Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! NIGHT i HA VE MARE! MAL WARE DEFENSE BUG!


  • Please log in to reply
6 replies to this topic

#1 timkin

timkin

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:Carmichael, Ca.
  • Local time:08:45 AM

Posted 26 January 2010 - 10:13 AM

i'VE NEVER SEEN ENYTHING LIKE THIS! NEED A SERIAL KEY OR FIX INSTRUCTIONS ! i HAVE SOME KIND OF MALWARE DEFENSE BUG!! HELP 1 OH BOY11 i'M BEING ASSAULTED BY AL FAKE ALERTS 11 i'M XP WITH DUO CORE TRIED TO WEED IT OUT! ITS EVERY WHERE! ALERTS EVERY 15 TO 30 SECONDS . cAN I GET AN ASSIST? HEADEN FOR THAT COMP HEAVEN IN THE SKY!!

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Edited by Animal, 26 January 2010 - 01:56 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:45 PM

Posted 26 January 2010 - 01:50 PM

NEED A SERIAL KEY

Asking for keys is a violation of forum rules

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.


If you are infected and need help, please post in out Am I Infected forum
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Please give a more detailed description of the problem than what you have given here
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Animal

Animal

    Bleepin' Animinion


  • Members
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:08:45 AM

Posted 26 January 2010 - 01:57 PM

Take a look here: Remove Malware Defense (Uninstall Guide)

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+


#4 timkin

timkin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:Carmichael, Ca.
  • Local time:08:45 AM

Posted 01 February 2010 - 03:06 PM

My appologies for the combo fix statement, but I knew the Malware Defense issue was a scam and didn't know how it was being fixed. Otherwise I wouldn't have mentioned it. I'm a little smarter than the average bear but not quite that good evidently. For I have another problem that must of come in with that Malware Defense virus. It seems an "H8SRT" program is embedded in my systerm and I need to remove it also. Can anyone tell me the prceedure for that???
Any assistance is appreciated. Oh and thank you for the Malware fix instructions. It worked great.

Edited by timkin, 01 February 2010 - 03:09 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:45 AM

Posted 01 February 2010 - 04:38 PM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 timkin

timkin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Location:Carmichael, Ca.
  • Local time:08:45 AM

Posted 02 February 2010 - 05:29 AM

Here is the ifo you requesteed regarding my "H8SRT" delemna:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/02 01:18
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: nv4_mini.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Address: 0xB9E40000 Size: 6132576 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D6000 Size: 6057984 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: NVNRM.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\NVNRM.SYS
Address: 0xBA41A000 Size: 958464 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA65B000 Size: 574464 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xB79C8000 Size: 453632 File Visible: - Signed: -
Status: -

Name: cmaudio.sys
Image Path: C:\WINDOWS\system32\drivers\cmaudio.sys
Address: 0xBA528000 Size: 377280 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xB7B24000 Size: 360320 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xB7ACD000 Size: 353920 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xB6DBE000 Size: 333184 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xB76CE000 Size: 326528 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB6440000 Size: 263552 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xB9D08000 Size: 209408 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA779000 Size: 187776 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA62E000 Size: 182912 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xB6FC8000 Size: 181248 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xB7A37000 Size: 174592 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xB7A84000 Size: 162816 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xBA504000 Size: 147456 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xB6A03000 Size: 143360 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xBA585000 Size: 143360 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xBA5A8000 Size: 143360 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB7A62000 Size: 138368 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xB7AAC000 Size: 134912 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E2000 Size: 134400 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xBA711000 Size: 128896 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA749000 Size: 125056 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA613000 Size: 107904 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB768E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xBA731000 Size: 95360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA6E8000 Size: 92544 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xB9E15000 Size: 91776 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB68D6000 Size: 82944 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9E2C000 Size: 81920 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xB7B7C000 Size: 74752 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C4000 Size: 73728 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xBA6FF000 Size: 73472 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xB9E04000 Size: 69120 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xBA768000 Size: 68224 File Visible: - Signed: -
Status: -

