Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run Firefox, IE and have Win32Trojan.tdss


  • This topic is locked This topic is locked
4 replies to this topic

#1 brother_dev

brother_dev

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 19 September 2009 - 08:47 AM

My XP Professional system is experiencing issues with accessing the internet. Firefox and IE will load but any Google search will return a blank screen only. MSNExplorer will work and I can surf the web. However, whenever I get to any registration form (like I did for BleepingComputer.com), I am unable to enter text into the registration form. Similarly, I cannot enter the password to my Trend Internet Security. I have run AdAware and it keeps finding a trojan identified as Win32Trojan.tdss. I follow the Recommended action - it suggests a reboot but the trojan appears again with the associated problems. In addition, I also experience the dialog box that pops saying that the Google installer could not complete its install.

In reading forums, I have downloaded Combofix from the BleepingComputers site but cannot run it after following the instructions. It will appear as a process running but the information screen does not display.

Any advice on how to resolve these issues would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:02:07 PM

Posted 19 September 2009 - 09:14 PM

Do not run Combofix

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Direct Download (Recommended)
  • Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)

  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Riight-click on rootrepeal.exe and rename it to tatertot.scr
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

----------------------------------

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 brother_dev

brother_dev
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 20 September 2009 - 09:18 PM

Below is the RootRepeal report. Thanks for the assistance!

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/20 22:14
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS
Address: 0xF7677000 Size: 57344 File Visible: - Signed: Yes
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF75A8000 Size: 187776 File Visible: - Signed: Yes
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: Yes
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB5BB3000 Size: 138496 File Visible: - Signed: Yes
Status: -

Name: AFS2K.SYS
Image Path: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Address: 0xF7507000 Size: 35840 File Visible: - Signed: Yes
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7687000 Size: 42368 File Visible: - Signed: Yes
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\System32\DRIVERS\arp1394.sys
Address: 0xBADB8000 Size: 60800 File Visible: - Signed: Yes
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF749A000 Size: 96512 File Visible: - Signed: Yes
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: Yes
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7A88000 Size: 3072 File Visible: - Signed: Yes
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79BB000 Size: 4224 File Visible: - Signed: Yes
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: Yes
Status: -

Name: CCDECODE.sys
Image Path: C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
Address: 0xBA20D000 Size: 17024 File Visible: - Signed: Yes
Status: -

Name: cdfdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdfdrv.sys
Address: 0xBAD98000 Size: 45056 File Visible: - Signed: Yes
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB4895000 Size: 63744 File Visible: - Signed: Yes
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF74F7000 Size: 62976 File Visible: - Signed: Yes
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7637000 Size: 53248 File Visible: - Signed: Yes
Status: -

Name: cmdguard.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
Address: 0xB5D7C000 Size: 72448 File Visible: - Signed: Yes
Status: -

Name: cmdhlp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
Address: 0xF7797000 Size: 17024 File Visible: - Signed: Yes
Status: -

Name: ctac32k.sys
Image Path: C:\WINDOWS\system32\drivers\ctac32k.sys
Address: 0xB6DC8000 Size: 131744 File Visible: - Signed: Yes
Status: -

Name: ctaud2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctaud2k.sys
Address: 0xB9203000 Size: 449920 File Visible: - Signed: Yes
Status: -

Name: ctoss2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctoss2k.sys
Address: 0xB91A3000 Size: 102080 File Visible: - Signed: Yes
Status: -

Name: ctprxy2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctprxy2k.sys
Address: 0xF79A9000 Size: 5632 File Visible: - Signed: Yes
Status: -

Name: ctsfm2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctsfm2k.sys
Address: 0xB6D8E000 Size: 124704 File Visible: - Signed: Yes
Status: -

Name: ctxpidmn.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ctxpidmn.sys
Address: 0xB5785000 Size: 16128 File Visible: - Signed: Yes
Status: -

Name: CtxSbx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CtxSbx.sys
Address: 0xB5641000 Size: 196608 File Visible: - Signed: Yes
Status: -

Name: CVPNDRVA.sys
Image Path: C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
Address: 0xB521F000 Size: 544768 File Visible: - Signed: No
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7627000 Size: 36352 File Visible: - Signed: Yes
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF74B2000 Size: 153344 File Visible: - Signed: Yes
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798D000 Size: 5888 File Visible: - Signed: Yes
Status: -

Name: dne2000.sys
Image Path: C:\WINDOWS\system32\DRIVERS\dne2000.sys
Address: 0xB90B4000 Size: 110080 File Visible: - Signed: Yes
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7537000 Size: 61440 File Visible: - Signed: Yes
Status: -

Name: drvmcdb.sys
Image Path: drvmcdb.sys
Address: 0xF7466000 Size: 80704 File Visible: - Signed: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB5A12000 Size: 98304 File Visible: No Signed: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A09000 Size: 8192 File Visible: No Signed: No
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB5D70000 Size: 12288 File Visible: - Signed: Yes
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: Yes
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7A5D000 Size: 4096 File Visible: - Signed: Yes
Status: -

Name: emupia2k.sys
Image Path: C:\WINDOWS\system32\drivers\emupia2k.sys
Address: 0xB6DAD000 Size: 107744 File Visible: - Signed: Yes
Status: -

