Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a virus- possible registry problems


  • Please log in to reply
3 replies to this topic

#1 bringthapayne

bringthapayne

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 01 October 2009 - 03:02 PM

I have xp pro and here are my problems...

  • I cannot boot in safe mode
  • I get a pop up saying "windows media player network sharing service has encountered a problem and needs to close. we are sorry for the inconvenience" This occurs just about every 20 seconds
  • Cannot play either windows media player or itunes
  • cannot install most .exe files
I have tried using AVG and it detected 9 viruses, but the problems are still there. I downloaded malwarebytes but it wont install. I have spybot s&d but it will not start. When i do it says "windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I appreciate all help in advance,

-Aaron

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:56 PM

Posted 01 October 2009 - 03:18 PM

Hello.

Let's see if we can get this program to run

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • Click the "Drivers" tab, and then click the Posted Image button.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
RootRepeal log

Edited by Blade Zephon, 01 October 2009 - 03:19 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 bringthapayne

bringthapayne
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 01 October 2009 - 03:58 PM

Okay first, thanks for the reply,


When i attempted to run root repeal it first gave me an error message saying "could not read the boot sector. Try adjusting the disk access level in the options dialog." I clicked okay, and it came up a few more times. I kept clicking okay and then finally the program loaded up. I ran the program, which took no more than about 10 seconds. I saved the log.. here is what i got:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/01 16:53
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9F79000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xBA4C4000 Size: 11648 File Visible: - Signed: -
Status: -

Name: adfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\adfs.SYS
Address: 0xA7CA2000 Size: 69248 File Visible: - Signed: -
Status: -

Name: aeaudio.sys
Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xBA58C000 Size: 8416 File Visible: - Signed: -
Status: -

Name: aec.sys
Image Path: C:\WINDOWS\system32\drivers\aec.sys
Address: 0xA72AB000 Size: 8416 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA84E0000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Address: 0xB8C0F000 Size: 1066208 File Visible: - Signed: -
Status: -

Name: asyncmac.sys
Image Path: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Address: 0xA69CA000 Size: 8416 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9EED000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xBA6C3000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xA8310000 Size: 328576 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xBA378000 Size: 21120 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xA852A000 Size: 101888 File Visible: - Signed: -
Status: -

Name: b57xp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Address: 0xB902D000 Size: 190592 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\BATTC.SYS
Address: 0xBA4C0000 Size: 16384 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA600000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB8B49000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xBA2D8000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\CmBatt.sys
Address: 0xB9DA4000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xBA4BC000 Size: 10240 File Visible: - Signed: -
Status: -

Name: cpqbttn.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
Address: 0xB9DA8000 Size: 9472 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA0D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xB9F05000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xBA5AC000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA278000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA82AC000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA60E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB89DD000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA783000 Size: 4096 File Visible: - Signed: -
Status: -

Name: eeCtrl.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xA837E000 Size: 385024 File Visible: - Signed: -
Status: -

Name: EraserUtilRebootDrv.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Address: 0xA8361000 Size: 118784 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA82C4000 Size: 143744 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA258000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9ECD000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5FE000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9F2B000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xBA418000 Size: 21120 File Visible: - Signed: -
Status: -

Name: gtipci21.sys
Image Path: C:\WINDOWS\system32\DRIVERS\gtipci21.sys
Address: 0xB8D9B000 Size: 87936 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA2F8000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBA420000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA68E2000 Size: 10368 File Visible: - Signed: -
Status: -

Name: hphid409.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hphid409.sys
Address: 0xA568E000 Size: 50528 File Visible: - Signed: -
Status: -

Name: hphipr09.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hphipr09.sys
Address: 0xA6F76000 Size: 15840 File Visible: - Signed: -
Status: -

Name: hphius09.sys
Image Path: C:\WINDOWS\System32\drivers\hphius09.sys
Address: 0xBA3A8000 Size: 18592 File Visible: - Signed: -
Status: -

Name: hphs2k09.sys
Image Path: C:\WINDOWS\System32\Drivers\hphs2k09.sys
Address: 0xA5D3A000 Size: 50144 File Visible: - Signed: -
Status: -

Name: HpqKbFiltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
Address: 0xBA400000 Size: 16768 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA7B99000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xBA2A8000 Size: 52480 File Visible: - Signed: -
Status: -

Name: igxpdv32.DLL
Image Path: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF04E000 Size: 1564672 File Visible: - Signed: -
Status: -

Name: igxpdx32.DLL
Image Path: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF1CC000 Size: 2531328 File Visible: - Signed: -
Status: -

Name: igxpgd32.dll
Image Path: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000 Size: 172032 File Visible: - Signed: -
Status: -

Name: igxpmp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xB9070000 Size: 5672032 File Visible: - Signed: -
Status: -

Name: igxprd32.dll
Image Path: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000 Size: 73728 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xBA2C8000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xBA268000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xA856B000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xA8618000 Size: 75264 File Visible: - Signed: -
Status: -

Name: irda.sys
Image Path: C:\WINDOWS\System32\DRIVERS\irda.sys
Address: 0xA803E000 Size: 88192 File Visible: - Signed: -
Status: -

Name: irenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\irenum.sys
Address: 0xBA59C000 Size: 11264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xBA408000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xB95ED000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA5C2C000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB8D14000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9EA4000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mfeapfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeapfk.sys
Address: 0xA7385000 Size: 57504 File Visible: - Signed: -
Status: -

