Jump to content

swimfinz

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. OOPS! Realized belatedly that maybe it was not too smart to post my Hijack this log. I apologize. Kinda sleep deprived. Here is a summary of all the smart and not-so-smart routes I took. I feel like one of those battery toys that keeps smacking into a wall. Backs up and does the same thing repeatedly! Any help would be appreciated.... Hiya Everyone...............am glad you guys even HOST this forum! Here is my chain of sordid events: I have avira antivirus software. It works great. I was downloading a song from LimeWire. Turned out to be a trojan horse. I think (not sure) is was a Vundo Trojan. Yes, I overode the warnings. Bonehead Move Supreme. One of many. All sorts of adware began hogging my Acer Netbook screen. False ads to buy Registry Defender. You name it, I got hit with it.....False positives, etc. I could not even use my computer due to the spew pf spam and pop ups and ads. Endless and horrifying. I was tempted to Frisbee my Acer Netbook outta a tall building. I have a MacBook that I used for downloading any fix it approaches. This is because as as soon as I got near Google (or try to), on my Acer, the trojan would hijacks my searches to prevent any solutions from running. I tried running Malwarebytes scan. Could not. Blocked. Same with Trend's Hijack This! All fine tools but whatever I had snuffed them out before they could work their magic. Frustrated, I did nothing for a few days. Or was it weeks? Then did something even a Bonehead would cringe at: went to Google on my MacBook and downloaded this Pareto File that promised to fix my Vundo trojan. I downloaded it from Net to a thumbdrive and installed this onto my Acer. The Avira Antivirus software alarms went nutso, stating that this was TR/Dldr.Tracur.B25 Trojan. I did not run nor open it, but did dump into my Recycle Bin on my Acer. From then on, could not even access my desktop! I was FLOODED with endless and hundreds of avira alarms stating that I had the TR/Dldr.Tracur.B25 trojan. I was hosed. Could not do a thing. More sleepness nights. No hair and no fingernails left. Finally booted up, tapping F2. Thsi gave me some room to manuver. Now I can find my dekstop again. I ran Malwarebytes Scan, but it halts just as it ramps up. Before, I could not even do this. I can run a HiJack This scan and a ComboFix scan. In fact, I did and have them saved to an email sent to myself. Now I am stumped. What do I do now? many thanks in advance.......
  2. whoa..anyone.....I have been besieged. Almost tossed Acer NetBook into the trash. Just overwhelmed with a multitude of I-don't-know-what. Ran Hijack this and here is log. What do I do next? I tried running Malwarebytes and its scan starts, then hangs..... The "2552" date is Thai setting for 2009 swimfinz Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:31:35, on 19/9/2552 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\EZWatch Pro 3.1 HD 1400AS\EzRServer.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\jmbodhi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\DOCUME~1\jmbodhi\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com:80/root/campaign.asp?cid=48653 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [EzRServer] C:\Program Files\EZWatch Pro 3.1 HD 1400AS\EzRServer.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jmbodhi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [A00F2B7DC.exe] C:\DOCUME~1\jmbodhi\LOCALS~1\Temp\_A00F2B7DC.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: __c002D2CA - C:\WINDOWS\system32\__c002D2CA.dat O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 10052 bytes
