Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unidentified infection: please help!


  • This topic is locked This topic is locked
5 replies to this topic

#1 aemaslin

aemaslin

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 04 September 2009 - 01:17 PM

Hi there,

I seem to have an infection on my laptop. For the past week or so I have had a lot of pop ups, and when I click on a google search result, I get redirected. Also, for some reason I cant open malwarebite-antimalware, when I try to it comes up with an error message saying 'windows cannot open the device, path or file. You may not have the appropriate permissions to do so'. I've tried opening it in safe mode and it still wont work.

What shall I do? Thanks.

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:59 AM

Posted 04 September 2009 - 02:14 PM

Hello.

Let's do this.

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • Click the "Drivers" tab, and then click the Posted Image button.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
RootRepeal log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 aemaslin

aemaslin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 05 September 2009 - 08:39 AM

Hi,

Thanks for the reply. I downloaded roots repea, disconected from the internet and clicked scan. I've pasted the results below. I wasn't sure whether to repeat the scan or not. Thanks again.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/05 14:34
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x80739000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82444000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: adp94xx.sys
Image Path: C:\Windows\system32\drivers\adp94xx.sys
Address: 0x8A464000 Size: 434176 File Visible: - Signed: -
Status: -

Name: adpahci.sys
Image Path: C:\Windows\system32\drivers\adpahci.sys
Address: 0x8A4CE000 Size: 311296 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: C:\Windows\system32\drivers\adpu160m.sys
Address: 0x8A51A000 Size: 110592 File Visible: - Signed: -
Status: -

Name: adpu320.sys
Image Path: C:\Windows\system32\drivers\adpu320.sys
Address: 0x8A535000 Size: 155648 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8F77E000 Size: 294912 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: C:\Windows\system32\drivers\aliide.sys
Address: 0x82A6B000 Size: 28672 File Visible: - Signed: -
Status: -

Name: amdide.sys
Image Path: C:\Windows\system32\drivers\amdide.sys
Address: 0x82A72000 Size: 28672 File Visible: - Signed: -
Status: -

Name: arc.sys
Image Path: C:\Windows\system32\drivers\arc.sys
Address: 0x8A56F000 Size: 90112 File Visible: - Signed: -
Status: -

Name: arcsas.sys
Image Path: C:\Windows\system32\drivers\arcsas.sys
Address: 0x8A585000 Size: 90112 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x82B90000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x82B98000 Size: 122880 File Visible: - Signed: -
Status: -

Name: athr.sys
Image Path: C:\Windows\system32\DRIVERS\athr.sys
Address: 0x8F201000 Size: 933888 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\Windows\System32\Drivers\avgldx86.sys
Address: 0x8FA69000 Size: 328576 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\Windows\System32\Drivers\avgmfx86.sys
Address: 0x8FA63000 Size: 21120 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\Windows\System32\Drivers\avgtdix.sys
Address: 0x8F9BE000 Size: 101888 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x807EB000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8F932000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80420000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xA0AD6000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x81910000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x8FABA000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8E663000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CHDRT32.sys
Image Path: C:\Windows\system32\drivers\CHDRT32.sys
Address: 0x8E7AF000 Size: 241664 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x80469000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x82AC6000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80428000 Size: 266240 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8ADAE000 Size: 14208 File Visible: - Signed: -
Status: -

Name: cmdide.sys
Image Path: C:\Windows\system32\drivers\cmdide.sys
Address: 0x82A79000 Size: 32768 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x807E8000 Size: 10496 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8FAD0000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8AFC2000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8FA4C000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8AFB1000 Size: 69632 File Visible: - Signed: -
Status: -

Name: djsvs.sys
Image Path: C:\Windows\system32\drivers\djsvs.sys
Address: 0x8A55B000 Size: 81920 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8A5D7000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8FAE8000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8FADD000 Size: 45056 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8FAF0000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8EF3E000 Size: 651264 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8AF8A000 Size: 159744 File Visible: - Signed: -
Status: -

