Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Malware


  • This topic is locked This topic is locked
12 replies to this topic

#1 junyajax

junyajax

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 10 July 2010 - 10:34 PM

:thumbsup: Hello I am new here, and frustrated as all heck. I have a computer Dell xps210 that has some hidden malware. I have installed, updated, and run Malwarbytes, superantispyware, and avast. I also have ad-aware and zone alarm firewall running. I was able to remove some viruses, and malware, but there is one that is just hanging around.

1st- When I am on the web my browser will kinda flash a little and my volume goes silent. I can open my sound bar and click on wave audio, and the sound returns. It does this every 30-90 seconds when watching videos. It also causes my curser to disappear also while typing.

2nd- I get popups and sound bits even when my browser is closed.

The computer runs OK for the most part, but these glitches are driving me insane. I would really appreciate the help. Thank you in advance!

For early convenience, here are my reports from rootrepeal.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/07/10 20:11
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\NetworkService\Cookies\system@adnxs[2].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\NetworkService\Cookies\system@adnxs[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\05IZG9QB\st[51]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\05IZG9QB\CAW9Y35N.htm
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\05IZG9QB\imp[5].com%2Fadserv%2F%3Faff_id%3D3196&r=0
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OR5HJ31Q\st[22]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OR5HJ31Q\CAUV41QV.htm
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OR5HJ31Q\imp[7].php%3Faff_id%3D12529&r=0
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OR5HJ31Q\wowtrial08_300x250_flash_10million_50k_tag[1].swf
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\qndj1qfp\st[4]
Status: Allocation size mismatch (API: 8192, Raw: 16384)

Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QNDJ1QFP\ac0e391f28ad7f5af6724fb1c15d7b84[1].png
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QNDJ1QFP\imp[11].php%3Faff_id%3D12529&r=0
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QNDJ1QFP\imp[12].php%3Faff_id%3D12529&r=0
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QNDJ1QFP\index[3].htm
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\networkservice\local settings\temporary internet files\content.ie5\w9s6fg1z\st[13]
Status: Allocation size mismatch (API: 8192, Raw: 16384)

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\356AMG9K.RPE\0PEJ2DZR.YKM\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\356AMG9K.RPE\0PEJ2DZR.YKM\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\KM3W2380.7E5\PBT38QV1.32D\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Betty\Local Settings\Apps\2.0\YYYTYLNN.9J2\VXPQ5NLY.EBM\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/07/10 20:11
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA8C8000 Size: 57344 File Visible: - Signed: -
Status: -

Name: Aavmker4.SYS
Image Path: C:\WINDOWS\System32\Drivers\Aavmker4.SYS
Address: 0xA18D1000 Size: 22144 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA779000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Afc.sys
Image Path: C:\WINDOWS\system32\drivers\Afc.sys
Address: 0xBAC28000 Size: 32768 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA4E9A000 Size: 138496 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xB946B000 Size: 60800 File Visible: - Signed: -
Status: -

Name: aswFsBlk.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswFsBlk.SYS
Address: 0xB9B2A000 Size: 11008 File Visible: - Signed: -
Status: -

Name: aswMon2.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswMon2.SYS
Address: 0x96439000 Size: 93440 File Visible: - Signed: -
Status: -

Name: aswRdr.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswRdr.SYS
Address: 0xBAC10000 Size: 16640 File Visible: - Signed: -
Status: -

Name: aswSP.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswSP.SYS
Address: 0x9F8B3000 Size: 158720 File Visible: - Signed: -
Status: -

Name: aswTdi.SYS
Image Path: C:\WINDOWS\System32\Drivers\aswTdi.SYS
Address: 0xB948B000 Size: 39936 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA19000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D6000 Size: 274432 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB9975000 Size: 1642496 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFAA1000 Size: 2756608 File Visible: - Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBFA5F000 Size: 270336 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFD42000 Size: 1753088 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBAF64000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBAE28000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0x99680000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBAAF8000 Size: 62976 File Visible: - Signed: -
Status: -

Name: cercsr6.sys
Image Path: cercsr6.sys
Address: 0xBAB30000 Size: 29120 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA908000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA8F8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xBA723000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xBADAC000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xB94AB000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0x98518000 Size: 815104 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA1931000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C4000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBAEAD000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e1e5132.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xB9921000 Size: 262144 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xB944B000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xBA624000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBAE26000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA749000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB98D5000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xA3DA4000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBABD8000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA1811000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xA51C3000 Size: 731136 File Visible: - Signed: -
Status: -