  3. Thanks for your assistance. I ran through many check lists and noting seems to pull up the MBAM window to run or upate or scan my system. I still get spammed (internally) with many windows selling stuff and offering bogus security measures. I did download the Root Repeal toolkit and ran a scan o fmy system. Anything to do next? Thanks again...should I erase any of the following files? swimfinz ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/30 01:17 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: ABP480N5.SYS Image Path: ABP480N5.SYS Address: 0xF796F000 Size: 23552 File Visible: - Signed: - Status: - Name: ACPI.sys Image Path: ACPI.sys Address: 0xF7658000 Size: 187776 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x804D7000 Size: 2260992 File Visible: - Signed: - Status: - Name: ACPIEC.sys Image Path: ACPIEC.sys Address: 0xF7AC3000 Size: 11648 File Visible: - Signed: - Status: - Name: adpu160m.sys Image Path: adpu160m.sys Address: 0xF75DF000 Size: 101888 File Visible: - Signed: - Status: - Name: afd.sys Image Path: C:\WINDOWS\System32\drivers\afd.sys Address: 0xA9153000 Size: 138496 File Visible: - Signed: - Status: - Name: agp440.sys Image Path: agp440.sys Address: 0xF77C7000 Size: 42368 File Visible: - Signed: - Status: - Name: agpCPQ.sys Image Path: agpCPQ.sys Address: 0xF77D7000 Size: 44928 File Visible: - Signed: - Status: - Name: aha154x.sys Image Path: aha154x.sys Address: 0xF7ACB000 Size: 12800 File Visible: - Signed: - Status: - Name: aic78u2.sys Image Path: aic78u2.sys Address: 0xF7707000 Size: 55168 File Visible: - Signed: - Status: - Name: aic78xx.sys Image Path: aic78xx.sys Address: 0xF76D7000 Size: 56960 File Visible: - Signed: - Status: - Name: aliide.sys Image Path: aliide.sys Address: 0xF7BAB000 Size: 5248 File Visible: - Signed: - Status: - Name: alim1541.sys Image Path: alim1541.sys Address: 0xF77A7000 Size: 42752 File Visible: - Signed: - Status: - Name: amdagp.sys Image Path: amdagp.sys Address: 0xF77B7000 Size: 43008 File Visible: - Signed: - Status: - Name: amsint.sys Image Path: amsint.sys Address: 0xF7AD7000 Size: 12032 File Visible: - Signed: - Status: - Name: asc.sys Image Path: asc.sys Address: 0xF793F000 Size: 26496 File Visible: - Signed: - Status: - Name: asc3350p.sys Image Path: asc3350p.sys Address: 0xF7977000 Size: 22400 File Visible: - Signed: - Status: - Name: asc3550.sys Image Path: asc3550.sys Address: 0xF7ADB000 Size: 14848 File Visible: - Signed: - Status: - Name: atapi.sys Image Path: atapi.sys Address: 0xF75F8000 Size: 96512 File Visible: - Signed: - Status: - Name: athw.sys Image Path: C:\WINDOWS\system32\DRIVERS\athw.sys Address: 0xF6C36000 Size: 1312576 File Visible: - Signed: - Status: - Name: ATMFD.DLL Image Path: C:\WINDOWS\System32\ATMFD.DLL Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: - Status: - Name: audstub.sys Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xF7D78000 Size: 3072 File Visible: - Signed: - Status: - Name: avgio.sys Image Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys Address: 0xF7BF5000 Size: 6144 File Visible: - Signed: - Status: - Name: avgntflt.sys Image Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys Address: 0xA881B000 Size: 81920 File Visible: - Signed: - Status: - Name: avipbb.sys Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys Address: 0xA8E81000 Size: 69632 File Visible: - Signed: - Status: - Name: BATTC.SYS Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS Address: 0xF7ABF000 Size: 16384 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xF7BED000 Size: 4224 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\WINDOWS\system32\BOOTVID.dll Address: 0xF7AB7000 Size: 12288 File Visible: - Signed: - Status: - Name: cbidf2k.sys Image Path: cbidf2k.sys Address: 0xF7AE3000 Size: 13952 File Visible: - Signed: - Status: - Name: cd20xrnt.sys Image Path: cd20xrnt.sys Address: 0xF7BB5000 Size: 7680 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xF7767000 Size: 53248 File Visible: - Signed: - Status: - Name: CmBatt.sys Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys Address: 0xF7B97000 Size: 13952 File Visible: - Signed: - Status: - Name: cmdide.sys Image Path: cmdide.sys Address: 0xF7BAD000 Size: 6656 File Visible: - Signed: - Status: - Name: compbatt.sys Image Path: compbatt.sys Address: 0xF7ABB000 Size: 10240 File Visible: - Signed: - Status: - Name: cpqarray.sys Image Path: cpqarray.sys Address: 0xF7AC7000 Size: 14976 File Visible: - Signed: - Status: - Name: dac2w2k.sys Image Path: dac2w2k.sys Address: 0xF75B3000 Size: 179584 File Visible: - Signed: - Status: - Name: dac960nt.sys Image Path: dac960nt.sys Address: 0xF7AD3000 Size: 14720 File Visible: - Signed: - Status: - Name: disk.sys Image Path: disk.sys Address: 0xF7757000 Size: 36352 File Visible: - Signed: - Status: - Name: DKbFltr.sys Image Path: C:\WINDOWS\system32\DRIVERS\DKbFltr.sys Address: 0xF7A7F000 Size: 16896 File Visible: - Signed: - Status: - Name: dpti2o.sys Image Path: dpti2o.sys Address: 0xF797F000 Size: 20192 File Visible: - Signed: - Status: - Name: drmk.sys Image Path: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xF7817000 Size: 61440 File Visible: - Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA8C94000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7C11000 Size: 8192 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xAA21B000 Size: 12288 File Visible: - Signed: - Status: - Name: dxg.sys Image Path: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF000000 Size: 73728 File Visible: - Signed: - Status: - Name: dxgthk.sys Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xF7D5D000 Size: 4096 File Visible: - Signed: - Status: - Name: Fastfat.SYS Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS Address: 0xA7B97000 Size: 143744 File Visible: - Signed: - Status: - Name: Fips.SYS Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xF7897000 Size: 44544 File Visible: - Signed: - Status: - Name: fltMgr.sys Image Path: fltMgr.sys Address: 0xF7593000 Size: 129792 File Visible: - Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xF7BEB000 Size: 7936 File Visible: - Signed: - Status: - Name: ftdisk.sys Image Path: ftdisk.sys Address: 0xF7628000 Size: 125056 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\WINDOWS\system32\hal.dll Address: 0x806FF000 Size: 134400 File Visible: - Signed: - Status: - Name: HDAudBus.sys Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys Address: 0xF6D92000 Size: 163840 File Visible: - Signed: - Status: - Name: HIDCLASS.SYS Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS Address: 0xF78A7000 Size: 36864 File Visible: - Signed: - Status: - Name: HIDPARSE.SYS Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS Address: 0xF7A2F000 Size: 28672 File Visible: - Signed: - Status: - Name: hidusb.sys Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys Address: 0xF7B8F000 Size: 10368 File Visible: - Signed: - Status: - Name: hpn.sys Image Path: hpn.sys Address: 0xF798F000 Size: 25952 File Visible: - Signed: - Status: - Name: HTTP.sys Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xA7F2B000 Size: 264832 File Visible: - Signed: - Status: - Name: i2omgmt.SYS Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS Address: 0xF7B6B000 Size: 8576 File Visible: - Signed: - Status: - Name: i2omp.sys Image Path: i2omp.sys Address: 0xF794F000 Size: 18560 File Visible: - Signed: - Status: - Name: i8042prt.sys Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys Address: 0xF740E000 Size: 52480 File Visible: - Signed: - Status: - Name: igxpdv32.DLL Image Path: C:\WINDOWS\System32\igxpdv32.DLL Address: 0xBF04F000 Size: 1671168 File Visible: - Signed: - Status: - Name: igxpdx32.DLL Image Path: C:\WINDOWS\System32\igxpdx32.DLL Address: 0xBF1E7000 Size: 2699264 File Visible: - Signed: - Status: - Name: igxpgd32.dll Image Path: C:\WINDOWS\System32\igxpgd32.dll Address: 0xBF024000 Size: 176128 File Visible: - Signed: - Status: - Name: igxpmp32.sys Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys Address: 0xF6DCE000 Size: 5854752 File Visible: - Signed: - Status: - Name: igxprd32.dll Image Path: C:\WINDOWS\System32\igxprd32.dll Address: 0xBF012000 Size: 73728 File Visible: - Signed: - Status: - Name: ini910u.sys Image Path: ini910u.sys Address: 0xF7ADF000 Size: 16000 File Visible: - Signed: - Status: - Name: int15.sys Image Path: C:\Acer\Empowering Technology\eRecovery\int15.sys Address: 0xA79A3000 Size: 69632 File Visible: - Signed: - Status: - Name: intelide.sys Image Path: intelide.sys Address: 0xF7BB3000 Size: 5504 File Visible: - Signed: - Status: - Name: intelppm.sys Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys Address: 0xF741E000 Size: 36352 File Visible: - Signed: - Status: - Name: ipnat.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xA9175000 Size: 152832 File Visible: - Signed: - Status: - Name: ipsec.