Name: ElbyCDIO.sys
Image Path: C:\Windows\System32\Drivers\ElbyCDIO.sys
Address: 0x8FA47000 Size: 16896 File Visible: - Signed: -
Status: -

Name: elxstor.sys
Image Path: C:\Windows\system32\drivers\elxstor.sys
Address: 0x8A602000 Size: 606208 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x8AA3F000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x8AA0D000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8F922000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8AD29000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Address: 0x8E67B000 Size: 9984 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x82411000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8E651000 Size: 73728 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\drivers\HIDPARSE.SYS
Address: 0x8F942000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hpcisss.sys
Image Path: C:\Windows\system32\drivers\hpcisss.sys
Address: 0x8A459000 Size: 45056 File Visible: - Signed: -
Status: -

Name: HpqKbFiltr.sys
Image Path: C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
Address: 0x8AE09000 Size: 16768 File Visible: - Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8F807000 Size: 741376 File Visible: - Signed: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8F649000 Size: 1060864 File Visible: - Signed: -
Status: -

Name: HSXHWAZL.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Address: 0x8F60B000 Size: 253952 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0xA0A4E000 Size: 438272 File Visible: - Signed: -
Status: -

Name: i2omp.sys
Image Path: C:\Windows\system32\drivers\i2omp.sys
Address: 0x8A696000 Size: 40960 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8AD53000 Size: 77824 File Visible: - Signed: -
Status: -

Name: iastorv.sys
Image Path: C:\Windows\system32\drivers\iastorv.sys
Address: 0x82AEF000 Size: 659456 File Visible: - Signed: -
Status: -

Name: iirsp.sys
Image Path: C:\Windows\system32\drivers\iirsp.sys
Address: 0x8A6A0000 Size: 65536 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x82A4F000 Size: 28672 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: C:\Windows\system32\drivers\isapnp.sys
Address: 0x807AE000 Size: 61440 File Visible: - Signed: -
Status: -

Name: iteatapi.sys
Image Path: C:\Windows\system32\drivers\iteatapi.sys
Address: 0x8A6B0000 Size: 49152 File Visible: - Signed: -
Status: -

Name: iteraid.sys
Image Path: C:\Windows\system32\drivers\iteraid.sys
Address: 0x8A6BC000 Size: 49152 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8AD66000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80407000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8F3B8000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8AA4F000 Size: 462848 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x8FBE7000 Size: 65536 File Visible: - Signed: -
Status: -

Name: lsi_fc.sys
Image Path: C:\Windows\system32\drivers\lsi_fc.sys
Address: 0x8A6C8000 Size: 106496 File Visible: - Signed: -
Status: -

Name: lsi_sas.sys
Image Path: C:\Windows\system32\drivers\lsi_sas.sys
Address: 0x8A6E2000 Size: 98304 File Visible: - Signed: -
Status: -

Name: lsi_scsi.sys
Image Path: C:\Windows\system32\drivers\lsi_scsi.sys
Address: 0x82BB6000 Size: 106496 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8FB1D000 Size: 110592 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0xA1A71000 Size: 12672 File Visible: - Signed: -
Status: -

Name: megasas.sys
Image Path: C:\Windows\system32\drivers\megasas.sys
Address: 0x8A6FA000 Size: 40960 File Visible: - Signed: -
Status: -

Name: megasr.sys
Image Path: C:\Windows\system32\drivers\megasr.sys
Address: 0x8A704000 Size: 749568 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8F8BC000 Size: 53248 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8FAFA000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8ADA3000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x82A81000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpio.sys
Image Path: C:\Windows\system32\drivers\mpio.sys
Address: 0x807BD000 Size: 114688 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xA0AEF000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mraid35x.sys
Image Path: C:\Windows\system32\drivers\mraid35x.sys
Address: 0x8A7BB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0xA0B04000 Size: 131072 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0xA0B24000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0xA0B43000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0xA0B7C000 Size: 98304 File Visible: - Signed: -
Status: -