Name: HSF_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Address: 0xA5276000 Size: 988032 File Visible: - Signed: -
Status: -

Name: HSFHWAZL.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
Address: 0xA5368000 Size: 209536 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0x962B8000 Size: 265728 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xBA65C000 Size: 815104 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBAAE8000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBAAD8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA4F8D000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA500C000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: ISWKL.sys
Image Path: C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
Address: 0xBABA0000 Size: 32768 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBAC48000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xA17C5000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0x8CEB5000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB98B2000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA5FB000 Size: 92928 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xBA918000 Size: 57600 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0x96385000 Size: 12672 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBAE2A000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBABB8000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBAC50000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA17CD000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8D8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA4DFF000 Size: 455680 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBABE8000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA958000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBAD74000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA514000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xBA52E000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA46B000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA194D000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB989B000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA998000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xB945B000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA4F65000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xBA938000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBABF0000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA55B000 Size: 574976 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA55B000 Size: 574976 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAF6F000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA8B8000 Size: 61696 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB28000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xBA768000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA508F000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB988A000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBAC38000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBAB38000 Size: 19936 File Visible: - Signed: -
Status: -

Name: PzWDM.sys
Image Path: PzWDM.sys
Address: 0xBACBC000 Size: 8288 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBA487000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBAB08000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBAB18000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA948000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBAC40000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA4E6F000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBAE2C000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB985A000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA978000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.SYS
Image Path: C:\WINDOWS\System32\Drivers\rootrepeal.SYS
Address: 0x94A9A000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0x98BE3000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0x8D584000 Size: 139264 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xBA644000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xBA612000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0x96016000 Size: 353792 File Visible: - Signed: -
Status: -

Name: sthda.sys
Image Path: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0xA50B3000 Size: 1111840 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBADE2000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xBA0EF000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA4FB3000 Size: 361600 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA4FB3000 Size: 361600 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBAC30000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA968000 Size: 40704 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\WINDOWS\System32\TSDDD.dll
Address: 0xBFF50000 Size: 12288 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB97FC000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0x994A6000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBADE6000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBAC20000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA15F000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB98FD000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xBAB60000 Size: 25856 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xA18C9000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBAC18000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBABE0000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9961000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA8E8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: vsdatant.sys
Image Path: C:\WINDOWS\System32\vsdatant.sys
Address: 0xA4EE4000 Size: 526592 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xB947B000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0x98BC3000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0x9615B000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBADAA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xBA5E8000 Size: 77568 File Visible: - Signed: -
Status: -

BC AdBot (Login to Remove)

 


#2 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:03:57 PM

Posted 10 July 2010 - 10:42 PM

Hey,
Just something that might help us to figure out what's going on. Maybe post the logs of the scanners that you have already used AKA malwarebytes, adaware, and any others. That way staff and other members can review them and get a feel for the nature of the malware that may or may not be causing this.

Regards,
Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#3 junyajax

junyajax
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 10 July 2010 - 10:51 PM

Hey,
Just something that might help us to figure out what's going on. Maybe post the logs of the scanners that you have already used AKA malwarebytes, adaware, and any others. That way staff and other members can review them and get a feel for the nature of the malware that may or may not be causing this.

Regards,
Chromebuster


Yeah thats a good idea. I'll see what I can find.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:57 PM

Posted 10 July 2010 - 10:56 PM

Hello, this looks like a new piece of malware called Bootkit Whistler. This is a piece of malware that alters the Master Boot Record of your Harddisk. Once done that it can facilitate all kinds of malware.

To confirm this, do the following:

In case you don't have an archive extracter installed already:
Please download 7zip and install the program on your computer (we need this program in order to be able to unzip the tool that can delete Bootkit Whistler).

When 7zip is succesfully installed, please download bootkit_remover.rar and save the file to your desktop.

Right click on the file and select "extract/unzip here".

