Jump to content

system down...MBAM won't run


Recommended Posts

Hiya Support Group....

I've tried all and have hit a wall.

I believe I am supposed to post my logs here?

Many thanks,

swimfinz

I've been reading and trying eveything. Am fried.

Ant-Malware will not install, same with HJT.

Scratching my head, hard.

Ran the log report. Is this the place to post this info?

What do I do next?

Thanks in advance...swimfinz

ROOTREPEAL

Link to post
Share on other sites

  • Root Admin

Download and run Win32kDiag:

  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

[*]Double-click Win32kDiag.exe to run Win32kDiag and let it finish.

[*]When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.

[*]Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic, please do not attach the file.

Link to post
Share on other sites

Hiya...

thanks for you prompt reply.

I know I am doing something wrong here.....

cut and pasted the Win 32 log:

Log file is located at: C:\Documents and Settings\jmbodhi\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Link to post
Share on other sites

Thanks for your assistance. I ran through many check lists and noting seems to pull up the

MBAM window to run or upate or scan my system.

I still get spammed (internally) with many windows selling stuff and offering bogus security measures.

I did download the Root Repeal toolkit and ran a scan o fmy system.

Anything to do next?

Thanks again...should I erase any of the following files?

swimfinz

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/30 01:17

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: ABP480N5.SYS

Image Path: ABP480N5.SYS

Address: 0xF796F000 Size: 23552 File Visible: - Signed: -

Status: -

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF7658000 Size: 187776 File Visible: - Signed: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: ACPIEC.sys

Image Path: ACPIEC.sys

Address: 0xF7AC3000 Size: 11648 File Visible: - Signed: -

Status: -

Name: adpu160m.sys

Image Path: adpu160m.sys

Address: 0xF75DF000 Size: 101888 File Visible: - Signed: -

Status: -

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xA9153000 Size: 138496 File Visible: - Signed: -

Status: -

Name: agp440.sys

Image Path: agp440.sys

Address: 0xF77C7000 Size: 42368 File Visible: - Signed: -

Status: -

Name: agpCPQ.sys

Image Path: agpCPQ.sys

Address: 0xF77D7000 Size: 44928 File Visible: - Signed: -

Status: -

Name: aha154x.sys

Image Path: aha154x.sys

Address: 0xF7ACB000 Size: 12800 File Visible: - Signed: -

Status: -

Name: aic78u2.sys

Image Path: aic78u2.sys

Address: 0xF7707000 Size: 55168 File Visible: - Signed: -

Status: -

Name: aic78xx.sys

Image Path: aic78xx.sys

Address: 0xF76D7000 Size: 56960 File Visible: - Signed: -

Status: -

Name: aliide.sys

Image Path: aliide.sys

Address: 0xF7BAB000 Size: 5248 File Visible: - Signed: -

Status: -

Name: alim1541.sys

Image Path: alim1541.sys

Address: 0xF77A7000 Size: 42752 File Visible: - Signed: -

Status: -

Name: amdagp.sys

Image Path: amdagp.sys

Address: 0xF77B7000 Size: 43008 File Visible: - Signed: -

Status: -

Name: amsint.sys

Image Path: amsint.sys

Address: 0xF7AD7000 Size: 12032 File Visible: - Signed: -

Status: -

Name: asc.sys

Image Path: asc.sys

Address: 0xF793F000 Size: 26496 File Visible: - Signed: -

Status: -

Name: asc3350p.sys

Image Path: asc3350p.sys

Address: 0xF7977000 Size: 22400 File Visible: - Signed: -

Status: -

Name: asc3550.sys

Image Path: asc3550.sys

Address: 0xF7ADB000 Size: 14848 File Visible: - Signed: -

Status: -

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF75F8000 Size: 96512 File Visible: - Signed: -

Status: -

Name: athw.sys

Image Path: C:\WINDOWS\system32\DRIVERS\athw.sys

Address: 0xF6C36000 Size: 1312576 File Visible: - Signed: -

Status: -

Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -

Status: -

Name: audstub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys

Address: 0xF7D78000 Size: 3072 File Visible: - Signed: -

Status: -

Name: avgio.sys

Image Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys

Address: 0xF7BF5000 Size: 6144 File Visible: - Signed: -

Status: -

Name: avgntflt.sys

Image Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

Address: 0xA881B000 Size: 81920 File Visible: - Signed: -

Status: -

Name: avipbb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys

Address: 0xA8E81000 Size: 69632 File Visible: - Signed: -

Status: -

Name: BATTC.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS

Address: 0xF7ABF000 Size: 16384 File Visible: - Signed: -

Status: -

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF7BED000 Size: 4224 File Visible: - Signed: -

