Jump to content

Nothing will Run


Recommended Posts

Okay folks

I got something nasty, I read a lot of things both here at this forum and others and I never ready anything such as this. I cannot run Malwarebytes, Hijackthis, Superantivirus, nothing. I even have Trend on my server and it disable realtime scanning. It seems as if the virus knows all Malwarebytes, Hijackthis and etc. I have to rename the file inorder to run the setup and when I do run the setup in a matter of seconds it will kill it. I ran Process Explorer and actually see it kill the process. I even have to rename the execute to something else and when I try to run it for the second time I get "Windows cannot access the specified device,path or file. You may not have the appropriate permission to access the item". I have done this for both in Safe Mode and normal boot mode.

Also when I run regedit to see what in Startup/Startup Once, I get I do not have the appropriate permission to access the file. I am so fraustrated but have not given up hope, nothing work Smithfraud, rootkitbuster..... I am open for any ither suggestion. One last thing I have tried to go into Device Manager/Show Hidden Files and I did not see anything. Suggestion... Comments ... Idea... TIA.. :(

Link to post
Share on other sites

Hi WooYing, Welcome to Malwarebytes :(

You have CLB Rootkit preventing your security software to run

  1. Download RootRepeal from the following location and save it to your desktop.

[*]Rar Mirrors - Only if you know what a RAR is and can extract it.

[*]Extract RootRepeal.exe from the archive.

[*]Open rootRepealDesktopIcon.png on your desktop.

[*]Click the reportTab.png tab.

[*]Click the btnScan.png button.

[*]Check all seven boxes: checkBoxes2.png

[*]Push Ok

[*]Check the box for your main system drive (Usually C:), and press Ok.

[*]Allow RootRepeal to run a scan of your system. This may take some time.

[*]Once the scan completes, push the saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Link to post
Share on other sites

Hi WooYing, Welcome to Malwarebytes :(

You have CLB Rootkit preventing your security software to run

  1. Download RootRepeal from the following location and save it to your desktop.

[*]Rar Mirrors - Only if you know what a RAR is and can extract it.

[*]Extract RootRepeal.exe from the archive.

[*]Open rootRepealDesktopIcon.png on your desktop.

[*]Click the reportTab.png tab.

[*]Click the btnScan.png button.

[*]Check all seven boxes: checkBoxes2.png

[*]Push Ok

[*]Check the box for your main system drive (Usually C:), and press Ok.

[*]Allow RootRepeal to run a scan of your system. This may take some time.

[*]Once the scan completes, push the saveReport.png button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Here what I got for the report

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/10 00:36

Program Version: Version 1.3.3.0

Windows Version: Windows Server 2003 R2 SP2

==================================================

Drivers

-------------------

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF7352000 Size: 212992 File Visible: - Signed: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x80800000 Size: 2465792 File Visible: - Signed: -

Status: -

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xB92CB000 Size: 172032 File Visible: - Signed: -

Status: -

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF72A2000 Size: 118784 File Visible: - Signed: -