This will create two readme files and remover.exe on your desktop.
Double click on remover.exe; a command window will open. Please copy/paste the text under "MBR Status" and post that in your next reply




Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.
Before you save it rename it to say zztoy.exe


alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 junyajax

junyajax
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 10 July 2010 - 10:58 PM

Here is my first Malwarebytes log. I have run 5 more since without a detection.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4286

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/6/2010 7:19:34 PM
mbam-log-2010-07-06 (19-19-34).txt

Scan type: Quick scan
Objects scanned: 161894
Time elapsed: 12 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproductsinstaller.start (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproductsinstaller.start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d4db7d1-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d4db7d3-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{1d4db7d0-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\FunWebProducts\Installr\2.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Betty\Local Settings\Temporary Internet Files\Content.IE5\0K0BXU68\n002106201304r0409J11000601R9a2c4794W160c5afaX5afb4b9bY16f9c6c5Z0100f0800[1] (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.
C:\Documents and Settings\Betty\Local Settings\Temporary Internet Files\Content.IE5\PVE8XYIR\n002106201304r0409J11000601R9a2c4794W160c5afaX5afb4b9bY16f9c6c5Z0100f0801[1] (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\2.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:57 PM

Posted 10 July 2010 - 11:03 PM

It,neds to run the latesty database to be sure. I am out now but will look back in the morning.
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 junyajax

junyajax
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 10 July 2010 - 11:06 PM

Boopme- This is what I got when I opened the .exe file. Where should I go from here?



Bootkit Remover version 1.0.0.1
© 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 454f8f8f464d74f8b4b6306cbff41597

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Press any key to quit...

#8 junyajax

junyajax
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 11 July 2010 - 12:35 AM

Boopme, this is my latest Malwarebytes scan.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4301

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

7/10/2010 10:25:30 PM
mbam-log-2010-07-10 (22-25-30).txt

Scan type: Quick scan
Objects scanned: 174923
Time elapsed: 11 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\dUXS.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1B13LMVH\n002106204r0409R18677f57X6715c9caY2b2d2878Z0100f06030dP000001090[1] (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\T64U71XS\n002106204r0409R18677f57X6715c9caY2b2d2878Z0100f06030dP000001091[1] (Rootkit.TDSS) -> Quarantined and deleted successfully.

#9 junyajax

junyajax
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 11 July 2010 - 01:22 AM

Here is the log for SAS from the scan in safemode. I did notice that I accidentally ran a quick scan, and not a full scan. I will go back and complete a full just in case you need it.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/10/2010 at 11:06 PM

Application Version : 4.40.1002

Core Rules Database Version : 5181
Trace Rules Database Version: 2993

Scan type : Quick Scan
Total Scan Time : 00:10:20

Memory items scanned : 291
Memory threats detected : 0
Registry items scanned : 1209
Registry threats detected : 0
File items scanned : 14366
File threats detected : 32

Adware.Tracking Cookie
core.insightexpressai.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\GSFYFTCE ]
s0.2mdn.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\GSFYFTCE ]
core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\FBDYEA9G ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\FBDYEA9G ]
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adecn[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bcserving[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.mefeedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@eas.apm.emediate[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@edgeadx[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@oasn04.247realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@rotator.adjuggler[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[1].txt
core.insightexpressai.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\5FLP72HD ]
crackle.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\5FLP72HD ]
s0.2mdn.net [ C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\5FLP72HD ]
video.redorbit.com [ C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\5FLP72HD ]
C:\WINDOWS\system32\config\systemprofile\Cookies\system@content.yieldmanager[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@crackle[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@lucidmedia[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@media6degrees[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ru4[2].txt

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:57 PM

Posted 11 July 2010 - 10:36 AM

Hi,pleaae run TDDS Killer
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)


    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 junyajax

junyajax
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 11 July 2010 - 01:47 PM

Alright Boop here ya go.


TDSS rootkit removing tool, Kaspersky Lab, 2010
version 2.3.2.2 Jun 30 2010 17:23:49

Scanning Services ...

Scanning Drivers ...

Completed

Results:
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 0 / 0 / 0

Press any key to continue . . .

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:57 PM

Posted 11 July 2010 - 09:17 PM

Hello, we need to move to the Malware Removal section.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks. Title it possible Bootkit.
If Gmer won't run,skip it and move on.

Also include this... Copy/ Paste what's in the box.. Answer the 3 questions after pasting. .

Bootkit Remover version 1.0.0.1
© 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
MD5: 454f8f8f464d74f8b4b6306cbff41597

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Press any key to quit...


And answer these questions...
[b]•Is this a DELL computer?
•You have 2 hard drives on this computer, correct?
•Do you have multiple operating systems installed?[/b]



Let me know if that went well.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:57 PM

Posted 13 July 2010 - 11:16 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/331490/possible-bookit/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users