Name: Udfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xB5655000 Size: 66176 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xBAAF8000 Size: 64896 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB9DE4000 Size: 63744 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA948000 Size: 61440 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB6943000 Size: 60800 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xBA9E8000 Size: 57600 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xBA938000 Size: 57472 File Visible: - Signed: -
Status: -

Name: AmdPPM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
Address: 0xBAAE8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xBA8E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xBAB08000 Size: 52736 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA8C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xBA978000 Size: 51328 File Visible: - Signed: -
Status: -

Name: HPZid412.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xB701D000 Size: 50752 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xBA928000 Size: 49536 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB6358000 Size: 49152 File Visible: No Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xBA998000 Size: 48384 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8B8000 Size: 42240 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xBA958000 Size: 41856 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xBA988000 Size: 41472 File Visible: - Signed: -
Status: -

Name: nvnetbus.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nvnetbus.sys
Address: 0xBA968000 Size: 40960 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xBA9B8000 Size: 40704 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA9D8000 Size: 38016 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Address: 0xBAA48000 Size: 36864 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA8D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8A8000 Size: 35840 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA8F8000 Size: 35712 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xBA9A8000 Size: 35072 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBAA38000 Size: 34944 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xBAA18000 Size: 34560 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xBAA08000 Size: 34560 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Address: 0xBAC90000 Size: 31616 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBAC88000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBAC58000 Size: 30080 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS
Address: 0xBAC28000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xBAB28000 Size: 28672 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xBAC18000 Size: 27392 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xBAC38000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbprint.sys
Address: 0xBACA8000 Size: 25856 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xBAC60000 Size: 24576 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xBAC20000 Size: 23040 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xBACB0000 Size: 21760 File Visible: - Signed: -
Status: -

Name: HPZius12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xBAB80000 Size: 21184 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBAC78000 Size: 20992 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xBAC68000 Size: 20480 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xBAC40000 Size: 20480 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBABC0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: ADM8511.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
Address: 0xBAC98000 Size: 20160 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBAC80000 Size: 19072 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB30000 Size: 18688 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xBAC48000 Size: 17792 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Address: 0xBAC30000 Size: 17024 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xBAC50000 Size: 16512 File Visible: - Signed: -
Status: -

Name: HPZipr12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xB6AF6000 Size: 15808 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xBA5E3000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xBAD90000 Size: 15488 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbscan.sys
Address: 0xB6AFE000 Size: 15104 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xB9D60000 Size: 14848 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xB727D000 Size: 12928 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xBA5DF000 Size: 12288 File Visible: - Signed: -
Status: -

Name: gameenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\gameenum.sys
Address: 0xBAD44000 Size: 10624 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Address: 0xBAD88000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xBADA4000 Size: 9600 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xBAD58000 Size: 8832 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wmiacpi.sys
Address: 0xBADA0000 Size: 8832 File Visible: - Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE2E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xBADD4000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xBADAA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBADE6000 Size: 7936 File Visible: - Signed: -
Status: -

Name: serscan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serscan.sys
Address: 0xBADD6000 Size: 6784 File Visible: - Signed: -
Status: -

Name: RootMdm.sys
Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xBADD8000 Size: 5888 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xBADDA000 Size: 4352 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBADE8000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBADEA000 Size: 4224 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBADEC000 Size: 4224 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBAE8B000 Size: 4096 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBAE70000 Size: 3328 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xBAFA3000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAEB0000 Size: 2944 File Visible: - Signed: -
Status: -


I've locked 4 irtems clearl;y "H8SRT" in my AVG vault and run spybot also. Tet my, normaly very fast system acts as if in geriatrics. Hope this helps. Thanks.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:45 AM

Posted 02 February 2010 - 02:06 PM

Hello, we ned to look again with GMER.
We need to disable Spybot S&D's "TeaTimer" if running
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users