Status: -

Name: ati2cqag.dll

Image Path: C:\WINDOWS\System32\ati2cqag.dll

Address: 0xBFA21000 Size: 249856 File Visible: - Signed: -

Status: -

Name: ati2dvag.dll

Image Path: C:\WINDOWS\System32\ati2dvag.dll

Address: 0xBF9E7000 Size: 237568 File Visible: - Signed: -

Status: -

Name: ati2mtag.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

Address: 0xB971D000 Size: 909312 File Visible: - Signed: -

Status: -

Name: ati3duag.dll

Image Path: C:\WINDOWS\System32\ati3duag.dll

Address: 0xBFA5E000 Size: 2310144 File Visible: - Signed: -

Status: -

Name: ativvaxx.dll

Image Path: C:\WINDOWS\System32\ativvaxx.dll

Address: 0xBFC92000 Size: 434176 File Visible: - Signed: -

Status: -

Name: audstub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys

Address: 0xF7777000 Size: 32768 File Visible: - Signed: -

Status: -

Name: aw_host5.sys

Image Path: C:\WINDOWS\system32\drivers\aw_host5.sys

Address: 0xBA3F7000 Size: 22688 File Visible: - Signed: -

Status: -

Name: awlegacy.sys

Image Path: C:\WINDOWS\System32\Drivers\awlegacy.sys

Address: 0xB9C87000 Size: 10048 File Visible: - Signed: -

Status: -

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xBA417000 Size: 28672 File Visible: - Signed: -

Status: -

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF770F000 Size: 32768 File Visible: - Signed: -

Status: -

Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xB61B5000 Size: 86016 File Visible: - Signed: -

Status: -

Name: cdrom.sys

Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Address: 0xB97FB000 Size: 86016 File Visible: - Signed: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xF7270000 Size: 77824 File Visible: - Signed: -

Status: -

Name: crcdisk.sys

Image Path: crcdisk.sys

Address: 0xF7517000 Size: 40960 File Visible: - Signed: -

Status: -

Name: dcdbas32.sys

Image Path: C:\WINDOWS\system32\DRIVERS\dcdbas32.sys

Address: 0xB9BA5000 Size: 45056 File Visible: - Signed: -

Status: -

Name: Dfs.sys

Image Path: Dfs.sys

Address: 0xF7507000 Size: 49152 File Visible: - Signed: -

Status: -

Name: disk.sys

Image Path: disk.sys

Address: 0xF74E7000 Size: 65536 File Visible: - Signed: -

Status: -

Name: dmio.sys

Image Path: dmio.sys

Address: 0xF72E9000 Size: 180224 File Visible: - Signed: -

Status: -

Name: dmload.sys

Image Path: dmload.sys

Address: 0xF771F000 Size: 28672 File Visible: - Signed: -

Status: -

Name: dump_diskdump.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys

Address: 0xBAD60000 Size: 40960 File Visible: No Signed: -

Status: -

Name: dump_mraid35x.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_mraid35x.sys

Address: 0xB87FE000 Size: 49152 File Visible: No Signed: -

Status: -

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xF7577000 Size: 40960 File Visible: - Signed: -

Status: -

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF9D0000 Size: 94208 File Visible: - Signed: -

Status: -

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF77E7000 Size: 28672 File Visible: - Signed: -

Status: -

Name: e1000325.sys

Image Path: C:\WINDOWS\system32\DRIVERS\e1000325.sys

Address: 0xB984D000 Size: 176128 File Visible: - Signed: -

Status: -

Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xB93CF000 Size: 172032 File Visible: - Signed: -

Status: -

Name: fdc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys

Address: 0xBAD30000 Size: 45056 File Visible: - Signed: -

Status: -

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xB91DD000 Size: 69632 File Visible: - Signed: -

Status: -

Name: flpydisk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys

Address: 0xB9C45000 Size: 40960 File Visible: - Signed: -

Status: -

Name: fltmgr.sys

Image Path: fltmgr.sys

Address: 0xF724B000 Size: 151552 File Visible: - Signed: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF77FF000 Size: 32768 File Visible: - Signed: -

Status: -

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF7315000 Size: 159744 File Visible: - Signed: -

Status: -

Name: gdihook5.dll

Image Path: C:\WINDOWS\System32\gdihook5.dll

Address: 0xBFCFC000 Size: 40960 File Visible: - Signed: -

Status: -

Name: gdihook5.sys

Image Path: C:\WINDOWS\system32\DRIVERS\gdihook5.sys

Address: 0xBA3DF000 Size: 24576 File Visible: - Signed: -

Status: -

Name: Gernuwa.sys

Image Path: Gernuwa.sys

Address: 0xF7897000 Size: 13088 File Visible: - Signed: -

Status: -

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x80A5A000 Size: 180224 File Visible: - Signed: -