Name: EvcapMau.sys
Image Path: C:\WINDOWS\System32\DRIVERS\EvcapMau.sys
Address: 0xB9178000 Size: 172160 File Visible: - Signed: Yes
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xB5C87000 Size: 143744 File Visible: - Signed: Yes
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF77DF000 Size: 27392 File Visible: - Signed: Yes
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7567000 Size: 44544 File Visible: - Signed: Yes
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF780F000 Size: 20480 File Visible: - Signed: Yes
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF747A000 Size: 129792 File Visible: - Signed: Yes
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79B9000 Size: 7936 File Visible: - Signed: Yes
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74D8000 Size: 125056 File Visible: - Signed: Yes
Status: -

Name: gameenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\gameenum.sys
Address: 0xBA1BD000 Size: 10624 File Visible: - Signed: Yes
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xBAFE0000 Size: 40960 File Visible: - Signed: Yes
Status: -

Name: ha10kx2k.sys
Image Path: C:\WINDOWS\system32\drivers\ha10kx2k.sys
Address: 0xB6DE9000 Size: 766592 File Visible: - Signed: Yes
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806FF000 Size: 134400 File Visible: - Signed: Yes
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Address: 0xBAD38000 Size: 36864 File Visible: - Signed: Yes
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS
Address: 0xF774F000 Size: 28672 File Visible: - Signed: Yes
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Address: 0xBADDC000 Size: 10368 File Visible: - Signed: Yes
Status: -

Name: HPZid412.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xBAA52000 Size: 49920 File Visible: - Signed: Yes
Status: -

Name: HPZipr12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xBADD0000 Size: 16224 File Visible: - Signed: Yes
Status: -

Name: HPZius12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xF775F000 Size: 21568 File Visible: - Signed: Yes
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB3773000 Size: 264832 File Visible: - Signed: Yes
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xBAFC0000 Size: 52480 File Visible: - Signed: Yes
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF7517000 Size: 42112 File Visible: - Signed: Yes
Status: -

Name: inspect.sys
Image Path: inspect.sys
Address: 0xF743E000 Size: 67968 File Visible: - Signed: Yes
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF798B000 Size: 5504 File Visible: - Signed: Yes
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF7547000 Size: 36352 File Visible: - Signed: Yes
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xB5AF2000 Size: 152832 File Visible: - Signed: Yes
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xB5C56000 Size: 75264 File Visible: - Signed: Yes
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000 Size: 37248 File Visible: - Signed: Yes
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF77E7000 Size: 24576 File Visible: - Signed: Yes
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: Yes
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB91BC000 Size: 143360 File Visible: - Signed: Yes
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF744F000 Size: 92928 File Visible: - Signed: Yes
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF7647000 Size: 57472 File Visible: - Signed: Yes
Status: -

Name: lmimirr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lmimirr.sys
Address: 0xBA85A000 Size: 3200 File Visible: - Signed: Yes
Status: -

Name: LMIRfsDriver.sys
Image Path: C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
Address: 0xB51EF000 Size: 40960 File Visible: - Signed: Yes
Status: -

Name: ltmdmnt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys
Address: 0xB90E3000 Size: 606656 File Visible: - Signed: Yes
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79BD000 Size: 4224 File Visible: - Signed: Yes
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF77D7000 Size: 30080 File Visible: - Signed: Yes
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF7807000 Size: 23040 File Visible: - Signed: Yes
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xBADD4000 Size: 12160 File Visible: - Signed: Yes
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000 Size: 42368 File Visible: - Signed: Yes
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xB5434000 Size: 180608 File Visible: - Signed: Yes
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xB5B18000 Size: 455296 File Visible: - Signed: Yes
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7737000 Size: 19072 File Visible: - Signed: Yes
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xBAF80000 Size: 35072 File Visible: - Signed: Yes
Status: -

Name: MSPQM.sys
Image Path: C:\WINDOWS\system32\drivers\MSPQM.sys
Address: 0xF79EB000 Size: 4992 File Visible: - Signed: Yes
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xBAF12000 Size: 15488 File Visible: - Signed: Yes
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBAF46000 Size: 105344 File Visible: - Signed: Yes
Status: -

Name: NDIS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\NDIS.SYS
Address: 0xF7411000 Size: 182656 File Visible: - Signed: Yes
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xBA1A1000 Size: 10112 File Visible: - Signed: Yes
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xB5675000 Size: 14592 File Visible: - Signed: Yes
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xB909D000 Size: 91520 File Visible: - Signed: Yes
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBAF60000 Size: 40576 File Visible: - Signed: Yes
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF7587000 Size: 34688 File Visible: - Signed: Yes
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xB5BD5000 Size: 162816 File Visible: - Signed: Yes
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nic1394.sys
Address: 0xF76C7000 Size: 61824 File Visible: - Signed: Yes
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF773F000 Size: 30848 File Visible: - Signed: Yes
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000 Size: 574976 File Visible: - Signed: Yes
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: Yes
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA271000 Size: 2944 File Visible: - Signed: Yes
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D5000 Size: 5775360 File Visible: - Signed: Yes
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Address: 0xB92A9000 Size: 7435392 File Visible: - Signed: Yes
Status: -