Name: msahci.sys
Image Path: C:\Windows\system32\drivers\msahci.sys
Address: 0x8A7C6000 Size: 40960 File Visible: - Signed: -
Status: -

Name: msdsm.sys
Image Path: C:\Windows\system32\drivers\msdsm.sys
Address: 0x82A91000 Size: 106496 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8F986000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x8077F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8F2E5000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8ABCB000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8F3E2000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8AF7B000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8AAC0000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8F335000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0xA0A31000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8F340000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8EFEA000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8F9EB000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8F74C000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8AC08000 Size: 237568 File Visible: - Signed: -
Status: -

Name: nfrd960.sys
Image Path: C:\Windows\system32\drivers\nfrd960.sys
Address: 0x8A7D0000 Size: 57344 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8F991000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8FA3D000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8AE0E000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x82444000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8F92B000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nvhda32v.sys
Image Path: C:\Windows\system32\drivers\nvhda32v.sys
Address: 0x8F8C9000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8E80F000 Size: 7530656 File Visible: - Signed: -
Status: -

Name: nvmfdx32.sys
Image Path: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Address: 0x8E67E000 Size: 1035776 File Visible: - Signed: -
Status: -

Name: nvraid.sys
Image Path: C:\Windows\system32\drivers\nvraid.sys
Address: 0x82AAB000 Size: 110592 File Visible: - Signed: -
Status: -

Name: nvsmu.sys
Image Path: C:\Windows\system32\DRIVERS\nvsmu.sys
Address: 0x8ADB2000 Size: 32768 File Visible: - Signed: -
Status: -

Name: nvstor.sys
Image Path: C:\Windows\system32\drivers\nvstor.sys
Address: 0x8A44C000 Size: 53248 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0xA0A07000 Size: 172032 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8F7C6000 Size: 90112 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x807D9000 Size: 61440 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x80787000 Size: 159744 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x82A64000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x82A56000 Size: 57344 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA1A75000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82444000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8ADC4000 Size: 184320 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: C:\Windows\system32\DRIVERS\processr.sys
Address: 0x8AD44000 Size: 61440 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8040F000 Size: 69632 File Visible: - Signed: -
Status: -

Name: ql2300.sys
Image Path: C:\Windows\system32\drivers\ql2300.sys
Address: 0x8A805000 Size: 1277952 File Visible: - Signed: -
Status: -

Name: ql40xx.sys
Image Path: C:\Windows\system32\drivers\ql40xx.sys
Address: 0x8A93D000 Size: 348160 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8F99F000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8F31E000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8F363000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8F372000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8F386000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82444000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8FA01000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8F976000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8F97E000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA1B71000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0xA0A3B000 Size: 77824 File Visible: - Signed: -
Status: -

Name: RTSTOR.SYS
Image Path: C:\Windows\system32\drivers\RTSTOR.SYS
Address: 0x8F8D7000 Size: 77824 File Visible: - Signed: -
Status: -

Name: sbp2port.sys
Image Path: C:\Windows\system32\drivers\sbp2port.sys
Address: 0x8AF66000 Size: 86016 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x80713000 Size: 155648 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA1B53000 Size: 40960 File Visible: - Signed: -
Status: -

Name: sisraid2.sys
Image Path: C:\Windows\system32\drivers\sisraid2.sys
Address: 0x8A992000 Size: 53248 File Visible: - Signed: -
Status: -

Name: sisraid4.sys
Image Path: C:\Windows\system32\drivers\sisraid4.sys
Address: 0x8A99F000 Size: 86016 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8F9D7000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spel.sys
Image Path: C:\Windows\System32\Drivers\spel.sys
Address: 0x80609000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8AF5E000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x8FB38000 Size: 716800 File Visible: - Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA1A0D000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0xA0B94000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xA0AB9000 Size: 118784 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\drivers\storport.sys
Address: 0x8A40B000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8F3B6000 Size: 4992 File Visible: - Signed: -
Status: -