Status: -

Name: hardlock.sys

Image Path: C:\WINDOWS\system32\drivers\hardlock.sys

Address: 0xB66BE000 Size: 676864 File Visible: - Signed: -

Status: -

Name: HIDCLASS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS

Address: 0xB86BE000 Size: 57344 File Visible: - Signed: -

Status: -

Name: HIDPARSE.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS

Address: 0xF7747000 Size: 28672 File Visible: - Signed: -

Status: -

Name: hidusb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys

Address: 0xB86CE000 Size: 36864 File Visible: - Signed: -

Status: -

Name: i8042prt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys

Address: 0xB96EE000 Size: 77824 File Visible: - Signed: -

Status: -

Name: ianswxp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ianswxp.sys

Address: 0xB9685000 Size: 102400 File Visible: - Signed: -

Status: -

Name: ikfilesec.sys

Image Path: ikfilesec.sys

Address: 0xF74F7000 Size: 57344 File Visible: - Signed: -

Status: -

Name: iksysflt.sys

Image Path: C:\WINDOWS\system32\drivers\iksysflt.sys

Address: 0xB9445000 Size: 86016 File Visible: - Signed: -

Status: -

Name: iksyssec.sys

Image Path: C:\WINDOWS\system32\drivers\iksyssec.sys

Address: 0xB942E000 Size: 94208 File Visible: - Signed: -

Status: -

Name: intelppm.sys

Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys

Address: 0xBAD40000 Size: 61440 File Visible: - Signed: -

Status: -

Name: ipsec.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xB93B6000 Size: 102400 File Visible: - Signed: -

Status: -

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF7497000 Size: 61440 File Visible: - Signed: -

Status: -

Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xBAD80000 Size: 45056 File Visible: - Signed: -

Status: -

Name: kbdhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys

Address: 0xB9B65000 Size: 36864 File Visible: - Signed: -

Status: -

Name: KCOM.SYS

Image Path: C:\WINDOWS\system32\drivers\KCOM.SYS

Address: 0xF75E7000 Size: 57344 File Visible: - Signed: -

Status: -

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7707000 Size: 32768 File Visible: - Signed: -

Status: -

Name: ks.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys

Address: 0xB969E000 Size: 159744 File Visible: - Signed: -

Status: -

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF7225000 Size: 155648 File Visible: - Signed: -

Status: -

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xBA40F000 Size: 32768 File Visible: - Signed: -

Status: -

Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xBAD50000 Size: 40960 File Visible: - Signed: -

Status: -

Name: mouhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys

Address: 0xB8666000 Size: 32768 File Visible: - Signed: -

Status: -

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF74B7000 Size: 65536 File Visible: - Signed: -

Status: -

Name: mraid35x.sys

Image Path: mraid35x.sys

Address: 0xF74D7000 Size: 49152 File Visible: - Signed: -

Status: -

Name: mrxdav.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys

Address: 0xB658D000 Size: 208896 File Visible: - Signed: -

Status: -

Name: mrxsmb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Address: 0xB91EE000 Size: 483328 File Visible: - Signed: -

Status: -

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xB9B85000 Size: 45056 File Visible: - Signed: -

Status: -

Name: msgpc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Address: 0xBAE30000 Size: 57344 File Visible: - Signed: -

Status: -

Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xF75D7000 Size: 36864 File Visible: - Signed: -

Status: -

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF7206000 Size: 126976 File Visible: - Signed: -

Status: -

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF76C8000 Size: 258048 File Visible: - Signed: -

Status: -

Name: ndistapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xF76B7000 Size: 36864 File Visible: - Signed: -

Status: -

Name: ndisuio.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Address: 0xB868E000 Size: 40960 File Visible: - Signed: -

Status: -

Name: ndiswan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xB9641000 Size: 102400 File Visible: - Signed: -

