Jump to content

Recommended Posts

First let me say thank you for taking the time to help me. I greatly appreciate it.

My desktop computer has a virus that won't allow me to open any programs, when I try to open them from the desktop a popup appears asking me which program I want to use to open it. Internet Explorer is the only option. Using safe mode I am able to open malwarebytes, only by running it as administrator, but when I try to run a scan an error box pops up that says: "Run-time error '13': Type mismatch". I've looked all over to try and find a solution, but the ones I've found don't work so I'm making my own post. I apologize if you have answered this question before. In my search for answers a forum suggested running RootRepeal and asked for the report to be posted, here it is: Thank you so much for any help you can give!

In my previous post it was suggested that I use:fixncr.reg and Rkill. I used both of them but to no avail. Thats when AdvancedSetup sent me to you :)

I'm attaching the requested documents.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2012/01/02 22:50

Program Version: Version 1.3.5.0

Windows Version: Windows Vista SP1

==================================================

Drivers

-------------------

Name: 1394BUS.SYS

Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS

Address: 0x8A7C1000 Size: 57344 File Visible: - Signed: -

Status: -

Name: <empty>

Image Path: <empty>

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: acpi.sys

Image Path: C:\Windows\system32\drivers\acpi.sys

Address: 0x80692000 Size: 286720 File Visible: - Signed: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x82441000 Size: 3903488 File Visible: - Signed: -

Status: -

Name: afd.sys

Image Path: C:\Windows\system32\drivers\afd.sys

Address: 0x8E563000 Size: 294912 File Visible: - Signed: -

Status: -

Name: Beep.SYS

Image Path: C:\Windows\System32\Drivers\Beep.SYS

Address: 0x8E49C000 Size: 28672 File Visible: - Signed: -

Status: -

Name: BOOTVID.dll

Image Path: C:\Windows\system32\BOOTVID.dll

Address: 0x80488000 Size: 32768 File Visible: - Signed: -

Status: -

Name: bowser.sys

Image Path: C:\Windows\system32\DRIVERS\bowser.sys

Address: 0x8A90A000 Size: 102400 File Visible: - Signed: -

Status: -

Name: cdrom.sys

Image Path: C:\Windows\system32\DRIVERS\cdrom.sys

Address: 0x82B8E000 Size: 98304 File Visible: - Signed: -

Status: -

Name: CI.dll

Image Path: C:\Windows\system32\CI.dll

Address: 0x804D1000 Size: 917504 File Visible: - Signed: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS

Address: 0x8AB99000 Size: 135168 File Visible: - Signed: -

Status: -

Name: CLFS.SYS

Image Path: C:\Windows\system32\CLFS.SYS

Address: 0x80490000 Size: 266240 File Visible: - Signed: -

Status: -

Name: crashdmp.sys

Image Path: C:\Windows\System32\Drivers\crashdmp.sys

Address: 0x8E6C9000 Size: 53248 File Visible: - Signed: -

Status: -

Name: crcdisk.sys

Image Path: C:\Windows\system32\drivers\crcdisk.sys

Address: 0x8ABBA000 Size: 36864 File Visible: - Signed: -

Status: -

Name: dfsc.sys

Image Path: C:\Windows\System32\Drivers\dfsc.sys

Address: 0x8E663000 Size: 94208 File Visible: - Signed: -

Status: -

Name: dfsc.sys

Image Path: C:\Windows\System32\Drivers\dfsc.sys

Address: 0x8E649000 Size: 106496 File Visible: - Signed: -

Status: Hidden from the Windows API!

Name: disk.sys

Image Path: C:\Windows\system32\drivers\disk.sys

Address: 0x8AB88000 Size: 69632 File Visible: - Signed: -

Status: -

Name: dump_iaStor.sys

Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys

Address: 0x8E6D6000 Size: 815104 File Visible: No Signed: -

Status: -

Name: Dxapi.sys

Image Path: C:\Windows\System32\drivers\Dxapi.sys

Address: 0x8E79D000 Size: 40960 File Visible: - Signed: -

Status: -

Name: dxg.sys

Image Path: C:\Windows\System32\drivers\dxg.sys

Address: 0x93420000 Size: 94208 File Visible: - Signed: -

Status: -

Name: ecache.sys

Image Path: C:\Windows\System32\drivers\ecache.sys

Address: 0x8AB61000 Size: 159744 File Visible: - Signed: -

Status: -

Name: fastfat.SYS

Image Path: C:\Windows\System32\Drivers\fastfat.SYS

Address: 0x8E7AB000 Size: 163840 File Visible: - Signed: -

Status: -

Name: fileinfo.sys

Image Path: C:\Windows\system32\drivers\fileinfo.sys

Address: 0x82B04000 Size: 65536 File Visible: - Signed: -

Status: -

Name: fltmgr.sys

Image Path: C:\Windows\system32\drivers\fltmgr.sys

Address: 0x82AD2000 Size: 204800 File Visible: - Signed: -

Status: -

Name: framebuf.dll

Image Path: C:\Windows\System32\framebuf.dll

Address: 0x934D0000 Size: 32768 File Visible: - Signed: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS

Address: 0x8E48C000 Size: 36864 File Visible: - Signed: -

Status: -

Name: fwpkclnt.sys

Image Path: C:\Windows\System32\drivers\fwpkclnt.sys

Address: 0x8A8EF000 Size: 110592 File Visible: - Signed: -

Status: -

Name: GEARAspiWDM.sys

Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

Address: 0x8AB4F000 Size: 9984 File Visible: - Signed: -

Status: -

Name: hal.dll

Image Path: C:\Windows\system32\hal.dll

Address: 0x8240E000 Size: 208896 File Visible: - Signed: -

Status: -

Name: HDAudBus.sys

Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys

Address: 0x8A9D1000 Size: 73728 File Visible: - Signed: -

Status: -

Name: HIDCLASS.SYS

Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS

Address: 0x8E5D8000 Size: 65536 File Visible: - Signed: -

Status: -

Name: HIDPARSE.SYS

Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS

Address: 0x8E5E8000 Size: 28672 File Visible: - Signed: -

Status: -

Name: hidusb.sys

Image Path: C:\Windows\system32\DRIVERS\hidusb.sys

Address: 0x8E5CF000 Size: 36864 File Visible: - Signed: -

Status: -

Name: i8042prt.sys

Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys

Address: 0x8A7CF000 Size: 77824 File Visible: - Signed: -

Status: -

Name: iastor.sys

Image Path: C:\Windows\system32\drivers\iastor.sys

Address: 0x82A0B000 Size: 815104 File Visible: - Signed: -

Status: -

Name: kbdclass.sys

Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys

Address: 0x8A7E2000 Size: 45056 File Visible: - Signed: -

Status: -

Name: kdcom.dll

Image Path: C:\Windows\system32\kdcom.dll

Address: 0x8040F000 Size: 32768 File Visible: - Signed: -

Status: -

Name: ks.sys

Image Path: C:\Windows\system32\DRIVERS\ks.sys

Address: 0x8E406000 Size: 172032 File Visible: - Signed: -

Status: -

Name: ksecdd.sys

Image Path: C:\Windows\System32\Drivers\ksecdd.sys

Address: 0x82B1D000 Size: 462848 File Visible: - Signed: -

Status: -

Name: mcupdate_GenuineIntel.dll

Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll

Address: 0x80417000 Size: 393216 File Visible: - Signed: -

Status: -

Name: mouclass.sys

Image Path: C:\Windows\system32\DRIVERS\mouclass.sys

Address: 0x82A00000 Size: 45056 File Visible: - Signed: -

Status: -

Name: mouhid.sys

Image Path: C:\Windows\system32\DRIVERS\mouhid.sys

Address: 0x8ABC3000 Size: 32768 File Visible: - Signed: -

Status: -

Name: mountmgr.sys

Image Path: C:\Windows\System32\drivers\mountmgr.sys

Address: 0x80778000 Size: 65536 File Visible: - Signed: -

Status: -

Name: mrxsmb.sys

Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys

Address: 0x8A923000 Size: 126976 File Visible: - Signed: -

Status: -

Name: mrxsmb10.sys

Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys

Address: 0x8A942000 Size: 233472 File Visible: - Signed: -

Status: -

Name: mrxsmb20.sys

Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys

Address: 0x8A97B000 Size: 98304 File Visible: - Signed: -

Status: -

Name: Msfs.SYS

Image Path: C:\Windows\System32\Drivers\Msfs.SYS

Address: 0x8E4E5000 Size: 45056 File Visible: - Signed: -

Status: -

Name: msisadrv.sys

Image Path: C:\Windows\system32\drivers\msisadrv.sys

Address: 0x806E1000 Size: 32768 File Visible: - Signed: -

