Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-virus/Malware wont run


  • This topic is locked This topic is locked
13 replies to this topic

#1 sociallyfrantic

sociallyfrantic

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:02:46 AM

Posted 01 September 2009 - 06:38 PM

Can Run HJT

Have tried to ude DDS (doesn't Run)

run multiple anti-virus Anti-Malware

Malwarebytes (crashes, also when renamed)
SuperAntiSpyware (doesn't Run)
OTM (Runs)
ATF-Cleander (runs)
AVG 8.5 (crashes)
ComboFix (crashes)
Sophos Anti-Rootkit (no results)
RootRepeal (acces denied)
Clam Win Portable (20+ hrs Minor Fixes)

online scanners Fail
trendMicro
Mcafee

am unable to downlad any files from anywhere to anywhere (download then Vanish)

browser redirects for searches

any help would greatly be appreciated would like to avoid reformat if at all posible.
thanks in advance

Edited by sociallyfrantic, 01 September 2009 - 11:41 PM.

just remember Murphy is NOT on YOUR side.

BC AdBot (Login to Remove)

 


#2 pablo49

pablo49

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern california
  • Local time:02:46 AM

Posted 02 September 2009 - 12:00 AM

Sounds like you are pretty well lockout out of the machine. So try going in under the radar. Download and burn this iso on a known good computer: http://download.bitdefender.com/rescue_cd/. Ensure that the infected computer is set in BIOS to boot from CD and run this program. Follow the steps to update signatures first.
After the scan has run, restart into normal mode and run MBAM and SuperAntiSpyware.
Good luck,
Paul

#3 sociallyfrantic

sociallyfrantic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:02:46 AM

Posted 02 September 2009 - 08:06 AM

thanks will post with results
just remember Murphy is NOT on YOUR side.

#4 sociallyfrantic

sociallyfrantic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:02:46 AM

Posted 02 September 2009 - 10:37 AM

linux system stalls @

Probing/Loading AGP Modules

and does not continue on
just remember Murphy is NOT on YOUR side.

#5 pablo49

pablo49

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern california
  • Local time:02:46 AM

Posted 02 September 2009 - 11:16 AM

Sorry to hear that. Sometimes the Linux X graphics server doesn't interact well with certain hardware. Try reloading the CD again. If it still hangs reboot the CD and select the "Start Knoppix in console mode" option at the splash screen. Follow the prompts.
/Paul

#6 sociallyfrantic

sociallyfrantic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:02:46 AM

Posted 02 September 2009 - 11:34 AM

still no luck from what i can tell its bios incompatible.

trying avira AntiVir Rescue CD As alternate
just remember Murphy is NOT on YOUR side.

#7 pablo49

pablo49

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern california
  • Local time:02:46 AM

Posted 02 September 2009 - 11:49 AM

Hope Avira works. Please post a progress report.
/Paul

#8 sociallyfrantic

sociallyfrantic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:02:46 AM

Posted 02 September 2009 - 02:26 PM

No Luck with Avira :thumbsup: :flowers:
just remember Murphy is NOT on YOUR side.

#9 sociallyfrantic

sociallyfrantic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:02:46 AM

Posted 02 September 2009 - 02:58 PM

I was able to get past the error on bitdefender but when i get to the scan screen it just sits there and does not scan :thumbsup:
just remember Murphy is NOT on YOUR side.

#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:46 AM

Posted 02 September 2009 - 03:10 PM

Hello sociallyfrantic and :thumbsup: to BleepingComputer.

Let's try something sneaky and see if we can get a scan off. Please delete the copy of RootRepeal that you have currently downloaded, and then follow the below instructions exactly as given.


Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • Click the "Drivers" tab, and then click the Posted Image button.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
RootRepeal log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#11 sociallyfrantic

sociallyfrantic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:02:46 AM

Posted 02 September 2009 - 04:01 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/02 14:02
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8BBD1000 Size: 57344 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x82A3A000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8204A000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x86B79000 Size: 294912 File Visible: - Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\Windows\system32\DRIVERS\AGRSM.sys
Address: 0x8BDE3000 Size: 1161152 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x82B8F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x82B97000 Size: 122880 File Visible: - Signed: -
Status: -

Name: athr.sys
Image Path: C:\Windows\system32\DRIVERS\athr.sys
Address: 0x8BAAB000 Size: 757760 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\Windows\System32\Drivers\avgldx86.sys
Address: 0x8C494000 Size: 328576 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\Windows\System32\Drivers\avgmfx86.sys
Address: 0x8C48E000 Size: 21120 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\Windows\System32\Drivers\avgtdix.sys
Address: 0x8BFB1000 Size: 101888 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x82AD4000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8BF20000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x82888000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x8C6E3000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x92270000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xABD4F000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x86985000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x828D1000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x86894000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x82890000 Size: 266240 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8BBF9000 Size: 14208 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x82AD1000 Size: 10496 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8C4E5000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x868B5000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8C477000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x86883000 Size: 69632 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8BDBE000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8C4FD000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8C4F2000 Size: 45056 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8C505000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8B9ED000 Size: 651264 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8685C000 Size: 159744 File Visible: - Signed: -
Status: -

Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0xABD77000 Size: 163840 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x82BE7000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x82BB5000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8BF10000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x866D4000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Address: 0x8B400000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x82017000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8BA99000 Size: 73728 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8BF30000 Size: 28672 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x8C65B000 Size: 438272 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8692F000 Size: 77824 File Visible: - Signed: -
Status: -

Name: igdkmd32.sys
Image Path: C:\Windows\system32\DRIVERS\igdkmd32.sys
Address: 0x8B407000 Size: 6184960 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x82B37000 Size: 28672 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x868F2000 Size: 61440 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x86942000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x8280F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x86AF0000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8640C000 Size: 462848 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x8C604000 Size: 65536 File Visible: - Signed: -
Status: -

Name: LMImirr.sys
Image Path: C:\Windows\system32\DRIVERS\LMImirr.sys
Address: 0x8BBFF000 Size: 3200 File Visible: - Signed: -
Status: -

Name: LPCFilter.sys
Image Path: C:\Windows\system32\DRIVERS\LPCFilter.sys
Address: 0x82AB8000 Size: 40960 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8C532000 Size: 110592 File Visible: - Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x82817000 Size: 393216 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x86A4D000 Size: 53248 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8C50F000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8697A000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x82B79000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x8C6FC000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x8C711000 Size: 131072 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x8C731000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x8C750000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x8C789000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8BF74000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x82A89000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x869CB000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x86588000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x86B1A000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8684D000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8647D000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x86A71000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x8C63E000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x86A7C000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8BEFF000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x86BD7000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8BFCA000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x865B3000 Size: 237568 File Visible: - Signed: -
Status: -

Name: npf.sys
Image Path: C:\Windows\system32\drivers\npf.sys
Address: 0xABC54000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8BF7F000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8C46D000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x866EF000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\Windows\system32\ntoskrnl.exe
Address: 0x8204A000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8BF19000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x8C614000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8BBC1000 Size: 61952 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x86BC1000 Size: 90112 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x82AC2000 Size: 61440 File Visible: - Signed: -
Status: -

Name: pavboot.sys
Image Path: C:\Windows\system32\drivers\pavboot.sys
Address: 0x82B89000 Size: 21888 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x82A91000 Size: 159744 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x82B3E000 Size: 57344 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: C:\Windows\system32\DRIVERS\pcmcia.sys
Address: 0x82B4C000 Size: 184320 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xABC5B000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8204A000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8BD91000 Size: 184320 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x82877000 Size: 69632 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x82BF7000 Size: 35648 File Visible: - Signed: -
Status: -

Name: RaInfo.sys
Image Path: C:\Program Files\LogMeIn\RaInfo.sys
Address: 0xABC52000 Size: 6272 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8BF8D000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x86A5A000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x86A9F000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x86AAE000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x86AC2000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8204A000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8C431000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8BF43000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8BF4B000 Size: 32768 File Visible: - Signed: -
Status: -