Status: -

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xBAF00000 Size: 57344 File Visible: - Signed: -

Status: -

Name: netbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys

Address: 0xBAE60000 Size: 53248 File Visible: - Signed: -

Status: -

Name: netbt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys

Address: 0xB92F5000 Size: 200704 File Visible: - Signed: -

Status: -

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF7587000 Size: 53248 File Visible: - Signed: -

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF7B4A000 Size: 610304 File Visible: - Signed: -

Status: -

Name: ntkrnlpa.exe

Image Path: C:\WINDOWS\system32\ntkrnlpa.exe

Address: 0x80800000 Size: 2465792 File Visible: - Signed: -

Status: -

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF777F000 Size: 28672 File Visible: - Signed: -

Status: -

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF74C7000 Size: 45056 File Visible: - Signed: -

Status: -

Name: pci.sys

Image Path: pci.sys

Address: 0xF733C000 Size: 90112 File Visible: - Signed: -

Status: -

Name: pciide.sys

Image Path: pciide.sys

Address: 0xF7717000 Size: 28672 File Visible: - Signed: -

Status: -

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Address: 0xF74A7000 Size: 53248 File Visible: - Signed: -

Status: -

Name: PCISys.SYS

Image Path: C:\WINDOWS\System32\Drivers\PCISys.SYS

Address: 0xF7807000 Size: 32768 File Visible: - Signed: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x80800000 Size: 2465792 File Visible: - Signed: -

Status: -

Name: PROCEXP113.SYS

Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

Address: 0xB6F19000 Size: 7872 File Visible: No Signed: -

Status: -

Name: ptilink.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xBACF0000 Size: 45056 File Visible: - Signed: -

Status: -

Name: rac4ser.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rac4ser.sys

Address: 0xB9810000 Size: 77824 File Visible: - Signed: -

Status: -

Name: rasacd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xF7817000 Size: 32768 File Visible: - Signed: -

Status: -

Name: rasl2tp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xB9671000 Size: 81920 File Visible: - Signed: -

Status: -

Name: raspppoe.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xF75C7000 Size: 61440 File Visible: - Signed: -

Status: -

Name: raspptp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Address: 0xB962F000 Size: 73728 File Visible: - Signed: -

Status: -

Name: raspti.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xF7677000 Size: 36864 File Visible: - Signed: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x80800000 Size: 2465792 File Visible: - Signed: -

Status: -

Name: rdbss.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Address: 0xB9264000 Size: 196608 File Visible: - Signed: -

Status: -

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF781F000 Size: 32768 File Visible: - Signed: -

Status: -

Name: RDPDD.dll

Image Path: C:\WINDOWS\System32\RDPDD.dll

Address: 0xBFF60000 Size: 122880 File Visible: - Signed: -

Status: -

Name: rdpdr.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys

Address: 0xB95F8000 Size: 225280 File Visible: - Signed: -

Status: -

Name: RDPWD.SYS

Image Path: C:\WINDOWS\System32\Drivers\RDPWD.SYS

Address: 0xB5DAA000 Size: 176128 File Visible: - Signed: -

Status: -

Name: redbook.sys

Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys

Address: 0xB96C5000 Size: 81920 File Visible: - Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB638D000 Size: 49152 File Visible: No Signed: -

Status: -

Name: SASDIFSV.SYS

Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

Address: 0xB9A36000 Size: 24576 File Visible: - Signed: -

Status: -

Name: SASKUTIL.sys

Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

Address: 0xB9294000 Size: 151552 File Visible: - Signed: -

Status: -

Name: SCSIPORT.SYS

Image Path: C:\WINDOWS\system32\drivers\SCSIPORT.SYS

Address: 0xF7283000 Size: 126976 File Visible: - Signed: -

Status: -

Name: serenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys

Address: 0xBAF80000 Size: 40960 File Visible: - Signed: -

Status: -

Name: serial.sys

Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys

Address: 0xB96D9000 Size: 86016 File Visible: - Signed: -

Status: -

Name: srv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys

Address: 0xB6610000 Size: 385024 File Visible: - Signed: -

Status: -

Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xF7A01000 Size: 4736 File Visible: - Signed: -