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xA921C000 Size: 75264 File Visible: - Signed: - Status: - Name: isapnp.sys Image Path: isapnp.sys Address: 0xF76A7000 Size: 37248 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xF7A87000 Size: 24576 File Visible: - Signed: - Status: - Name: KDCOM.DLL Image Path: C:\WINDOWS\system32\KDCOM.DLL Address: 0xF7BA7000 Size: 8192 File Visible: - Signed: - Status: - Name: kmixer.sys Image Path: C:\WINDOWS\system32\drivers\kmixer.sys Address: 0xA6655000 Size: 172416 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys Address: 0xF6B90000 Size: 143360 File Visible: - Signed: - Status: - Name: KSecDD.sys Image Path: KSecDD.sys Address: 0xF756A000 Size: 92928 File Visible: - Signed: - Status: - Name: mnmdd.SYS Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xF7BEF000 Size: 4224 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xF7A8F000 Size: 23040 File Visible: - Signed: - Status: - Name: mouhid.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys Address: 0xF7B93000 Size: 12160 File Visible: - Signed: - Status: - Name: MountMgr.sys Image Path: MountMgr.sys Address: 0xF76B7000 Size: 42368 File Visible: - Signed: - Status: - Name: mraid35x.sys Image Path: mraid35x.sys Address: 0xF7947000 Size: 17280 File Visible: - Signed: - Status: - Name: mrxdav.sys Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Address: 0xA887F000 Size: 180608 File Visible: - Signed: - Status: - Name: mrxsmb.sys Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xA8E92000 Size: 455296 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xF79D7000 Size: 19072 File Visible: - Signed: - Status: - Name: msgpc.sys Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xF73CE000 Size: 35072 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xF746E000 Size: 15488 File Visible: - Signed: - Status: - Name: Mup.sys Image Path: Mup.sys Address: 0xF7496000 Size: 105344 File Visible: - Signed: - Status: - Name: NDIS.sys Image Path: NDIS.sys Address: 0xF74B0000 Size: 182656 File Visible: - Signed: - Status: - Name: ndistapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xF7B9F000 Size: 10112 File Visible: - Signed: - Status: - Name: ndisuio.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xA8B90000 Size: 14592 File Visible: - Signed: - Status: - Name: ndiswan.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xF6BC4000 Size: 91520 File Visible: - Signed: - Status: - Name: NDProxy.SYS Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xF73AE000 Size: 40576 File Visible: - Signed: - Status: - Name: netbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xF7867000 Size: 34688 File Visible: - Signed: - Status: - Name: netbt.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xA919B000 Size: 162816 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xF79DF000 Size: 30848 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: Ntfs.sys Address: 0xF74DD000 Size: 574976 File Visible: - Signed: - Status: - Name: ntoskrnl.exe Image Path: C:\WINDOWS\system32\ntoskrnl.exe Address: 0x804D7000 Size: 2260992 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xF7C8D000 Size: 2944 File Visible: - Signed: - Status: - Name: OPRGHDLR.SYS Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS Address: 0xF7C70000 Size: 4096 File Visible: - Signed: - Status: - Name: PartMgr.sys Image Path: PartMgr.sys Address: 0xF792F000 Size: 19712 File Visible: - Signed: - Status: - Name: pci.sys Image Path: pci.sys Address: 0xF7647000 Size: 68224 File Visible: - Signed: - Status: - Name: pciide.sys Image Path: pciide.sys Address: 0xF7C6F000 Size: 3328 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xF7927000 Size: 28672 File Visible: - Signed: - Status: - Name: perc2.sys Image Path: perc2.sys Address: 0xF7987000 Size: 27296 File Visible: - Signed: - Status: - Name: perc2hib.sys Image Path: perc2hib.sys Address: 0xF7BB7000 Size: 5504 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x804D7000 Size: 2260992 File Visible: - Signed: - Status: - Name: portcls.sys Image Path: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xAA23F000 Size: 147456 File Visible: - Signed: - Status: - Name: PROCEXP113.SYS Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Address: 0xF7BCF000 Size: 7872 File Visible: No Signed: - Status: - Name: psched.sys Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xF6BB3000 Size: 69120 File Visible: - Signed: - Status: - Name: ptilink.sys Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xF7A9F000 Size: 17792 File Visible: - Signed: - Status: - Name: PxHelp20.sys Image Path: PxHelp20.sys Address: 0xF7777000 Size: 36320 File Visible: - Signed: - Status: - Name: ql1080.sys Image Path: ql1080.sys Address: 0xF7727000 Size: 40320 File Visible: - Signed: - Status: - Name: ql10wnt.sys Image Path: ql10wnt.sys Address: 0xF76E7000 Size: 33152 File Visible: - Signed: - Status: - Name: ql12160.sys Image Path: ql12160.sys Address: 0xF7747000 Size: 45312 File Visible: - Signed: - Status: - Name: ql1240.sys Image Path: ql1240.sys Address: 0xF76F7000 Size: 40448 File Visible: - Signed: - Status: - Name: ql1280.sys Image Path: ql1280.sys Address: 0xF7737000 Size: 49024 File Visible: - Signed: - Status: - Name: rasacd.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xF7B6F000 Size: 8832 File Visible: - Signed: - Status: - Name: rasl2tp.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xF73FE000 Size: 51328 File Visible: - Signed: - Status: - Name: raspppoe.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xF73EE000 Size: 41472 File Visible: - Signed: - Status: - Name: raspptp.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xF73DE000 Size: 48384 File Visible: - Signed: - Status: - Name: raspti.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xF7AA7000 Size: 16512 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x804D7000 Size: 2260992 File Visible: - Signed: - Status: - Name: rdbss.sys Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xA8F02000 Size: 175744 File Visible: - Signed: - Status: - Name: RDPCDD.sys Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xF7BF1000 Size: 4224 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA629B000 Size: 49152 File Visible: No Signed: - Status: - Name: Rtenicxp.sys Image Path: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys Address: 0xF6D77000 Size: 108800 File Visible: - Signed: - Status: - Name: RtkHDAud.sys Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys Address: 0xAA263000 Size: 4968448 File Visible: - Signed: - Status: - Name: SASKUTIL.sys Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys Address: 0xA8F2D000 Size: 151552 File Visible: No Signed: - Status: - Name: SCSIPORT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS Address: 0xF7610000 Size: 98304 File Visible: - Signed: - Status: - Name: sisagp.sys Image Path: sisagp.sys Address: 0xF7787000 Size: 40960 File Visible: - Signed: - Status: - Name: sncduvc.SYS Image Path: C:\WINDOWS\system32\DRIVERS\sncduvc.SYS Address: 0xF79E7000 Size: 28672 File Visible: - Signed: - Status: - Name: snp2uvc.sys Image Path: C:\WINDOWS\system32\DRIVERS\snp2uvc.sys Address: 0xA8FA2000 Size: 1769984 File Visible: - Signed: - Status: - Name: sparrow.sys Image Path: sparrow.sys Address: 0xF7937000 Size: 19072 File Visible: - Signed: - Status: - Name: sr.sys Image Path: sr.sys Address: 0xF7581000 Size: 73472 File Visible: - Signed: - Status: - Name: srv.sys Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xA86B1000 Size: 333952 File Visible: - Signed: - Status: - Name: ssmdrv.sys Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys Address: 0xF79EF000 Size: 22656 File Visible: - Signed: - Status: - Name: STREAM.SYS Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS Address: 0xF7857000 Size: 53248 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xF7BE1000 Size: 4352 File Visible: - Signed: - Status: - Name: sym_hi.sys Image Path: sym_hi.sys Address: 0xF795F000 Size: 28384 File Visible: - Signed: - Status: - Name: sym_u3.sys Image Path: sym_u3.sys Address: 0xF7967000 Size: 30688 File Visible: - Signed: - Status: - Name: symc810.sys Image Path: symc810.sys Address: 0xF7ACF000 Size: 16256 File Visible: - Signed: - Status: - Name: symc8xx.sys Image Path: symc8xx.sys Address: 0xF7957000 Size: 32640 File Visible: - Signed: - Status: - Name: SynTP.sys Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys Address: 0xF6BDB000 Size: 225024 File Visible: - Signed: - Status: - Name: sysaudio.sys Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xA84C1000 Size: 60800 File Visible: - Signed: - Status: - Name: tcpip.sys Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xA91C3000 Size: 361600 File Visible: - Signed: - Status: - Name: TDI.SYS Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xF7A97000 Size: 20480 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xF73BE000 Size: 40704 File Visible: - Signed: - Status: - Name: toside.sys Image Path: toside.sys Address: 0xF7BAF000 Size: 4992 File Visible: - Signed: - Status: - Name: ultra.sys Image Path: ultra.sys Address: 0xF7717000 Size: 36736 File Visible: - Signed: - Status: - Name: update.sys Image Path: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xF6B32000 Size: 384768 File Visible: - Signed: - Status: - Name: usbccgp.