Name: RimSerial.sys
Image Path: C:\Windows\system32\DRIVERS\RimSerial.sys
Address: 0x86AD7000 Size: 26496 File Visible: - Signed: -
Status: -

Name: RootMdm.sys
Image Path: C:\Windows\System32\Drivers\RootMdm.sys
Address: 0x86A45000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xABDC6000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x8C648000 Size: 77824 File Visible: - Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8BC00000 Size: 1641024 File Visible: - Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0x8C42B000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0x8C406000 Size: 151552 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\Windows\system32\DRIVERS\sdbus.sys
Address: 0x8BBDF000 Size: 106496 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xABD39000 Size: 40960 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x86B65000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x86845000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x8C555000 Size: 716800 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xABC06000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x8C7A1000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x8C6C6000 Size: 118784 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x869F9000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x86AEE000 Size: 4992 File Visible: - Signed: -
Status: -

Name: swmsflt.sys
Image Path: C:\Windows\System32\drivers\swmsflt.sys
Address: 0x8BB64000 Size: 20096 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\Windows\system32\DRIVERS\SynTP.sys
Address: 0x8694D000 Size: 180480 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x865ED000 Size: 946176 File Visible: - Signed: -
Status: -

Name: tcpipBM.SYS
Image Path: C:\Windows\System32\Drivers\tcpipBM.SYS
Address: 0x8BFAC000 Size: 18816 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xABD43000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x86A3A000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8BF96000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x86ADE000 Size: 65536 File Visible: - Signed: -
Status: -

Name: tifm21.sys
Image Path: C:\Windows\system32\drivers\tifm21.sys
Address: 0x86901000 Size: 188416 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x92250000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x868E9000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x868DE000 Size: 45056 File Visible: - Signed: -
Status: -

Name: TVALZ_O.SYS
Image Path: C:\Windows\system32\DRIVERS\TVALZ_O.SYS
Address: 0x86840000 Size: 16768 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x86B24000 Size: 53248 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8BBFD000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8BBB2000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x86B31000 Size: 212992 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8BB74000 Size: 253952 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0xABD65000 Size: 73728 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8BB69000 Size: 45056 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8BF37000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\system32\DRIVERS\VIDEOPRT.SYS
Address: 0x8699D000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x82ADE000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x82AED000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x86807000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x86BE5000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8BA8C000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x829B1000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x82A2D000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x92030000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x92030000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\Windows\win32k.sys:1
Address: 0x8C51E000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\Windows\win32k.sys:2
Address: 0x8C523000 Size: 61440 File Visible: No Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x82A80000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8204A000 Size: 3842048 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\Windows\system32\drivers\ws2ifsl.sys
Address: 0x8BF27000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0xABDB4000 Size: 73728 File Visible: - Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0xABD9F000 Size: 83328 File Visible: - Signed: -
Status: -
just remember Murphy is NOT on YOUR side.

#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:46 AM

Posted 02 September 2009 - 04:03 PM

You have an active rootkit on your machine. With the information you have provided I believe you will need help from the malware removal team. Please read the information about getting started. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The HJT team is very busy, so it could be several days before you receive a reply. But rest assured, help is on the way!

Due to the nature of this infection it is likely that you will be unable to run traditional scanning utilities or run a full scan with RootRepeal as directed in the Preparation Guide linked above. If this is the case, you should still create your new thread in the HJT forum, but instead of DDS and full RootRepeal logs you should post your partial RootRepeal log (the one you just generated for me), as well as a log generated by this special utility. Note that the utility takes some time to run, so don't worry if it appears that nothing is happening.

Sorry I couldn't do more for you here; they'll be able to help in HJT.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 sociallyfrantic

sociallyfrantic
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles, CA
  • Local time:02:46 AM

Posted 02 September 2009 - 06:33 PM

as requested new post set

http://www.bleepingcomputer.com/forums/t/254676/active-rootkit/
just remember Murphy is NOT on YOUR side.

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,942 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:46 AM

Posted 02 September 2009 - 06:39 PM

Hello,

Now comes the hard part: waiting.

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users