Jump to content

Infected with armanager and antimalware doctor - Malwarebytes won't work (log included)

Nickd123
 Share

Recommended Posts

Nickd123

Nickd123

Posted
Posted

Hi there,

I seem to be a victim of some deadly infection which I'm beginning to lose hope on removing. After searching for a while I came across malwarebytes and I gave the program a try, but unfortunately the program will not load; giving various error messages.

I followed the instructions on a thread (http://forums.malwarebytes.org/index.php?showtopic=12709) and downloaded rootrepeal. However unfortunately I cannot identify the driver I need to remove.

If anyone can tell me which driver I need to remove or even offer any other help I would greatly appreciate it.

The report is here:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/04/30 22:44

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: 1394BUS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS

Address: 0xF7617000 Size: 57344 File Visible: - Signed: -

Status: -

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF75A8000 Size: 187776 File Visible: - Signed: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xB8365000 Size: 138112 File Visible: - Signed: -

Status: -

Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -

Status: -

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF79AD000 Size: 4224 File Visible: - Signed: -

Status: -

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7897000 Size: 12288 File Visible: - Signed: -

Status: -

Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xB87A0000 Size: 63744 File Visible: - Signed: -

Status: -

Name: cdrom.sys

Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Address: 0xF76B7000 Size: 62976 File Visible: - Signed: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xF7657000 Size: 53248 File Visible: - Signed: -

Status: -

Name: CSCrySec.sys

Image Path: CSCrySec.sys

Address: 0xF74E3000 Size: 81920 File Visible: - Signed: -

Status: -

Name: disk.sys

Image Path: disk.sys

Address: 0xF7647000 Size: 36352 File Visible: - Signed: -

Status: -

Name: dmio.sys

Image Path: dmio.sys

Address: 0xF749E000 Size: 153344 File Visible: - Signed: -

Status: -

Name: dmload.sys

Image Path: dmload.sys

Address: 0xF798B000 Size: 5888 File Visible: - Signed: -

Status: -

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xB85A5000 Size: 12288 File Visible: - Signed: -

Status: -

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBD000000 Size: 73728 File Visible: - Signed: -

Status: -

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7A96000 Size: 4096 File Visible: - Signed: -

Status: -

Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xB7C1C000 Size: 143744 File Visible: - Signed: -

Status: -

Name: fdc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys

Address: 0xF7737000 Size: 27392 File Visible: - Signed: -

Status: -

Name: flpydisk.sys

Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys

Address: 0xF7817000 Size: 20480 File Visible: - Signed: -

Status: -

Name: fltMgr.sys

Image Path: fltMgr.sys

Address: 0xF741B000 Size: 129792 File Visible: - Signed: -

Status: -

Name: framebuf.dll

Image Path: C:\WINDOWS\System32\framebuf.dll

Address: 0xBFF50000 Size: 12288 File Visible: - Signed: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF79A9000 Size: 7936 File Visible: - Signed: -

Status: -

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF74C4000 Size: 125056 File Visible: - Signed: -

Status: -

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806FF000 Size: 134400 File Visible: - Signed: -

Status: -

Name: i8042prt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys

Address: 0xF76D7000 Size: 52480 File Visible: - Signed: -

Status: -

Name: imapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys

Address: 0xF76A7000 Size: 42112 File Visible: - Signed: -

Status: -

Name: ipnat.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys

Address: 0xB8387000 Size: 152832 File Visible: - Signed: -

Status: -

Name: ipsec.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xB842E000 Size: 75264 File Visible: - Signed: -

Status: -

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF75F7000 Size: 37248 File Visible: - Signed: -

Status: -

Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xF776F000 Size: 24576 File Visible: - Signed: -

Status: -

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7987000 Size: 8192 File Visible: - Signed: -

Status: -

Name: klbg.sys

Image Path: klbg.sys

Address: 0xF7677000 Size: 53248 File Visible: - Signed: -

Status: -

Name: klim5.sys

Image Path: C:\WINDOWS\system32\DRIVERS\klim5.sys

Address: 0xF76F7000 Size: 40960 File Visible: - Signed: -

Status: -

Name: ks.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys

Address: 0xB86BF000 Size: 143360 File Visible: - Signed: -

Status: -

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF7870000 Size: 92288 File Visible: - Signed: -

Status: -

Name: Lbd.sys

Image Path: Lbd.sys

Address: 0xF7667000 Size: 57600 File Visible: - Signed: -

Status: -

Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xF775F000 Size: 23040 File Visible: - Signed: -

Status: -

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF7627000 Size: 42368 File Visible: - Signed: -

Status: -

Name: mrxsmb.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Address: 0xB82CA000 Size: 456576 File Visible: - Signed: -

Status: -

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF7787000 Size: 19072 File Visible: - Signed: -

Status: -

Name: msgpc.sys

Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Address: 0xF7557000 Size: 35072 File Visible: - Signed: -

Status: -

Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xB87F4000 Size: 15488 File Visible: - Signed: -

Status: -

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF7829000 Size: 105344 File Visible: - Signed: -

Status: -

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF7843000 Size: 182656 File Visible: - Signed: -

Status: -

Name: ndistapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xF7933000 Size: 10112 File Visible: - Signed: -

Status: -

Name: ndisuio.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Address: 0xB7FC2000 Size: 14592 File Visible: - Signed: -