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys Address: 0xF7A27000 Size: 32128 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xF7BDF000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xF7A77000 Size: 30208 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xF7807000 Size: 59520 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xF6C12000 Size: 147456 File Visible: - Signed: - Status: - Name: usbuhci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Address: 0xF7A6F000 Size: 20608 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\WINDOWS\System32\drivers\vga.sys Address: 0xF79CF000 Size: 20992 File Visible: - Signed: - Status: - Name: viaagp.sys Image Path: viaagp.sys Address: 0xF7797000 Size: 42240 File Visible: - Signed: - Status: - Name: viaide.sys Image Path: viaide.sys Address: 0xF7BB1000 Size: 5376 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xF6DBA000 Size: 81920 File Visible: - Signed: - Status: - Name: VolSnap.sys Image Path: VolSnap.sys Address: 0xF76C7000 Size: 52352 File Visible: - Signed: - Status: - Name: wanarp.sys Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xF7847000 Size: 34560 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\WINDOWS\System32\watchdog.sys Address: 0xF7AAF000 Size: 20480 File Visible: - Signed: - Status: - Name: wdmaud.sys Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xA841C000 Size: 83072 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0xBF800000 Size: 1847296 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1847296 File Visible: - Signed: - Status: - Name: wmiacpi.sys Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys Address: 0xF7B9B000 Size: 8832 File Visible: - Signed: - Status: - Name: WMILIB.SYS Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS Address: 0xF7BA9000 Size: 8192 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x804D7000 Size: 2260992 File Visible: - Signed: - Status: -
  4. Hiya... thanks for you prompt reply. I know I am doing something wrong here..... cut and pasted the Win 32 log: Log file is located at: C:\Documents and Settings\jmbodhi\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!
  5. Hiya Support Group.... I've tried all and have hit a wall. I believe I am supposed to post my logs here? Many thanks, swimfinz I've been reading and trying eveything. Am fried. Ant-Malware will not install, same with HJT. Scratching my head, hard. Ran the log report. Is this the place to post this info? What do I do next? Thanks in advance...swimfinz ROOTREPEAL
  6. I've been reading and trying eveything. Am fried. Ant-Malware will not install, same with HJT. Scratching my head, hard. Ran the log report. Is this the place to post this info? What do I do next? Thanks in advance...swimfinz ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/23 03:07 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA8E41000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7BED000 Size: 8192 File Visible: No Signed: - Status: - Name: PROCEXP113.SYS Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Address: 0xF7BBF000 Size: 7872 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA7037000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 053 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0xf7d4c95c #: 122 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0xf7d4c948 #: 128 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0xf7d4c94d #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xa91370b0 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "<unknown>" at address 0xf7d4c952 ==EOF==
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.