Status: -

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7AB7000 Size: 12288 File Visible: - Signed: -

Status: -

Name: cbidf2k.sys

Image Path: cbidf2k.sys

Address: 0xF7AE3000 Size: 13952 File Visible: - Signed: -

Status: -

Name: cd20xrnt.sys

Image Path: cd20xrnt.sys

Address: 0xF7BB5000 Size: 7680 File Visible: - Signed: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xF7767000 Size: 53248 File Visible: - Signed: -

Status: -

Name: CmBatt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys

Address: 0xF7B97000 Size: 13952 File Visible: - Signed: -

Status: -

Name: cmdide.sys

Image Path: cmdide.sys

Address: 0xF7BAD000 Size: 6656 File Visible: - Signed: -

Status: -

Name: compbatt.sys

Image Path: compbatt.sys

Address: 0xF7ABB000 Size: 10240 File Visible: - Signed: -

Status: -

Name: cpqarray.sys

Image Path: cpqarray.sys

Address: 0xF7AC7000 Size: 14976 File Visible: - Signed: -

Status: -

Name: dac2w2k.sys

Image Path: dac2w2k.sys

Address: 0xF75B3000 Size: 179584 File Visible: - Signed: -

Status: -

Name: dac960nt.sys

Image Path: dac960nt.sys

Address: 0xF7AD3000 Size: 14720 File Visible: - Signed: -

Status: -

Name: disk.sys

Image Path: disk.sys

Address: 0xF7757000 Size: 36352 File Visible: - Signed: -

Status: -

Name: DKbFltr.sys

Image Path: C:\WINDOWS\system32\DRIVERS\DKbFltr.sys

Address: 0xF7A7F000 Size: 16896 File Visible: - Signed: -

Status: -

Name: dpti2o.sys

Image Path: dpti2o.sys

Address: 0xF797F000 Size: 20192 File Visible: - Signed: -

Status: -

Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xF7817000 Size: 61440 File Visible: - Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xA8C94000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7C11000 Size: 8192 File Visible: No Signed: -

Status: -

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xAA21B000 Size: 12288 File Visible: - Signed: -

Status: -

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF000000 Size: 73728 File Visible: - Signed: -

Status: -

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7D5D000 Size: 4096 File Visible: - Signed: -

Status: -

Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xA7B97000 Size: 143744 File Visible: - Signed: -

Status: -

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xF7897000 Size: 44544 File Visible: - Signed: -

Status: -

Name: fltMgr.sys

Image Path: fltMgr.sys

Address: 0xF7593000 Size: 129792 File Visible: - Signed: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF7BEB000 Size: 7936 File Visible: - Signed: -

Status: -

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF7628000 Size: 125056 File Visible: - Signed: -

Status: -

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806FF000 Size: 134400 File Visible: - Signed: -