Name: nvoclock.sys
Image Path: C:\WINDOWS\nvoclock.sys
Address: 0xF781F000 Size: 29696 File Visible: - Signed: No
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7667000 Size: 61696 File Visible: - Signed: Yes
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xB90CF000 Size: 80128 File Visible: - Signed: Yes
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 19712 File Visible: - Signed: Yes
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF79C9000 Size: 6784 File Visible: - Signed: Yes
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7597000 Size: 68224 File Visible: - Signed: Yes
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: Yes
Status: -

Name: pfc.sys
Image Path: C:\WINDOWS\system32\drivers\pfc.sys
Address: 0xBA1B9000 Size: 9856 File Visible: - Signed: No
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: Yes
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB91DF000 Size: 147456 File Visible: - Signed: Yes
Status: -

Name: PS2.sys
Image Path: C:\WINDOWS\System32\DRIVERS\PS2.sys
Address: 0xBA1A9000 Size: 14112 File Visible: - Signed: Yes
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xB908C000 Size: 69120 File Visible: - Signed: Yes
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF77F7000 Size: 17792 File Visible: - Signed: Yes
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF789B000 Size: 15808 File Visible: - Signed: No
Status: -

Name: radpms.sys
Image Path: C:\WINDOWS\system32\DRIVERS\radpms.sys
Address: 0xBA9B4000 Size: 5248 File Visible: - Signed: Yes
Status: -

Name: RaInfo.sys
Image Path: C:\Program Files\LogMeIn\x86\RaInfo.sys
Address: 0xBA9A6000 Size: 6144 File Visible: - Signed: Yes
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xB8FC9000 Size: 8832 File Visible: - Signed: Yes
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xBAFB0000 Size: 51328 File Visible: - Signed: Yes
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xBAFA0000 Size: 41472 File Visible: - Signed: Yes
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xBAF90000 Size: 48384 File Visible: - Signed: Yes
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF77FF000 Size: 16512 File Visible: - Signed: Yes
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: Yes
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xB5B88000 Size: 175744 File Visible: - Signed: Yes
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79BF000 Size: 4224 File Visible: - Signed: Yes
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xB905C000 Size: 196224 File Visible: - Signed: Yes
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xBAFF0000 Size: 57600 File Visible: - Signed: Yes
Status: -

Name: sbp2port.sys
Image Path: sbp2port.sys
Address: 0xF7657000 Size: 43904 File Visible: - Signed: Yes
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xBA1AD000 Size: 15744 File Visible: - Signed: Yes
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xBAFD0000 Size: 64512 File Visible: - Signed: Yes
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xB4F38000 Size: 333952 File Visible: - Signed: Yes
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\STREAM.SYS
Address: 0xF7527000 Size: 53248 File Visible: - Signed: Yes
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF79AD000 Size: 4352 File Visible: - Signed: Yes
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB49F8000 Size: 60800 File Visible: - Signed: Yes
Status: -

Name: tatertot.scr.sys
Image Path: C:\WINDOWS\system32\drivers\tatertot.scr.sys
Address: 0xB39A4000 Size: 49152 File Visible: No Signed: No
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xB5BFD000 Size: 361600 File Visible: - Signed: Yes
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF77EF000 Size: 20480 File Visible: - Signed: Yes
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xBAF70000 Size: 40704 File Visible: - Signed: Yes
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xB8FFE000 Size: 384768 File Visible: - Signed: Yes
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Address: 0xF7717000 Size: 32128 File Visible: - Signed: Yes
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF79B3000 Size: 8192 File Visible: - Signed: Yes
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF77CF000 Size: 30208 File Visible: - Signed: Yes
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xBADA8000 Size: 59520 File Visible: - Signed: Yes
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xB9271000 Size: 147456 File Visible: - Signed: Yes
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbprint.sys
Address: 0xF7757000 Size: 25856 File Visible: - Signed: Yes
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbscan.sys
Address: 0xBADD8000 Size: 15104 File Visible: - Signed: Yes
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Address: 0xBA235000 Size: 26368 File Visible: - Signed: Yes
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF77C7000 Size: 20608 File Visible: - Signed: Yes
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF772F000 Size: 20992 File Visible: - Signed: Yes
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9295000 Size: 81920 File Visible: - Signed: Yes
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7617000 Size: 52352 File Visible: - Signed: Yes
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF7557000 Size: 34560 File Visible: - Signed: Yes
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF779F000 Size: 20480 File Visible: - Signed: Yes
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB49AB000 Size: 83072 File Visible: - Signed: Yes
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: Yes
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: Yes
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: Yes
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: Yes
Status: -

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:02:07 PM

Posted 21 September 2009 - 05:56 PM

Now that you were successful in creating a log you need to post it in our HJT forum:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Give a brief description and tell them that this log was all you could get to run successfully
The HJT team is extremely busy, so be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:07 PM

Posted 22 September 2009 - 10:03 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/259553/firefox-and-ie-will-run-but-return-a-blank-screen-only-on-search/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users