the correct procedure. Sorry if I'm not going about this the proper way. I figured I would make a post in 'Am I Infected', hoping for redirection as to where I should be posting next.

Thanks for all the help! Once I get this computer cleaned up I'll put some proper software on to keep it in more secure shape.

Here's the log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Time: 2009/08/30 12:35
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0x00000000 Size: -2141808544 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF748F000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

Name: ADIHdAud.sys
Image Path: C:\WINDOWS\system32\drivers\ADIHdAud.sys
Address: 0xA8BBF000 Size: 155648 File Visible: - Signed: -
Status: -

Name: AEAudio.sys
Image Path: C:\WINDOWS\system32\drivers\AEAudio.sys
Address: 0xA8B7B000 Size: 127872 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA88D9000 Size: 138368 File Visible: - Signed: -
Status: -

Name: ASACPI.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ASACPI.sys
Address: 0xF79EF000 Size: 5152 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF7840000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atl01_xp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
Address: 0xBA507000 Size: 34944 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7A70000 Size: 3072 File Visible: - Signed: -
Status: -

Name: ay49kxdt.SYS
Image Path: C:\WINDOWS\System32\Drivers\ay49kxdt.SYS
Address: 0xB8EDB000 Size: 229376 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79C7000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA557000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB9E0B000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7677000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7667000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA7DD000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA86E4000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79BB000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA8ABF000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7A9F000 Size: 4096 File Visible: - Signed: -
Status: -

Name: eeCtrl.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xA8741000 Size: 385024 File Visible: - Signed: -
Status: -

Name: EraserUtilRebootDrv.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Address: 0xA8724000 Size: 118784 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA6136000 Size: 143360 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xB9951000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA577000 Size: 34944 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF77CF000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xBA72D000 Size: 128896 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79C5000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7858000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xBA393000 Size: 9472 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806FD000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB8F6D000 Size: 151552 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF77DF000 Size: 28672 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA6A43000 Size: 262784 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA4F7000 Size: 52736 File Visible: - Signed: -
Status: -

Name: igxpdv32.DLL
Image Path: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF04E000 Size: 1613824 File Visible: - Signed: -
Status: -

Name: igxpdx32.DLL
Image Path: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF1D8000 Size: 2605056 File Visible: - Signed: -
Status: -

Name: igxpgd32.dll
Image Path: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000 Size: 172032 File Visible: - Signed: -
Status: -

Name: igxpmp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xB8FA6000 Size: 5704672 File Visible: - Signed: -
Status: -

Name: igxprd32.dll
Image Path: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000 Size: 73728 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB9E8B000 Size: 41856 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA517000 Size: 36096 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA8975000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA89EE000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000 Size: 35840 File Visible: - Signed: -
Status: -

Name: iteatapi.sys
Image Path: iteatapi.sys
Address: 0xF7717000 Size: 23712 File Visible: - Signed: -
Status: -

Name: iteraid.sys
Image Path: iteraid.sys
Address: 0xF771F000 Size: 23680 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xB9949000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA5E60000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB8F13000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA704000 Size: 92032 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF7687000 Size: 57472 File Visible: - Signed: -
Status: -

Name: LVPr2Mon.sys
Image Path: C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
Address: 0xF777F000 Size: 18944 File Visible: - Signed: -
Status: -

Name: m5287.sys
Image Path: m5287.sys
Address: 0xF782B000 Size: 85888 File Visible: - Signed: -
Status: -

Name: m5289.sys
Image Path: m5289.sys
Address: 0xF7627000 Size: 51840 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79CB000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xB9939000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA7A79000 Size: 179584 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA883F000 Size: 453632 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF77EF000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF744E000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF793F000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA62F000 Size: 107904 File Visible: - Signed: -
Status: -

Name: mv614x.sys
Image Path: mv614x.sys
Address: 0xF7637000 Size: 61184 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA64A000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7927000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA85B8000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB8D37000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF740E000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA75D000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA88FB000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF77F7000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA677000 Size: 574464 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7A6C000 Size: 2944 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB8F36000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 18688 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF747E000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCI_PNP0034
Image Path: \Driver\PCI_PNP0034
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

Name: point32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\point32.sys
Address: 0xB9941000 Size: 21760 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA8B9B000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB8D26000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF77AF000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7697000 Size: 36320 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB8CB5000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB9DFB000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF746E000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF745E000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF77B7000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA88AE000 Size: 174592 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79CD000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB9E7B000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6461000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF74BD000 Size: 98304 File Visible: - Signed: -
Status: -

Name: secdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Address: 0xA6EEC000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Senfilt.sys
Image Path: C:\WINDOWS\system32\drivers\Senfilt.sys
Address: 0xA8B1B000 Size: 393088 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBA397000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF76F7000 Size: 64896 File Visible: - Signed: -
Status: -

Name: si3112r.sys
Image Path: si3112r.sys
Address: 0xF7971000 Size: 86048 File Visible: - Signed: -
Status: -

Name: SI3132.sys
Image Path: SI3132.sys
Address: 0xF7960000 Size: 67200 File Visible: - Signed: -
Status: -