Status: -

Name: msiscsi.sys

Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys

Address: 0x82BA6000 Size: 188416 File Visible: - Signed: -

Status: -

Name: msrpc.sys

Image Path: C:\Windows\system32\drivers\msrpc.sys

Address: 0x8A70E000 Size: 176128 File Visible: - Signed: -

Status: -

Name: mssmbios.sys

Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys

Address: 0x8E430000 Size: 40960 File Visible: - Signed: -

Status: -

Name: mup.sys

Image Path: C:\Windows\System32\Drivers\mup.sys

Address: 0x8AB52000 Size: 61440 File Visible: - Signed: -

Status: -

Name: ndis.sys

Image Path: C:\Windows\system32\drivers\ndis.sys

Address: 0x8A603000 Size: 1093632 File Visible: - Signed: -

Status: -

Name: ndistapi.sys

Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys

Address: 0x82BEB000 Size: 45056 File Visible: - Signed: -

Status: -

Name: ndisuio.sys

Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys

Address: 0x8E5EF000 Size: 40960 File Visible: - Signed: -

Status: -

Name: ndiswan.sys

Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys

Address: 0x807C9000 Size: 143360 File Visible: - Signed: -

Status: -

Name: NDProxy.SYS

Image Path: C:\Windows\System32\Drivers\NDProxy.SYS

Address: 0x8E47B000 Size: 69632 File Visible: - Signed: -

Status: -

Name: netbios.sys

Image Path: C:\Windows\system32\DRIVERS\netbios.sys

Address: 0x8E5C1000 Size: 57344 File Visible: - Signed: -

Status: -

Name: netbt.sys

Image Path: C:\Windows\System32\DRIVERS\netbt.sys

Address: 0x8E531000 Size: 204800 File Visible: - Signed: -

Status: -

Name: NETIO.SYS

Image Path: C:\Windows\system32\drivers\NETIO.SYS

Address: 0x8A739000 Size: 237568 File Visible: - Signed: -

Status: -

Name: Npfs.SYS

Image Path: C:\Windows\System32\Drivers\Npfs.SYS

Address: 0x8E4F0000 Size: 57344 File Visible: - Signed: -

Status: -

Name: nsiproxy.sys

Image Path: C:\Windows\system32\drivers\nsiproxy.sys

Address: 0x8E63F000 Size: 40960 File Visible: - Signed: -

Status: -

Name: Ntfs.sys

Image Path: C:\Windows\System32\Drivers\Ntfs.sys

Address: 0x8AA02000 Size: 1110016 File Visible: - Signed: -

Status: -

Name: ntkrnlpa.exe

Image Path: C:\Windows\system32\ntkrnlpa.exe

Address: 0x82441000 Size: 3903488 File Visible: - Signed: -

Status: -

Name: Null.SYS

Image Path: C:\Windows\System32\Drivers\Null.SYS

Address: 0x8E495000 Size: 28672 File Visible: - Signed: -

Status: -

Name: nwifi.sys

Image Path: C:\Windows\system32\DRIVERS\nwifi.sys

Address: 0x8E7D3000 Size: 172032 File Visible: - Signed: -

Status: -

Name: ohci1394.sys

Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys

Address: 0x8A7B1000 Size: 61952 File Visible: - Signed: -

Status: -

Name: pacer.sys

Image Path: C:\Windows\system32\DRIVERS\pacer.sys

Address: 0x8E5AB000 Size: 90112 File Visible: - Signed: -

Status: -

Name: partmgr.sys

Image Path: C:\Windows\System32\drivers\partmgr.sys

Address: 0x80710000 Size: 61440 File Visible: - Signed: -

Status: -

Name: pci.sys

Image Path: C:\Windows\system32\drivers\pci.sys

Address: 0x806E9000 Size: 159744 File Visible: - Signed: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x82441000 Size: 3903488 File Visible: - Signed: -