Name: mfeavfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0xA72F3000 Size: 66208 File Visible: - Signed: -
Status: -

Name: mfebopk.sys
Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xA78E6000 Size: 27232 File Visible: - Signed: -
Status: -

Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xA732C000 Size: 164672 File Visible: - Signed: -
Status: -

Name: mferkdk.sys
Image Path: C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
Address: 0xBA368000 Size: 25088 File Visible: - Signed: -
Status: -

Name: mfetdik.sys
Image Path: C:\WINDOWS\system32\drivers\mfetdik.sys
Address: 0xBA218000 Size: 45376 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA602000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBA3F8000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xBA410000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xA588E000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xA7CB3000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xA83DC000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA350000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xBA148000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xB95FD000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9DD0000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NAVENG.SYS
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090930.022\NAVENG.SYS
Address: 0xA5AAE000 Size: 78208 File Visible: - Signed: -
Status: -

Name: NAVEX15.SYS
Image Path: C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090930.022\NAVEX15.SYS
Address: 0xA5AC2000 Size: 1316864 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9DEA000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xB9D98000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xA8188000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xB8B69000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA168000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xBA228000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xA8502000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA358000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9E17000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA761000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nwlnkipx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
Address: 0xA8028000 Size: 88320 File Visible: - Signed: -
Status: -

Name: nwlnknb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
Address: 0xA86CF000 Size: 63232 File Visible: - Signed: -
Status: -

Name: nwlnkspx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
Address: 0xA7E90000 Size: 55936 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
Address: 0xBA671000 Size: 4096 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xB8BFB000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xBA60A000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB9F68000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xB9F4A000 Size: 120192 File Visible: - Signed: -
Status: -

Name: pnarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\pnarp.sys
Address: 0xBA3C0000 Size: 18560 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB8D37000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xB8AB8000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xBA438000 Size: 17792 File Visible: - Signed: -
Status: -

Name: purendis.sys
Image Path: C:\WINDOWS\system32\DRIVERS\purendis.sys
Address: 0xBA3C8000 Size: 19840 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA0F8000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xBA574000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasirda.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasirda.sys
Address: 0xBA428000 Size: 19584 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xBA308000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xBA318000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xBA138000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xBA440000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xA844C000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA604000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xB8A88000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xBA2E8000 Size: 57600 File Visible: - Signed: -
Status: -

Name: RNDISMPX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\RNDISMPX.SYS
Address: 0xA78DE000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA531E000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\WINDOWS\System32\DRIVERS\sdbus.sys
Address: 0xB8DB1000 Size: 79232 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xBA598000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xBA288000 Size: 64512 File Visible: - Signed: -
Status: -

Name: smcirda.sys
Image Path: C:\WINDOWS\System32\DRIVERS\smcirda.sys
Address: 0xBA298000 Size: 35840 File Visible: - Signed: -
Status: -

Name: SMCLIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SMCLIB.SYS
Address: 0xBA588000 Size: 16384 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xB8D5B000 Size: 259840 File Visible: - Signed: -
Status: -

Name: SPBBCDrv.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Address: 0xA8477000 Size: 430080 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB9EBB000 Size: 73472 File Visible: - Signed: -
Status: -

Name: SRTSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\SRTSP.SYS
Address: 0xA889A000 Size: 303104 File Visible: - Signed: -
Status: -

Name: SRTSPX.SYS
Image Path: C:\WINDOWS\System32\Drivers\SRTSPX.SYS
Address: 0xBA1F8000 Size: 37120 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xA7ACF000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xBA5CC000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Address: 0xA8733000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SYMREDRV.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Address: 0xBA490000 Size: 20992 File Visible: - Signed: -
Status: -

Name: SYMTDI.SYS
Image Path: C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Address: 0xA8591000 Size: 184832 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA7223000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xA85BF000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xBA430000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xBA158000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tifm21.sys
Image Path: C:\WINDOWS\system32\drivers\tifm21.sys
Address: 0xB8DC5000 Size: 162176 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xB89F1000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usb8023x.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usb8023x.sys
Address: 0xA5C1C000 Size: 12800 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Address: 0xA6B92000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xBA5D0000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xBA3F0000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xBA198000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xB9009000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Address: 0xBA478000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xBA3E8000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA348000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB905C000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: w29n51.sys
Image Path: C:\WINDOWS\system32\DRIVERS\w29n51.sys
Address: 0xB8DED000 Size: 2210048 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xBA248000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBA388000 Size: 20480 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
Address: 0xB8B80000 Size: 503808 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Address: 0xBA2B8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA70D6000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xBA3A0000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xB8B59000 Size: 61440 File Visible: No Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wmiacpi.sys
Address: 0xB9DA0000 Size: 8832 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:56 PM

Posted 01 October 2009 - 04:28 PM

You have an active rootkit on your machine. With the information you have provided I believe you will need help from the malware removal team. Please read the information about getting started. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The HJT team is very busy, so it could be several days before you receive a reply. But rest assured, help is on the way!

Due to the nature of this infection it is likely that you will be unable to run traditional scanning utilities or run a full scan with RootRepeal as directed in the Preparation Guide linked above. If this is the case, you should still create your new thread in the HJT forum, but instead of DDS and full RootRepeal logs you should post your partial RootRepeal log (the one you just generated for me), as well as a log generated by this special utility. Note that the utility takes some time to run, so don't worry if it appears that nothing is happening.

Sorry I couldn't do more for you here; they'll be able to help in HJT.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users