Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to access/use I.E. and Malware Programs


  • Please log in to reply
5 replies to this topic

#1 Ganton

Ganton

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tumwater, Wash. USA
  • Local time:09:44 PM

Posted 04 October 2009 - 12:27 PM

Say Blade, I worked my way to step 6 on the Preparation Guide, "Download and Run DDS which will create a Pseudo HJT Report as part of its log." Well, when I create the download prompt for the DDS, it does not say "File Download-Security Warning" and give me 3 buttons (run, save, and cancel) as choices. It says (on my PC), "Open File-Security Warning" and gives me only 2 button choices: run or cancel. It did this every time I created it, so out of sheer frustration, I clicked on "run" and a black screen window came up which promptly disappeared into cyberspace after a few secs. What is going on, and did this rootkit malware thing I have "eat" the DDS screen function, as it has so many other programs I've tried to run? Please help as I was well on my way to setting this up for the team to help me. Ganton sad.gif

Oh, I need to add that I was able to find a bunch of saved file dds.scr icons in a document file on my PC, so I moved one to my desk top, double clicked on it as the prep. instrux say, and got the Open Files Security Warning with the 2 options (fig. 4 in the instrux), run or cancel. I clicked on "RUN", and the black DDS screen came up momentarily as before but almost immediately disappeared into cyberspace. Is it now being killed by this malicious malware I have as have so many other programs I've tried to run? What to do? I can't proceed with these instrux past this point. Ganton

This post has been edited by Ganton: Today, 09:01 AM
Go to the top of the page


Edit Post+Quote Post
V Full Edit
V Quick Edit
Blade Zephon
View Member Profile
Add as Friend
Send Message
Find Member's Topics
Find Member's Posts

post Today, 11:53 AM
Post #6


System Guardian
******

Group: HJT Senior Classmen
Posts: 2,408
Joined: 20-January 09
From: US
Member No.: 285,001




Due to the nature of this infection it is likely that you will be unable to run traditional scanning utilities or run a full scan with RootRepeal as directed in the Preparation Guide linked above. If this is the case, you should still create your new thread in the HJT forum, but instead of DDS and full RootRepeal logs you should post your partial RootRepeal log (the one you just generated for me), as well as a log generated by this special utility. Note that the utility takes some time to run, so don't worry if it appears that nothing is happening.

Okay, here they are for the HJT Team:

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/10/03 18:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF7820000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF57B0000 Size: 138496 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF78FF000 Size: 42368 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF777F000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7EFF000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7DEF000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7C7F000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7A3F000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF797F000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF78CF000 Size: 53248 File Visible: - Signed: -
Status: -

Name: ctlface.sys
Image Path: C:\WINDOWS\system32\drivers\ctlface.sys
Address: 0xF7DA1000 Size: 6912 File Visible: - Signed: -
Status: -

Name: ctljystk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ctljystk.sys
Address: 0xF7EFC000 Size: 3712 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF78BF000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF793F000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF567D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7DFD000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF597F000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7F07000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e100b325.sys
Image Path: C:\WINDOWS\System32\DRIVERS\e100b325.sys
Address: 0xF6CA7000 Size: 119808 File Visible: - Signed: -
Status: -

Name: emu10k1f.sys
Image Path: C:\WINDOWS\system32\drivers\emu10k1f.sys
Address: 0xF6AA8000 Size: 777088 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF7BE7000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7A1F000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF7C2F000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF775F000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7DED000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7797000 Size: 125056 File Visible: - Signed: -
Status: -

Name: gameenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\gameenum.sys
Address: 0xF7D53000 Size: 10624 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF6E44000 Size: 40960 File Visible: - Signed: -
Status: -

Name: GWMDM.sys
Image Path: C:\WINDOWS\System32\DRIVERS\GWMDM.sys
Address: 0xF6B89000 Size: 1167936 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF7A4F000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7C67000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF7D3F000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HPZid412.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xF7A6F000 Size: 49664 File Visible: - Signed: -
Status: -

Name: HPZipr12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xF7653000 Size: 16224 File Visible: - Signed: -
Status: -

Name: HPZius12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xF7B27000 Size: 21568 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xF035D000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF795F000 Size: 52480 File Visible: - Signed: -
Status: -

Name: Imapi.SYS
Image Path: C:\WINDOWS\System32\Drivers\Imapi.SYS
Address: 0xF6E34000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7D73000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF792F000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Address: 0xF79EF000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xF589A000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xF5940000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF786F000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF7BDF000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7D6F000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xEF839000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xF6B66000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7736000 Size: 92288 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF78DF000 Size: 57472 File Visible: - Signed: -
Status: -

Name: mfeavfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0xF061E000 Size: 73088 File Visible: - Signed: -
Status: -

Name: mfebopk.sys
Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xF7C0F000 Size: 28544 File Visible: - Signed: -
Status: -

Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xF56BD000 Size: 207296 File Visible: - Signed: -
Status: -

Name: mfesmfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfesmfk.sys
Address: 0xF0155000 Size: 33824 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7DF1000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7BCF000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xF6DB8000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF7BD7000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xF7D43000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF789F000 Size: 42368 File Visible: - Signed: -
Status: -

Name: Mpfp.sys
Image Path: C:\WINDOWS\System32\Drivers\Mpfp.sys
Address: 0xF58C0000 Size: 159744 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xF0E2A000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xF56F0000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7C47000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF6DF4000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF7D67000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF768F000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\NDIS.SYS
Address: 0xF77B6000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF7D63000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xF12D2000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF6A0A000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF79AF000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF79FF000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xF57D2000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7C4F000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF76A9000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7E8B000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D5000 Size: 1970176 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Address: 0xF6CD9000 Size: 797184 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF6A70000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7AFF000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7DE3000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF780F000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7AF7000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF6A84000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF69F9000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF7BF7000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF78EF000 Size: 45184 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF6DB0000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF6E24000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF6E14000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF6E04000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF7BFF000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xF5760000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7DF3000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF6E54000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF040E000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xF7C57000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xF578B000 Size: 151552 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF7D57000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF796F000 Size: 64512 File Visible: - Signed: -
Status: -

Name: sfman.sys
Image Path: C:\WINDOWS\system32\drivers\sfman.sys
Address: 0xF794F000 Size: 36992 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF774D000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xF0C20000 Size: 333952 File Visible: - Signed: -
Status: -

Name: ssfs0bbc.sys
Image Path: ssfs0bbc.sys
Address: 0xF788F000 Size: 45056 File Visible: - Signed: -
Status: -

Name: sshrmd.sys
Image Path: sshrmd.sys
Address: 0xF787F000 Size: 36864 File Visible: - Signed: -
Status: -

Name: ssidrv.sys
Image Path: ssidrv.sys
Address: 0xF77E3000 Size: 180224 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF7DA3000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF10D2000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xF58E7000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7AEF000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF6DE4000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF699B000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Address: 0xF7B17000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF7DDD000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF799F000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF6A4C000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF7B1F000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xF7657000 Size: 15104 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Address: 0xF7B2F000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF7BEF000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7C3F000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xF6CC5000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF78AF000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF79DF000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7B7F000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xF0F9D000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7B9F000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF7A5F000 Size: 61440 File Visible: No Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7D71000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -

Okay, here are the results of the "special utility" scan:

Status: - Found mount point : C:\WINDOWS\Temp\MCE000a6\MCE000a6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a7\MCE000a7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a8\MCE000a8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000a9\MCE000a9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000aa\MCE000aa
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ab\MCE000ab
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ac\MCE000ac
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ad\MCE000ad
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ae\MCE000ae
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000af\MCE000af
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b0\MCE000b0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b1\MCE000b1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b2\MCE000b2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b3\MCE000b3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b4\MCE000b4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b5\MCE000b5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b6\MCE000b6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b7\MCE000b7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b8\MCE000b8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000b9\MCE000b9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ba\MCE000ba
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000bb\MCE000bb
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000bc\MCE000bc
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000bd\MCE000bd
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000be\MCE000be
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000bf\MCE000bf
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c0\MCE000c0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c1\MCE000c1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c2\MCE000c2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c3\MCE000c3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c4\MCE000c4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c5\MCE000c5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c6\MCE000c6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c7\MCE000c7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c8\MCE000c8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000c9\MCE000c9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ca\MCE000ca
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000cb\MCE000cb
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000cc\MCE000cc
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000cd\MCE000cd
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ce\MCE000ce
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000cf\MCE000cf
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d0\MCE000d0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d1\MCE000d1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d2\MCE000d2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d3\MCE000d3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d4\MCE000d4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d5\MCE000d5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d6\MCE000d6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d7\MCE000d7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d8\MCE000d8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000d9\MCE000d9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000da\MCE000da
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000db\MCE000db
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000dc\MCE000dc
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000dd\MCE000dd
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000de\MCE000de
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000df\MCE000df
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e0\MCE000e0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e1\MCE000e1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e2\MCE000e2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e3\MCE000e3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e4\MCE000e4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e5\MCE000e5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e6\MCE000e6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e7\MCE000e7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e8\MCE000e8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000e9\MCE000e9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ea\MCE000ea
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000eb\MCE000eb
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ec\MCE000ec
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ed\MCE000ed
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ee\MCE000ee
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ef\MCE000ef
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f0\MCE000f0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f1\MCE000f1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f2\MCE000f2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f3\MCE000f3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f4\MCE000f4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f5\MCE000f5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f6\MCE000f6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f7\MCE000f7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f8\MCE000f8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000f9\MCE000f9
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000fa\MCE000fa
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000fb\MCE000fb
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000fc\MCE000fc
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000fd\MCE000fd
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000fe\MCE000fe
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE000ff\MCE000ff
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00100\MCE00100
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00101\MCE00101
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00102\MCE00102
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00103\MCE00103
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00104\MCE00104
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00105\MCE00105
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00106\MCE00106
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00107\MCE00107
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00108\MCE00108
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00109\MCE00109
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0010a\MCE0010a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0010b\MCE0010b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0010c\MCE0010c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0010d\MCE0010d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0010e\MCE0010e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0010f\MCE0010f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00110\MCE00110
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00111\MCE00111
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00112\MCE00112
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00113\MCE00113
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00114\MCE00114
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00115\MCE00115
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00116\MCE00116
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00117\MCE00117
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00118\MCE00118
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00119\MCE00119
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0011a\MCE0011a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0011b\MCE0011b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0011c\MCE0011c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0011d\MCE0011d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0011e\MCE0011e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0011f\MCE0011f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00120\MCE00120
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00121\MCE00121
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00122\MCE00122
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00123\MCE00123
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00124\MCE00124
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00125\MCE00125
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00126\MCE00126
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00127\MCE00127
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00128\MCE00128
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00129\MCE00129
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0012a\MCE0012a
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0012b\MCE0012b
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0012c\MCE0012c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0012d\MCE0012d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0012e\MCE0012e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE0012f\MCE0012f
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00130\MCE00130
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00131\MCE00131
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00132\MCE00132
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00133\MCE00133
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00134\MCE00134
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MCE00135\MCE00135
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Temp\_avast4_\_avast4_
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18
e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.507
27.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^