Status: -

Name: ndiswan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xB865E000 Size: 91520 File Visible: - Signed: -

Status: -

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF7507000 Size: 40576 File Visible: - Signed: -

Status: -

Name: netbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys

Address: 0xF740B000 Size: 34688 File Visible: - Signed: -

Status: -

Name: netbt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys

Address: 0xB83AD000 Size: 162816 File Visible: - Signed: -

Status: -

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF7797000 Size: 30848 File Visible: - Signed: -

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF7B52000 Size: 574976 File Visible: - Signed: -

Status: -

Name: ntoskrnl.exe

Image Path: C:\WINDOWS\system32\ntoskrnl.exe

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF7A66000 Size: 2944 File Visible: - Signed: -

Status: -

Name: nvatabus.sys

Image Path: nvatabus.sys

Address: 0xF7488000 Size: 89856 File Visible: - Signed: -

Status: -

Name: nvcchflt.sys

Image Path: nvcchflt.sys

Address: 0xF770F000 Size: 16640 File Visible: - Signed: -

Status: -

Name: ohci1394.sys

Image Path: ohci1394.sys

Address: 0xF7607000 Size: 61696 File Visible: - Signed: -

Status: -

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF7707000 Size: 19712 File Visible: - Signed: -

Status: -

Name: pci.sys

Image Path: pci.sys

Address: 0xF7597000 Size: 68224 File Visible: - Signed: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: psched.sys

Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys

Address: 0xB864D000 Size: 69120 File Visible: - Signed: -

Status: -

Name: ptilink.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xF77F7000 Size: 17792 File Visible: - Signed: -

Status: -

Name: rasacd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xB87BC000 Size: 8832 File Visible: - Signed: -

Status: -

Name: rasl2tp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xF7587000 Size: 51328 File Visible: - Signed: -

Status: -

Name: raspppoe.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xF7577000 Size: 41472 File Visible: - Signed: -

Status: -

Name: raspptp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Address: 0xF7567000 Size: 48384 File Visible: - Signed: -

Status: -

Name: raspti.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xF7807000 Size: 16512 File Visible: - Signed: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: rdbss.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Address: 0xB833A000 Size: 175744 File Visible: - Signed: -

Status: -

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF79B1000 Size: 4224 File Visible: - Signed: -

Status: -

Name: rdpdr.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys

Address: 0xB8555000 Size: 196224 File Visible: - Signed: -

Status: -

Name: redbook.sys

Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys

Address: 0xF76C7000 Size: 57600 File Visible: - Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB7B0C000 Size: 49152 File Visible: No Signed: -

Status: -

Name: SCSIPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS

Address: 0xF743B000 Size: 98304 File Visible: - Signed: -

Status: -

Name: Si3114r5.sys

Image Path: Si3114r5.sys

Address: 0xF7453000 Size: 217088 File Visible: - Signed: -

Status: -

Name: SiRemFil.sys

Image Path: SiRemFil.sys

Address: 0xF798D000 Size: 5504 File Visible: - Signed: -

Status: -

Name: SiWinAcc.sys

Image Path: SiWinAcc.sys

Address: 0xF789B000 Size: 10368 File Visible: - Signed: -

Status: -

Name: srv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys

Address: 0xB7C40000 Size: 334848 File Visible: - Signed: -

Status: -

Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xF799F000 Size: 4352 File Visible: - Signed: -

Status: -

Name: tcpip.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Address: 0xB83D5000 Size: 361344 File Visible: - Signed: -

Status: -

Name: TDI.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Address: 0xF77C7000 Size: 20480 File Visible: - Signed: -

Status: -

Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xF7537000 Size: 40704 File Visible: - Signed: -

Status: -

Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xB84F7000 Size: 384768 File Visible: - Signed: -

Status: -

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF79A3000 Size: 8192 File Visible: - Signed: -

Status: -

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xF781F000 Size: 30208 File Visible: - Signed: -

Status: -

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xF7517000 Size: 59520 File Visible: - Signed: -

Status: -

Name: usbohci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys

Address: 0xF77EF000 Size: 17152 File Visible: - Signed: -

Status: -

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xB86E2000 Size: 147456 File Visible: - Signed: -

Status: -

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF7757000 Size: 20992 File Visible: - Signed: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\System32\drivers\VIDEOPRT.SYS

Address: 0xB8461000 Size: 81920 File Visible: - Signed: -

Status: -

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF7637000 Size: 52352 File Visible: - Signed: -

Status: -

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF7777000 Size: 20480 File Visible: - Signed: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xF7989000 Size: 8192 File Visible: - Signed: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2260992 File Visible: - Signed: -

Status: -

Name: yk51x86.sys

Image Path: C:\WINDOWS\system32\DRIVERS\yk51x86.sys

Address: 0xB8675000 Size: 299520 File Visible: - Signed: -

Status: -

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Nickd123! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install any software or hardware, while work on.

Step 1:

Go into C:\Program Files\Malwarebytes' Anti-Malware and you will see a file called mbam.exe Right click on it and drop down to Rename change the name to firefox.com From mbam.exe to firefox.com . Please, restart your computer.

Step 2:

  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3:

Click here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Step 4:

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s) in this sequence:

  1. MalwareBytes' Anti-Malware log
  2. HiJackThis log
  3. Add or Remove Programs list

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.