Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect from virus forum: rootkit on pc


  • This topic is locked This topic is locked
6 replies to this topic

#1 aemaslin

aemaslin

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 05 September 2009 - 10:05 AM

Hi there,

I have been instructed to post to this forum because i have a rootkit on my laptop. I have tried to run dds, and also a programme that i was linked to on the other forum, but neither will run, so i am re-posting my partial rootrepeal scan below as instructed. Here is the link to my original post: http://www.bleepingcomputer.com/forums/ind...p;#entry1413529

partial rootrepeal scan results:

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/09/05 14:34
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x80739000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82444000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: adp94xx.sys
Image Path: C:\Windows\system32\drivers\adp94xx.sys
Address: 0x8A464000 Size: 434176 File Visible: - Signed: -
Status: -

Name: adpahci.sys
Image Path: C:\Windows\system32\drivers\adpahci.sys
Address: 0x8A4CE000 Size: 311296 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: C:\Windows\system32\drivers\adpu160m.sys
Address: 0x8A51A000 Size: 110592 File Visible: - Signed: -
Status: -

Name: adpu320.sys
Image Path: C:\Windows\system32\drivers\adpu320.sys
Address: 0x8A535000 Size: 155648 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8F77E000 Size: 294912 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: C:\Windows\system32\drivers\aliide.sys
Address: 0x82A6B000 Size: 28672 File Visible: - Signed: -
Status: -

Name: amdide.sys
Image Path: C:\Windows\system32\drivers\amdide.sys
Address: 0x82A72000 Size: 28672 File Visible: - Signed: -
Status: -

Name: arc.sys
Image Path: C:\Windows\system32\drivers\arc.sys
Address: 0x8A56F000 Size: 90112 File Visible: - Signed: -
Status: -

Name: arcsas.sys
Image Path: C:\Windows\system32\drivers\arcsas.sys
Address: 0x8A585000 Size: 90112 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x82B90000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x82B98000 Size: 122880 File Visible: - Signed: -
Status: -

Name: athr.sys
Image Path: C:\Windows\system32\DRIVERS\athr.sys
Address: 0x8F201000 Size: 933888 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\Windows\System32\Drivers\avgldx86.sys
Address: 0x8FA69000 Size: 328576 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\Windows\System32\Drivers\avgmfx86.sys
Address: 0x8FA63000 Size: 21120 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\Windows\System32\Drivers\avgtdix.sys
Address: 0x8F9BE000 Size: 101888 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x807EB000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8F932000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80420000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xA0AD6000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x81910000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x8FABA000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8E663000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CHDRT32.sys
Image Path: C:\Windows\system32\drivers\CHDRT32.sys
Address: 0x8E7AF000 Size: 241664 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x80469000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x82AC6000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80428000 Size: 266240 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8ADAE000 Size: 14208 File Visible: - Signed: -
Status: -

Name: cmdide.sys
Image Path: C:\Windows\system32\drivers\cmdide.sys
Address: 0x82A79000 Size: 32768 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x807E8000 Size: 10496 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8FAD0000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8AFC2000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8FA4C000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8AFB1000 Size: 69632 File Visible: - Signed: -
Status: -

Name: djsvs.sys
Image Path: C:\Windows\system32\drivers\djsvs.sys
Address: 0x8A55B000 Size: 81920 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8A5D7000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8FAE8000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8FADD000 Size: 45056 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8FAF0000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8EF3E000 Size: 651264 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8AF8A000 Size: 159744 File Visible: - Signed: -
Status: -

Name: ElbyCDIO.sys
Image Path: C:\Windows\System32\Drivers\ElbyCDIO.sys
Address: 0x8FA47000 Size: 16896 File Visible: - Signed: -
Status: -

Name: elxstor.sys
Image Path: C:\Windows\system32\drivers\elxstor.sys
Address: 0x8A602000 Size: 606208 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x8AA3F000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x8AA0D000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8F922000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8AD29000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Address: 0x8E67B000 Size: 9984 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x82411000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8E651000 Size: 73728 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\drivers\HIDPARSE.SYS
Address: 0x8F942000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hpcisss.sys
Image Path: C:\Windows\system32\drivers\hpcisss.sys
Address: 0x8A459000 Size: 45056 File Visible: - Signed: -
Status: -

Name: HpqKbFiltr.sys
Image Path: C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
Address: 0x8AE09000 Size: 16768 File Visible: - Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8F807000 Size: 741376 File Visible: - Signed: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8F649000 Size: 1060864 File Visible: - Signed: -
Status: -

Name: HSXHWAZL.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Address: 0x8F60B000 Size: 253952 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0xA0A4E000 Size: 438272 File Visible: - Signed: -
Status: -

Name: i2omp.sys
Image Path: C:\Windows\system32\drivers\i2omp.sys
Address: 0x8A696000 Size: 40960 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8AD53000 Size: 77824 File Visible: - Signed: -
Status: -

Name: iastorv.sys
Image Path: C:\Windows\system32\drivers\iastorv.sys
Address: 0x82AEF000 Size: 659456 File Visible: - Signed: -
Status: -