Status: -

Name: HDAudBus.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

Address: 0xF6D92000 Size: 163840 File Visible: - Signed: -

Status: -

Name: HIDCLASS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS

Address: 0xF78A7000 Size: 36864 File Visible: - Signed: -

Status: -

Name: HIDPARSE.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS

Address: 0xF7A2F000 Size: 28672 File Visible: - Signed: -

Status: -

Name: hidusb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys

Address: 0xF7B8F000 Size: 10368 File Visible: - Signed: -

Status: -

Name: hpn.sys

Image Path: hpn.sys

Address: 0xF798F000 Size: 25952 File Visible: - Signed: -

Status: -

Name: HTTP.sys

Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys

Address: 0xA7F2B000 Size: 264832 File Visible: - Signed: -

Status: -

Name: i2omgmt.SYS

Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS

Address: 0xF7B6B000 Size: 8576 File Visible: - Signed: -

Status: -

Name: i2omp.sys

Image Path: i2omp.sys

Address: 0xF794F000 Size: 18560 File Visible: - Signed: -

Status: -

Name: i8042prt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys

Address: 0xF740E000 Size: 52480 File Visible: - Signed: -

Status: -

Name: igxpdv32.DLL

Image Path: C:\WINDOWS\System32\igxpdv32.DLL

Address: 0xBF04F000 Size: 1671168 File Visible: - Signed: -

Status: -

Name: igxpdx32.DLL

Image Path: C:\WINDOWS\System32\igxpdx32.DLL

Address: 0xBF1E7000 Size: 2699264 File Visible: - Signed: -

Status: -

Name: igxpgd32.dll

Image Path: C:\WINDOWS\System32\igxpgd32.dll

Address: 0xBF024000 Size: 176128 File Visible: - Signed: -

Status: -

Name: igxpmp32.sys

Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

Address: 0xF6DCE000 Size: 5854752 File Visible: - Signed: -

Status: -

Name: igxprd32.dll

Image Path: C:\WINDOWS\System32\igxprd32.dll

Address: 0xBF012000 Size: 73728 File Visible: - Signed: -

Status: -

Name: ini910u.sys

Image Path: ini910u.sys

Address: 0xF7ADF000 Size: 16000 File Visible: - Signed: -

Status: -

Name: int15.sys

Image Path: C:\Acer\Empowering Technology\eRecovery\int15.sys

Address: 0xA79A3000 Size: 69632 File Visible: - Signed: -

Status: -

Name: intelide.sys

Image Path: intelide.sys

Address: 0xF7BB3000 Size: 5504 File Visible: - Signed: -

Status: -

Name: intelppm.sys

Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys

Address: 0xF741E000 Size: 36352 File Visible: - Signed: -

Status: -

Name: ipnat.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Address: 0xA9175000 Size: 152832 File Visible: - Signed: -

Status: -

Name: ipsec.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xA921C000 Size: 75264 File Visible: - Signed: -

Status: -

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF76A7000 Size: 37248 File Visible: - Signed: -

Status: -

Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xF7A87000 Size: 24576 File Visible: - Signed: -

Status: -

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7BA7000 Size: 8192 File Visible: - Signed: -

Status: -

Name: kmixer.sys

Image Path: C:\WINDOWS\system32\drivers\kmixer.sys

Address: 0xA6655000 Size: 172416 File Visible: - Signed: -

Status: -

Name: ks.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys

Address: 0xF6B90000 Size: 143360 File Visible: - Signed: -

Status: -

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF756A000 Size: 92928 File Visible: - Signed: -

Status: -

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xF7BEF000 Size: 4224 File Visible: - Signed: -

Status: -

Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xF7A8F000 Size: 23040 File Visible: - Signed: -

Status: -

Name: mouhid.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys

Address: 0xF7B93000 Size: 12160 File Visible: - Signed: -

Status: -

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF76B7000 Size: 42368 File Visible: - Signed: -

Status: -

Name: mraid35x.sys

Image Path: mraid35x.sys

Address: 0xF7947000 Size: 17280 File Visible: - Signed: -

Status: -

Name: mrxdav.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys

Address: 0xA887F000 Size: 180608 File Visible: - Signed: -

Status: -

Name: mrxsmb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Address: 0xA8E92000 Size: 455296 File Visible: - Signed: -

Status: -

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF79D7000 Size: 19072 File Visible: - Signed: -

Status: -

Name: msgpc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Address: 0xF73CE000 Size: 35072 File Visible: - Signed: -

Status: -

Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xF746E000 Size: 15488 File Visible: - Signed: -

Status: -

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF7496000 Size: 105344 File Visible: - Signed: -

Status: -

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF74B0000 Size: 182656 File Visible: - Signed: -

Status: -

Name: ndistapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xF7B9F000 Size: 10112 File Visible: - Signed: -

Status: -

Name: ndisuio.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Address: 0xA8B90000 Size: 14592 File Visible: - Signed: -

Status: -

Name: ndiswan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xF6BC4000 Size: 91520 File Visible: - Signed: -

Status: -

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF73AE000 Size: 40576 File Visible: - Signed: -