Status: -

Name: PS2.sys

Image Path: C:\Windows\system32\DRIVERS\PS2.sys

Address: 0x8AB4A000 Size: 19072 File Visible: - Signed: -

Status: -

Name: PSHED.dll

Image Path: C:\Windows\system32\PSHED.dll

Address: 0x80477000 Size: 69632 File Visible: - Signed: -

Status: -

Name: PxHelp20.sys

Image Path: C:\Windows\System32\Drivers\PxHelp20.sys

Address: 0x82B14000 Size: 35712 File Visible: - Signed: -

Status: -

Name: rasacd.sys

Image Path: C:\Windows\System32\DRIVERS\rasacd.sys

Address: 0x8E4FE000 Size: 36864 File Visible: - Signed: -

Status: -

Name: rasl2tp.sys

Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys

Address: 0x82BD4000 Size: 94208 File Visible: - Signed: -

Status: -

Name: raspppoe.sys

Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys

Address: 0x807EC000 Size: 61440 File Visible: - Signed: -

Status: -

Name: raspptp.sys

Image Path: C:\Windows\system32\DRIVERS\raspptp.sys

Address: 0x805B1000 Size: 81920 File Visible: - Signed: -

Status: -

Name: rassstp.sys

Image Path: C:\Windows\system32\DRIVERS\rassstp.sys

Address: 0x805C5000 Size: 86016 File Visible: - Signed: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x82441000 Size: 3903488 File Visible: - Signed: -

Status: -

Name: rdbss.sys

Image Path: C:\Windows\system32\DRIVERS\rdbss.sys

Address: 0x8E603000 Size: 245760 File Visible: - Signed: -

Status: -

Name: rdpencdd.sys

Image Path: C:\Windows\system32\drivers\rdpencdd.sys

Address: 0x8E4DD000 Size: 32768 File Visible: - Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0x8A993000 Size: 49152 File Visible: No Signed: -

Status: -

Name: Rtlh86.sys

Image Path: C:\Windows\system32\DRIVERS\Rtlh86.sys

Address: 0x8A9E3000 Size: 114688 File Visible: - Signed: -

Status: -

Name: smb.sys

Image Path: C:\Windows\system32\DRIVERS\smb.sys

Address: 0x8E51D000 Size: 81920 File Visible: - Signed: -

Status: -

Name: storport.sys

Image Path: C:\Windows\system32\DRIVERS\storport.sys

Address: 0x80788000 Size: 266240 File Visible: - Signed: -

Status: -

Name: swenum.sys

Image Path: C:\Windows\system32\DRIVERS\swenum.sys

Address: 0x8ABFE000 Size: 4992 File Visible: - Signed: -

Status: -

Name: tcpip.sys

Image Path: C:\Windows\System32\drivers\tcpip.sys

Address: 0x8A806000 Size: 954368 File Visible: - Signed: -

Status: -

Name: TDI.SYS

Image Path: C:\Windows\system32\DRIVERS\TDI.SYS

Address: 0x8A7ED000 Size: 45056 File Visible: - Signed: -

Status: -

Name: tdx.sys

Image Path: C:\Windows\system32\DRIVERS\tdx.sys

Address: 0x8E507000 Size: 90112 File Visible: - Signed: -

Status: -

Name: termdd.sys

Image Path: C:\Windows\system32\DRIVERS\termdd.sys

Address: 0x805DA000 Size: 65536 File Visible: - Signed: -

Status: -

Name: TSDDD.dll

Image Path: C:\Windows\System32\TSDDD.dll

Address: 0x93450000 Size: 36864 File Visible: - Signed: -

Status: -

Name: tunmp.sys

Image Path: C:\Windows\system32\DRIVERS\tunmp.sys

Address: 0x8ABDB000 Size: 36864 File Visible: - Signed: -

Status: -

Name: tunnel.sys

Image Path: C:\Windows\system32\DRIVERS\tunnel.sys

Address: 0x8ABD0000 Size: 45056 File Visible: - Signed: -

Status: -

Name: udfs.sys

Image Path: C:\Windows\system32\DRIVERS\udfs.sys

Address: 0x8E67A000 Size: 241664 File Visible: - Signed: -

Status: -

Name: umbus.sys

Image Path: C:\Windows\system32\DRIVERS\umbus.sys

Address: 0x8E43A000 Size: 53248 File Visible: - Signed: -

Status: -

Name: USBD.SYS

Image Path: C:\Windows\system32\DRIVERS\USBD.SYS

Address: 0x8E6C7000 Size: 8192 File Visible: - Signed: -

Status: -

Name: usbehci.sys

Image Path: C:\Windows\system32\DRIVERS\usbehci.sys

Address: 0x8ABEF000 Size: 61440 File Visible: - Signed: -

Status: -

Name: usbhub.sys

Image Path: C:\Windows\system32\DRIVERS\usbhub.sys

Address: 0x8E447000 Size: 212992 File Visible: - Signed: -

Status: -

Name: USBPORT.SYS

Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS

Address: 0x8A773000 Size: 253952 File Visible: - Signed: -

Status: -

Name: USBSTOR.SYS

Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS

Address: 0x8E6B5000 Size: 73728 File Visible: - Signed: -

Status: -

Name: usbuhci.sys

Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys

Address: 0x8ABE4000 Size: 45056 File Visible: - Signed: -

Status: -

Name: vga.sys

Image Path: C:\Windows\System32\drivers\vga.sys

Address: 0x8E4A3000 Size: 49152 File Visible: - Signed: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS

Address: 0x8E4AF000 Size: 135168 File Visible: - Signed: -

Status: -

Name: volmgr.sys

Image Path: C:\Windows\system32\drivers\volmgr.sys

Address: 0x8071F000 Size: 61440 File Visible: - Signed: -

Status: -

Name: volmgrx.sys

Image Path: C:\Windows\System32\drivers\volmgrx.sys

Address: 0x8072E000 Size: 303104 File Visible: - Signed: -

Status: -

Name: volsnap.sys

Image Path: C:\Windows\system32\drivers\volsnap.sys

Address: 0x8AB11000 Size: 233472 File Visible: - Signed: -

Status: -

Name: watchdog.sys

Image Path: C:\Windows\System32\drivers\watchdog.sys

Address: 0x8E4D0000 Size: 53248 File Visible: - Signed: -

Status: -

Name: WCG200V2VistaI386.sys

Image Path: C:\Windows\system32\DRIVERS\WCG200V2VistaI386.sys

Address: 0x8E7A7000 Size: 14848 File Visible: - Signed: -

Status: -

Name: Wdf01000.sys

Image Path: C:\Windows\system32\drivers\Wdf01000.sys

Address: 0x80609000 Size: 507904 File Visible: - Signed: -

Status: -

Name: WDFLDR.SYS

Image Path: C:\Windows\system32\drivers\WDFLDR.SYS

Address: 0x80685000 Size: 53248 File Visible: - Signed: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0x93210000 Size: 2113536 File Visible: - Signed: -

Status: -

Name: win32k.sys

Image Path: C:\Windows\System32\win32k.sys

Address: 0x93210000 Size: 2113536 File Visible: - Signed: -

Status: -

Name: WMILIB.SYS

Image Path: C:\Windows\system32\drivers\WMILIB.SYS

Address: 0x806D8000 Size: 36864 File Visible: - Signed: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x82441000 Size: 3903488 File Visible: - Signed: -

Status: -

In my previous post it was suggested that I use:fixncr.reg and Rkill. I used both of them but to no avail. Thats when AdvancedSetup sent me to you :)

I'm attaching the requested documents.

dds.txt

attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

MrC

Link to post
Share on other sites

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

Windows Update:

===========

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll

[2008-01-20 20:24] - [2008-01-20 20:24] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys

[2011-06-15 17:54] - [2011-04-21 07:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys

[2010-08-10 21:38] - [2010-06-16 09:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll

[2011-04-13 04:40] - [2011-03-02 08:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll

[2008-01-20 20:24] - [2008-01-20 20:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll

[2008-01-20 20:23] - [2008-01-20 20:23] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe

[2008-01-20 20:23] - [2008-01-20 20:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll

[2008-01-20 20:23] - [2008-01-20 20:23] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll

[2008-01-20 20:24] - [2008-01-20 20:24] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll

[2008-01-20 20:25] - [2008-01-20 20:25] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll

[2008-08-12 18:43] - [2008-04-17 23:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll

[2008-01-20 20:24] - [2008-01-20 20:24] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll

[2009-04-15 03:10] - [2009-03-02 22:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830

**** End of log ****

RogueKiller V6.2.2 [12/31/2011] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date : 01/09/2012 01:43:13

¤¤¤ Bad processes: 2 ¤¤¤

[sUSP PATH] svcs.exe -- C:\Windows\svcs.exe -> KILLED [TermProc]

[sUSP PATH] FSS.exe -- C:\Users\Owner\Desktop\FSS.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:5577) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 9aa4aa8601e382890aa9fc0b837e65c2

[bSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 490185 Mo

1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 957393675 | Size: 9919 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

I don't know if this is relevent but the mouse on this computer messes up a lot, i.e when I was highlighting and copying those documents it was messing up almost continuously.

Thank you for the help, sorry for the delay in my response

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

I must inform you that you're infected with Rootkit.ZeroAccess rootkit, a BackDoor Trojan.

Read this warning

----------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

DDS::

uInternet Settings,ProxyServer = http=127.0.0.1:5577

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

I'm not sure how to replace a lost cd, you could call Microsoft and ask them.

What make computer is it?

One more run with ComboFix.

----------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

RegLock::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.