Finished! Press any key to exit...

BC AdBot (Login to Remove)

 


#2 Ganton

Ganton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tumwater, Wash. USA
  • Local time:09:44 PM

Posted 07 October 2009 - 02:33 PM

I've been using Mozilla Firefox as my browser since I.E. became inaccessible due to this "virus" (or whatever it is), and I'm able to browse the internet with that browser. However, I have McAfee Suite protection free thru Comcast being a high-speed internet customer, but lately I have not been able to run any scans with it, and it sends up warnings that my files are not fully protected and I need to click on "Fix," but when I do, the "fix" doesn't work and I also am not able to install the frequent updates for this program, so I wonder how "protected" I am now even using this FireFox browser? I have installed the Windows Firewall, which I didn't have before because McAfee, I believe, if I'm recalling correctly, said it wasn't compatible with their firewall...Ganton

#3 Ganton

Ganton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tumwater, Wash. USA
  • Local time:09:44 PM

Posted 11 October 2009 - 12:04 PM

I also downloaded AVG Anti-Virus Free Edition 8.5 ran a scan and it picked up 22 items, about half of which looked to be rootkits. When I clicked on the remove button, a window came up that said they couldn't be removed. Lately I can't even scan anymore with the AVG as it won't even come up after I click on it....Geez, what a nasty thing has ahold of my computer, very nasty indeed. I certainly hope I can get some help, here, the sooner the better as I've been waiting on the queue for some time now.... :(

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:44 PM

Posted 18 October 2009 - 02:42 PM

Hello Ganton,

You have a nasty rootkit on this computer. :(


Please save this file to your desktop.
Click on Start->Run, and copy-paste the following command (the bolded text)

"%userprofile%\desktop\win32kdiag.exe" -f -r

into the "Open" box, and click OK.
When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with notepad and post the contents here.




Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.

Edited by SifuMike, 18 October 2009 - 02:51 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Ganton

Ganton
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tumwater, Wash. USA
  • Local time:09:44 PM

Posted 18 October 2009 - 08:14 PM

Thanks Mike, but guess what, I couldn't take it any more, could not wait any longer emotionally speaking, and my computer was a 2002 Gateway 2000 model, getting rather "long in tooth," anyway, so I went out and bought a new H.P. Pavilion Elite which I am now using and answering your gracious solution with. Sorry to put you thru all the trouble, but I want to thank you very, very much for your work on this. Also, I am running a 60 day trial version of Norton Anti-virus, but may switch over to the McAfee Protection Suite after that which is available free to me via my ISP, Comcast. The only other anti-malicious program I am now running is SuperAntiSpyware Pro-version which also offers "real-time protection" as does the Norton program. I'd really appreciate your thoughts and comments on this for future protection against theses types of malicious rootkits. Ganton

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:44 PM

Posted 18 October 2009 - 11:54 PM

Hi Ganton,

Great that you got a new computer. :( I have been waiting until Windows 7 is released before buying a new one.

SuperAntiSpyware Pro, Norton antivirus/McAfee Protection Suite are a very good choices for malware protection, but I dont think it will stop a rootkit. Some of the antivirus programs detect rootkits, but do not remove them.

Edited by SifuMike, 18 October 2009 - 11:55 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users