Status: -

Name: netbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys

Address: 0xF7867000 Size: 34688 File Visible: - Signed: -

Status: -

Name: netbt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys

Address: 0xA919B000 Size: 162816 File Visible: - Signed: -

Status: -

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF79DF000 Size: 30848 File Visible: - Signed: -

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF74DD000 Size: 574976 File Visible: - Signed: -

Status: -

Name: ntoskrnl.exe

Image Path: C:\WINDOWS\system32\ntoskrnl.exe

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF7C8D000 Size: 2944 File Visible: - Signed: -

Status: -

Name: OPRGHDLR.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

Address: 0xF7C70000 Size: 4096 File Visible: - Signed: -

Status: -

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF792F000 Size: 19712 File Visible: - Signed: -

Status: -

Name: pci.sys

Image Path: pci.sys

Address: 0xF7647000 Size: 68224 File Visible: - Signed: -

Status: -

Name: pciide.sys

Image Path: pciide.sys

Address: 0xF7C6F000 Size: 3328 File Visible: - Signed: -

Status: -

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Address: 0xF7927000 Size: 28672 File Visible: - Signed: -

Status: -

Name: perc2.sys

Image Path: perc2.sys

Address: 0xF7987000 Size: 27296 File Visible: - Signed: -

Status: -

Name: perc2hib.sys

Image Path: perc2hib.sys

Address: 0xF7BB7000 Size: 5504 File Visible: - Signed: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xAA23F000 Size: 147456 File Visible: - Signed: -

Status: -

Name: PROCEXP113.SYS

Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

Address: 0xF7BCF000 Size: 7872 File Visible: No Signed: -

Status: -

Name: psched.sys

Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys

Address: 0xF6BB3000 Size: 69120 File Visible: - Signed: -

Status: -

Name: ptilink.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xF7A9F000 Size: 17792 File Visible: - Signed: -

Status: -

Name: PxHelp20.sys

Image Path: PxHelp20.sys

Address: 0xF7777000 Size: 36320 File Visible: - Signed: -

Status: -

Name: ql1080.sys

Image Path: ql1080.sys

Address: 0xF7727000 Size: 40320 File Visible: - Signed: -

Status: -

Name: ql10wnt.sys

Image Path: ql10wnt.sys

Address: 0xF76E7000 Size: 33152 File Visible: - Signed: -

Status: -

Name: ql12160.sys

Image Path: ql12160.sys

Address: 0xF7747000 Size: 45312 File Visible: - Signed: -

Status: -

Name: ql1240.sys

Image Path: ql1240.sys

Address: 0xF76F7000 Size: 40448 File Visible: - Signed: -

Status: -

Name: ql1280.sys

Image Path: ql1280.sys

Address: 0xF7737000 Size: 49024 File Visible: - Signed: -

Status: -

Name: rasacd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xF7B6F000 Size: 8832 File Visible: - Signed: -

Status: -

Name: rasl2tp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xF73FE000 Size: 51328 File Visible: - Signed: -

Status: -

Name: raspppoe.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xF73EE000 Size: 41472 File Visible: - Signed: -

Status: -

Name: raspptp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Address: 0xF73DE000 Size: 48384 File Visible: - Signed: -

Status: -

Name: raspti.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xF7AA7000 Size: 16512 File Visible: - Signed: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: rdbss.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Address: 0xA8F02000 Size: 175744 File Visible: - Signed: -

Status: -

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF7BF1000 Size: 4224 File Visible: - Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA629B000 Size: 49152 File Visible: No Signed: -