Name: SiSRaid.sys
Image Path: SiSRaid.sys
Address: 0xF7647000 Size: 45568 File Visible: - Signed: -
Status: -

Name: SiSRaid1.sys
Image Path: SiSRaid1.sys
Address: 0xF7657000 Size: 45568 File Visible: - Signed: -
Status: -

Name: SiSRaid2.sys
Image Path: SiSRaid2.sys
Address: 0xF7727000 Size: 28544 File Visible: - Signed: -
Status: -

Name: sppo.sys
Image Path: sppo.sys
Address: 0xF74D5000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xBA71B000 Size: 73472 File Visible: - Signed: -
Status: -

Name: SRTSPX.SYS
Image Path: C:\WINDOWS\System32\Drivers\SRTSPX.SYS
Address: 0xBA587000 Size: 36992 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA69F1000 Size: 333184 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF798F000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SYMDNS.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMDNS.SYS
Address: 0xF79D3000 Size: 6144 File Visible: - Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Address: 0xA8923000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SYMFW.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMFW.SYS
Address: 0xA7066000 Size: 139392 File Visible: - Signed: -
Status: -

Name: SYMIDS.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMIDS.SYS
Address: 0xA7589000 Size: 33280 File Visible: - Signed: -
Status: -

Name: SymIDSCo.sys
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20090811.001\SymIDSCo.sys
Address: 0xA7024000 Size: 270336 File Visible: - Signed: -
Status: -

Name: SYMNDIS.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
Address: 0xF779F000 Size: 28416 File Visible: - Signed: -
Status: -

Name: SYMREDRV.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Address: 0xF7797000 Size: 20992 File Visible: - Signed: -
Status: -

Name: SYMTDI.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Address: 0xA8948000 Size: 181248 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA845C000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA8996000 Size: 360320 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF77A7000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF743E000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB8CCD000 Size: 364160 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79AF000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF776F000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA7BD000 Size: 57600 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB8F4A000 Size: 143360 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xB9909000 Size: 26496 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF7767000 Size: 20480 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF77E7000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viasraid.sys
Image Path: viasraid.sys
Address: 0xBA7ED000 Size: 77056 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8F92000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7617000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA76D000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7787000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA8337000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2252800 File Visible: - Signed: -
Status: -

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 30 August 2009 - 08:10 PM

Hello and welcome to Bleeping Computer.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.



Could you please run a File scan from the File scan from RootRepeal, and then post back the generated log?
Computer Pro

#3 norsewulf

norsewulf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 31 August 2009 - 12:34 PM

Thanks Computer Pro,

I'm at work right now but I've subscribed to the topic and will run the scan tonight.

On a side note, I was looking through this forum and noticed this problem is everywhere! Must be going around eh?


- I appreciate the help!

#4 norsewulf

norsewulf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 31 August 2009 - 11:30 PM

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/08/31 19:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\UACbxrsysiwes.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACkltowykbps.db
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACoioaomkmsq.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACqoymrwbxye.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACxjcvvrvkbo.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACxrmldpjolh.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACyrlwlrqptn.dat
Status: Invisible to the Windows API!

Path: c:\windows\temp\perflib_perfdata_ef0.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\WINDOWS\system32\drivers\UACwpixbrxdqb.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\John and Twylla\Local Settings\temp\UAC506.tmp
Status: Invisible to the Windows API!

Path: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090822.004\EraserUtilRebootDrv.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\John and Twylla\Local Settings\Application Data\Microsoft\Messenger\xxx@hotmail.com\SharingMetadata\xxx@hotmail.com\DFSR\Staging\CS{9195D3BD-E13D-FC38-6F15-C79777E832AB}\95\64-{79EF8DD1-69C5-4444-B870-5551889BE76E}-v195-{3329B701-6D2D-4A99-A67A-3AF65C3B6A35}-v64-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.




-----------




Thanks!

Edited by garmanma, 11 December 2009 - 11:52 AM.


#5 norsewulf

norsewulf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 05 September 2009 - 04:11 PM

I realize I probably should be patiently waiting for a response, but it's been five days and this can't be the norm. So I'm just bumping this thread so ensure someone will know that yes, my computer is still hooped and I'm awaiting help. Thanks again!

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,744 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:38 PM

Posted 05 September 2009 - 06:29 PM

Yikes! I'm not sure what has caused Computer Pro's disappearance here; I apologize for your having been kept in the dark for 5 days, and appreciate your patience. I'll step in and provide instructions for your next step. Unfortunately. . . it's going to require more waiting.

You have an active rootkit on your machine. With the information you have provided I believe you will need help from the malware removal team. Please read the information about getting started. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The HJT team is very busy, so it could be several days before you receive a reply. But rest assured, help is on the way!

Sorry I couldn't do more for you here; some rootkits can be very tricky to remove without causing a great deal of damage to the OS. They are better equipped to help you in HJT.

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#7 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:38 PM

Posted 07 September 2009 - 05:26 PM

I'm sorry about that I had to go on an unexpected trip. Thanks Blade for stepping in during my absence.
Computer Pro

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,062 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:38 PM

Posted 24 September 2009 - 07:33 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/259909/desoteexe-windows-police-pro/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users