Name: sym_hi.sys
Image Path: C:\Windows\system32\drivers\sym_hi.sys
Address: 0x8A9C0000 Size: 45056 File Visible: - Signed: -
Status: -

Name: sym_u3.sys
Image Path: C:\Windows\system32\drivers\sym_u3.sys
Address: 0x8A9CB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: symc8xx.sys
Image Path: C:\Windows\system32\drivers\symc8xx.sys
Address: 0x8A9B4000 Size: 49152 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\Windows\system32\DRIVERS\SynTP.sys
Address: 0x8AD71000 Size: 192640 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8AC42000 Size: 946176 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA1B5D000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8F313000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8F9A8000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8F39B000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x818F0000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8AFF6000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8AFEB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: uliahci.sys
Image Path: C:\Windows\system32\drivers\uliahci.sys
Address: 0x8A59B000 Size: 245760 File Visible: - Signed: -
Status: -

Name: ulsata.sys
Image Path: C:\Windows\system32\drivers\ulsata.sys
Address: 0x8A9D6000 Size: 135168 File Visible: - Signed: -
Status: -

Name: ulsata2.sys
Image Path: C:\Windows\system32\drivers\ulsata2.sys
Address: 0x82BD0000 Size: 180224 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8F3EC000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8F8EA000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8ADA1000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8E642000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8E77B000 Size: 212992 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x8ADBA000 Size: 40960 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8E604000 Size: 253952 File Visible: - Signed: -
Status: -

Name: usbvideo.sys
Image Path: C:\Windows\System32\Drivers\usbvideo.sys
Address: 0x8F901000 Size: 134016 File Visible: - Signed: -
Status: -

Name: VClone.sys
Image Path: C:\Windows\system32\DRIVERS\VClone.sys
Address: 0x8F3AB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8F949000 Size: 49152 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: C:\Windows\system32\drivers\viaide.sys
Address: 0x82AE7000 Size: 32768 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8F955000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x805D2000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x82A05000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8AF25000 Size: 233472 File Visible: - Signed: -
Status: -

Name: vsmraid.sys
Image Path: C:\Windows\system32\drivers\vsmraid.sys
Address: 0x8A7DE000 Size: 135168 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8F7DC000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8EFDD000 Size: 53248 File Visible: - Signed: -
Status: -

Name: wd.sys
Image Path: C:\Windows\system32\drivers\wd.sys
Address: 0x8AF1D000 Size: 32768 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80549000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x805C5000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x816D0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x816D0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\Windows\win32k.sys:1
Address: 0x8FB09000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\Windows\win32k.sys:2
Address: 0x8FB0E000 Size: 61440 File Visible: No Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x8AE00000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x8070A000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82444000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0xA1B69000 Size: 32768 File Visible: - Signed: -
Status: -

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:59 AM

Posted 05 September 2009 - 09:39 AM

You have an active rootkit on your machine. With the information you have provided I believe you will need help from the malware removal team. Please read the information about getting started. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The HJT team is very busy, so it could be several days before you receive a reply. But rest assured, help is on the way!

Due to the nature of this infection it is likely that you will be unable to run traditional scanning utilities or run a full scan with RootRepeal as directed in the Preparation Guide linked above. If this is the case, you should still create your new thread in the HJT forum, but instead of DDS and full RootRepeal logs you should post your partial RootRepeal log (the one you just generated for me), as well as a log generated by this special utility. Note that the utility takes some time to run, so don't worry if it appears that nothing is happening.

Sorry I couldn't do more for you here; they'll be able to help in HJT.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 aemaslin

aemaslin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 05 September 2009 - 10:08 AM

Hi there,

Thanks again for your reply; unfortunately I couldn't get dds to run, or the other link that you provided, so i re-posted the scan results that i gave you earlier, hopefully something can still be done!

Thanks for your help.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:59 AM

Posted 05 September 2009 - 03:39 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/255336/redirect-from-virus-forum-rootkit-on-pc/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users