Status: -

Name: Rtenicxp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

Address: 0xF6D77000 Size: 108800 File Visible: - Signed: -

Status: -

Name: RtkHDAud.sys

Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys

Address: 0xAA263000 Size: 4968448 File Visible: - Signed: -

Status: -

Name: SASKUTIL.sys

Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

Address: 0xA8F2D000 Size: 151552 File Visible: No Signed: -

Status: -

Name: SCSIPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS

Address: 0xF7610000 Size: 98304 File Visible: - Signed: -

Status: -

Name: sisagp.sys

Image Path: sisagp.sys

Address: 0xF7787000 Size: 40960 File Visible: - Signed: -

Status: -

Name: sncduvc.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\sncduvc.SYS

Address: 0xF79E7000 Size: 28672 File Visible: - Signed: -

Status: -

Name: snp2uvc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\snp2uvc.sys

Address: 0xA8FA2000 Size: 1769984 File Visible: - Signed: -

Status: -

Name: sparrow.sys

Image Path: sparrow.sys

Address: 0xF7937000 Size: 19072 File Visible: - Signed: -

Status: -

Name: sr.sys

Image Path: sr.sys

Address: 0xF7581000 Size: 73472 File Visible: - Signed: -

Status: -

Name: srv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys

Address: 0xA86B1000 Size: 333952 File Visible: - Signed: -

Status: -

Name: ssmdrv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

Address: 0xF79EF000 Size: 22656 File Visible: - Signed: -

Status: -

Name: STREAM.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS

Address: 0xF7857000 Size: 53248 File Visible: - Signed: -

Status: -

Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xF7BE1000 Size: 4352 File Visible: - Signed: -

Status: -

Name: sym_hi.sys

Image Path: sym_hi.sys

Address: 0xF795F000 Size: 28384 File Visible: - Signed: -

Status: -

Name: sym_u3.sys

Image Path: sym_u3.sys

Address: 0xF7967000 Size: 30688 File Visible: - Signed: -

Status: -

Name: symc810.sys

Image Path: symc810.sys

Address: 0xF7ACF000 Size: 16256 File Visible: - Signed: -

Status: -

Name: symc8xx.sys

Image Path: symc8xx.sys

Address: 0xF7957000 Size: 32640 File Visible: - Signed: -

Status: -

Name: SynTP.sys

Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys

Address: 0xF6BDB000 Size: 225024 File Visible: - Signed: -

Status: -

Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xA84C1000 Size: 60800 File Visible: - Signed: -

Status: -

Name: tcpip.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Address: 0xA91C3000 Size: 361600 File Visible: - Signed: -

Status: -

Name: TDI.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Address: 0xF7A97000 Size: 20480 File Visible: - Signed: -

Status: -

Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xF73BE000 Size: 40704 File Visible: - Signed: -

Status: -

Name: toside.sys

Image Path: toside.sys

Address: 0xF7BAF000 Size: 4992 File Visible: - Signed: -

Status: -

Name: ultra.sys

Image Path: ultra.sys

Address: 0xF7717000 Size: 36736 File Visible: - Signed: -

Status: -

Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xF6B32000 Size: 384768 File Visible: - Signed: -

Status: -

Name: usbccgp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys

Address: 0xF7A27000 Size: 32128 File Visible: - Signed: -

Status: -

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF7BDF000 Size: 8192 File Visible: - Signed: -

Status: -

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xF7A77000 Size: 30208 File Visible: - Signed: -

Status: -

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xF7807000 Size: 59520 File Visible: - Signed: -

Status: -

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xF6C12000 Size: 147456 File Visible: - Signed: -

Status: -

Name: usbuhci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys

Address: 0xF7A6F000 Size: 20608 File Visible: - Signed: -

Status: -

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF79CF000 Size: 20992 File Visible: - Signed: -

Status: -

Name: viaagp.sys

Image Path: viaagp.sys

Address: 0xF7797000 Size: 42240 File Visible: - Signed: -

Status: -

Name: viaide.sys

Image Path: viaide.sys

Address: 0xF7BB1000 Size: 5376 File Visible: - Signed: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xF6DBA000 Size: 81920 File Visible: - Signed: -

Status: -

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF76C7000 Size: 52352 File Visible: - Signed: -

Status: -

Name: wanarp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Address: 0xF7847000 Size: 34560 File Visible: - Signed: -

Status: -

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF7AAF000 Size: 20480 File Visible: - Signed: -

Status: -

Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0xA841C000 Size: 83072 File Visible: - Signed: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: wmiacpi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

Address: 0xF7B9B000 Size: 8832 File Visible: - Signed: -

Status: -

Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xF7BA9000 Size: 8192 File Visible: - Signed: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Link to post
Share on other sites

  • Root Admin

Please try the following. Try renaming if you have to or starting in Safe Mode if it won't run.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

If you still cannot get this to run, try booting into Safe Mode, and run it there.

To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."

If this doesn't work either, try the same method (above method), but name Combofix.exe to iexplore.exe instead, or winlogon.exe..

This because It also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe...

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.