Name: iirsp.sys
Image Path: C:\Windows\system32\drivers\iirsp.sys
Address: 0x8A6A0000 Size: 65536 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x82A4F000 Size: 28672 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: C:\Windows\system32\drivers\isapnp.sys
Address: 0x807AE000 Size: 61440 File Visible: - Signed: -
Status: -

Name: iteatapi.sys
Image Path: C:\Windows\system32\drivers\iteatapi.sys
Address: 0x8A6B0000 Size: 49152 File Visible: - Signed: -
Status: -

Name: iteraid.sys
Image Path: C:\Windows\system32\drivers\iteraid.sys
Address: 0x8A6BC000 Size: 49152 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8AD66000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80407000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8F3B8000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8AA4F000 Size: 462848 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x8FBE7000 Size: 65536 File Visible: - Signed: -
Status: -

Name: lsi_fc.sys
Image Path: C:\Windows\system32\drivers\lsi_fc.sys
Address: 0x8A6C8000 Size: 106496 File Visible: - Signed: -
Status: -

Name: lsi_sas.sys
Image Path: C:\Windows\system32\drivers\lsi_sas.sys
Address: 0x8A6E2000 Size: 98304 File Visible: - Signed: -
Status: -

Name: lsi_scsi.sys
Image Path: C:\Windows\system32\drivers\lsi_scsi.sys
Address: 0x82BB6000 Size: 106496 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8FB1D000 Size: 110592 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0xA1A71000 Size: 12672 File Visible: - Signed: -
Status: -

Name: megasas.sys
Image Path: C:\Windows\system32\drivers\megasas.sys
Address: 0x8A6FA000 Size: 40960 File Visible: - Signed: -
Status: -

Name: megasr.sys
Image Path: C:\Windows\system32\drivers\megasr.sys
Address: 0x8A704000 Size: 749568 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8F8BC000 Size: 53248 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8FAFA000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8ADA3000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x82A81000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpio.sys
Image Path: C:\Windows\system32\drivers\mpio.sys
Address: 0x807BD000 Size: 114688 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xA0AEF000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mraid35x.sys
Image Path: C:\Windows\system32\drivers\mraid35x.sys
Address: 0x8A7BB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0xA0B04000 Size: 131072 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0xA0B24000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0xA0B43000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0xA0B7C000 Size: 98304 File Visible: - Signed: -
Status: -

Name: msahci.sys
Image Path: C:\Windows\system32\drivers\msahci.sys
Address: 0x8A7C6000 Size: 40960 File Visible: - Signed: -
Status: -

Name: msdsm.sys
Image Path: C:\Windows\system32\drivers\msdsm.sys
Address: 0x82A91000 Size: 106496 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8F986000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x8077F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8F2E5000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8ABCB000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8F3E2000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8AF7B000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8AAC0000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8F335000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0xA0A31000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8F340000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8EFEA000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8F9EB000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8F74C000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8AC08000 Size: 237568 File Visible: - Signed: -
Status: -

Name: nfrd960.sys
Image Path: C:\Windows\system32\drivers\nfrd960.sys
Address: 0x8A7D0000 Size: 57344 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8F991000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8FA3D000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8AE0E000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x82444000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8F92B000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nvhda32v.sys
Image Path: C:\Windows\system32\drivers\nvhda32v.sys
Address: 0x8F8C9000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8E80F000 Size: 7530656 File Visible: - Signed: -
Status: -

Name: nvmfdx32.sys
Image Path: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Address: 0x8E67E000 Size: 1035776 File Visible: - Signed: -
Status: -

Name: nvraid.sys
Image Path: C:\Windows\system32\drivers\nvraid.sys
Address: 0x82AAB000 Size: 110592 File Visible: - Signed: -
Status: -

Name: nvsmu.sys
Image Path: C:\Windows\system32\DRIVERS\nvsmu.sys
Address: 0x8ADB2000 Size: 32768 File Visible: - Signed: -
Status: -

Name: nvstor.sys
Image Path: C:\Windows\system32\drivers\nvstor.sys
Address: 0x8A44C000 Size: 53248 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0xA0A07000 Size: 172032 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8F7C6000 Size: 90112 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x807D9000 Size: 61440 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x80787000 Size: 159744 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x82A64000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x82A56000 Size: 57344 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA1A75000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82444000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8ADC4000 Size: 184320 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: C:\Windows\system32\DRIVERS\processr.sys
Address: 0x8AD44000 Size: 61440 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8040F000 Size: 69632 File Visible: - Signed: -
Status: -

Name: ql2300.sys
Image Path: C:\Windows\system32\drivers\ql2300.sys
Address: 0x8A805000 Size: 1277952 File Visible: - Signed: -
Status: -

Name: ql40xx.sys
Image Path: C:\Windows\system32\drivers\ql40xx.sys
Address: 0x8A93D000 Size: 348160 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8F99F000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8F31E000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8F363000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8F372000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8F386000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82444000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8FA01000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8F976000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8F97E000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA1B71000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0xA0A3B000 Size: 77824 File Visible: - Signed: -
Status: -