Status: -

Name: tcpip.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Address: 0xB9326000 Size: 589824 File Visible: - Signed: -

Status: -

Name: TDI.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Address: 0xBAD00000 Size: 45056 File Visible: - Signed: -

Status: -

Name: TDTCP.SYS

Image Path: C:\WINDOWS\System32\Drivers\TDTCP.SYS

Address: 0xB6485000 Size: 45056 File Visible: - Signed: -

Status: -

Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xB9BF5000 Size: 61440 File Visible: - Signed: -

Status: -

Name: tmcomm.sys

Image Path: C:\WINDOWS\system32\drivers\tmcomm.sys

Address: 0xB62E2000 Size: 176128 File Visible: - Signed: -

Status: -

Name: TMPassthru.sys

Image Path: C:\WINDOWS\system32\DRIVERS\TMPassthru.sys

Address: 0xB94F1000 Size: 199936 File Visible: - Signed: -

Status: -

Name: TmPreFlt.sys

Image Path: C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys

Address: 0xB6B45000 Size: 53248 File Visible: - Signed: -

Status: -

Name: tmtdi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tmtdi.sys

Address: 0xB92B9000 Size: 70016 File Visible: - Signed: -

Status: -

Name: TmXPFlt.sys

Image Path: C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys

Address: 0xB68E4000 Size: 294912 File Visible: - Signed: -

Status: -

Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xB9599000 Size: 389120 File Visible: - Signed: -

Status: -

Name: usbccgp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys

Address: 0xB866E000 Size: 32128 File Visible: - Signed: -

Status: -

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF79A1000 Size: 8192 File Visible: - Signed: -

Status: -

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xBA3FF000 Size: 27520 File Visible: - Signed: -

Status: -

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xB949C000 Size: 86016 File Visible: - Signed: -

Status: -

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xB9823000 Size: 172032 File Visible: - Signed: -

Status: -

Name: usbuhci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Address: 0xBA407000 Size: 20864 File Visible: - Signed: -

Status: -

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xBADD0000 Size: 49152 File Visible: - Signed: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xB9701000 Size: 114688 File Visible: - Signed: -

Status: -

Name: volsnap.sys

Image Path: volsnap.sys

Address: 0xF72BF000 Size: 172032 File Visible: - Signed: -

Status: -

Name: VSApiNt.sys

Image Path: C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys

Address: 0xB692C000 Size: 1213376 File Visible: - Signed: -

Status: -

Name: wanarp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Address: 0xBAEF0000 Size: 53248 File Visible: - Signed: -

Status: -

Name: watchdog.sys

Image Path: C:\WINDOWS\system32\DRIVERS\watchdog.sys

Address: 0xBADC0000 Size: 36864 File Visible: - Signed: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1900544 File Visible: - Signed: -

Status: -

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1900544 File Visible: - Signed: -

Status: -

Name: win32k.sys:1

Image Path: C:\WINDOWS\win32k.sys:1

Address: 0xB7492000 Size: 20480 File Visible: No Signed: -

Status: -

Name: win32k.sys:2

Image Path: C:\WINDOWS\win32k.sys:2

Address: 0xB6AF5000 Size: 61440 File Visible: No Signed: -

Status: -

Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xF7487000 Size: 36864 File Visible: - Signed: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x80800000 Size: 2465792 File Visible: - Signed: -

Status: -

Link to post
Share on other sites

Please download this tool by sUBs, and save it to your desktop.

  • Close any applications that you have open, as your computer will be rebooted
  • Double click +++.exe to run the tool
  • When it has run it will reboot your computer, you may then delete the tool

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.