Name: RTSTOR.SYS
Image Path: C:\Windows\system32\drivers\RTSTOR.SYS
Address: 0x8F8D7000 Size: 77824 File Visible: - Signed: -
Status: -

Name: sbp2port.sys
Image Path: C:\Windows\system32\drivers\sbp2port.sys
Address: 0x8AF66000 Size: 86016 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x80713000 Size: 155648 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA1B53000 Size: 40960 File Visible: - Signed: -
Status: -

Name: sisraid2.sys
Image Path: C:\Windows\system32\drivers\sisraid2.sys
Address: 0x8A992000 Size: 53248 File Visible: - Signed: -
Status: -

Name: sisraid4.sys
Image Path: C:\Windows\system32\drivers\sisraid4.sys
Address: 0x8A99F000 Size: 86016 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8F9D7000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spel.sys
Image Path: C:\Windows\System32\Drivers\spel.sys
Address: 0x80609000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8AF5E000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x8FB38000 Size: 716800 File Visible: - Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA1A0D000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0xA0B94000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xA0AB9000 Size: 118784 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\drivers\storport.sys
Address: 0x8A40B000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8F3B6000 Size: 4992 File Visible: - Signed: -
Status: -

Name: sym_hi.sys
Image Path: C:\Windows\system32\drivers\sym_hi.sys
Address: 0x8A9C0000 Size: 45056 File Visible: - Signed: -
Status: -

Name: sym_u3.sys
Image Path: C:\Windows\system32\drivers\sym_u3.sys
Address: 0x8A9CB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: symc8xx.sys
Image Path: C:\Windows\system32\drivers\symc8xx.sys
Address: 0x8A9B4000 Size: 49152 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\Windows\system32\DRIVERS\SynTP.sys
Address: 0x8AD71000 Size: 192640 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8AC42000 Size: 946176 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA1B5D000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8F313000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8F9A8000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8F39B000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x818F0000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8AFF6000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8AFEB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: uliahci.sys
Image Path: C:\Windows\system32\drivers\uliahci.sys
Address: 0x8A59B000 Size: 245760 File Visible: - Signed: -
Status: -

Name: ulsata.sys
Image Path: C:\Windows\system32\drivers\ulsata.sys
Address: 0x8A9D6000 Size: 135168 File Visible: - Signed: -
Status: -

Name: ulsata2.sys
Image Path: C:\Windows\system32\drivers\ulsata2.sys
Address: 0x82BD0000 Size: 180224 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8F3EC000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8F8EA000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8ADA1000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8E642000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8E77B000 Size: 212992 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x8ADBA000 Size: 40960 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8E604000 Size: 253952 File Visible: - Signed: -
Status: -

Name: usbvideo.sys
Image Path: C:\Windows\System32\Drivers\usbvideo.sys
Address: 0x8F901000 Size: 134016 File Visible: - Signed: -
Status: -

Name: VClone.sys
Image Path: C:\Windows\system32\DRIVERS\VClone.sys
Address: 0x8F3AB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8F949000 Size: 49152 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: C:\Windows\system32\drivers\viaide.sys
Address: 0x82AE7000 Size: 32768 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8F955000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x805D2000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x82A05000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8AF25000 Size: 233472 File Visible: - Signed: -
Status: -

Name: vsmraid.sys
Image Path: C:\Windows\system32\drivers\vsmraid.sys
Address: 0x8A7DE000 Size: 135168 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8F7DC000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8EFDD000 Size: 53248 File Visible: - Signed: -
Status: -

Name: wd.sys
Image Path: C:\Windows\system32\drivers\wd.sys
Address: 0x8AF1D000 Size: 32768 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80549000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x805C5000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x816D0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x816D0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\Windows\win32k.sys:1
Address: 0x8FB09000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\Windows\win32k.sys:2
Address: 0x8FB0E000 Size: 61440 File Visible: No Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x8AE00000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x8070A000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82444000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0xA1B69000 Size: 32768 File Visible: - Signed: -
Status: -


many thanks in anticipation of your help!

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:58 PM

Posted 21 September 2009 - 12:39 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 aemaslin

aemaslin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 21 September 2009 - 04:51 PM

Hi there, thanks for getting back to me.

My computer will not allow me to open any downloads, after clicking run, nothing happens, and I searched for the programme on my computer and it did not ahow up. This happens with any downloads, not just this programme. Is there anything I can do instead?

Cheers!

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:58 PM

Posted 22 September 2009 - 12:48 PM

IMPORTANT NOTE: Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.
If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is secure. In some instances, an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Where to draw the line? When to recommend a format and reinstall?
Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Tell me what you want to do.

Edited by suebaby41, 22 September 2009 - 02:22 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 aemaslin

aemaslin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 22 September 2009 - 04:41 PM

Ok...so is there anything I can actually do now? Cheers

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:58 PM

Posted 23 September 2009 - 03:17 PM

Without being able to open any downloads, your best solution would be to reformat.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:58 PM

Posted 28 September 2009 - 06:05 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users