Infected with Rootkit - Pragmad.sys? Paladin Antivirus?

[MadhaviS]

In excess of the precedent couple of days, I have been trying to clean up a contamination, and I believe it's further than my limited ability. I originally tried MBAM, Avast, SuperAS, etc. At the same time as each of these originate results, the ad popups and sluggish response times kept returning. I tried searching for a number of of the file names, and I might not locate much information in sequence on the contamination, beyond a small number of extremely recent threads that seemed moderately similar.

[Candace]

It seems similar to I am infected by means of a rootkit, additional than I am not completely positive on how to safely eliminate it, so I figured the most excellent thing to do was to ask for assist here. I encompass noted that the entire the rootkit scans I have run keep pointing to a concealed "pragmad.sys" result, additional than Google did not return no matter which on it that seemed accommodating. Below is the DDS log, and attached are the Attach.txt and ark.txt files, as well as a HijackThis log. I determine to monitor the topic personally.

[Paisley007]

Give pleasure to download ComboFix make a note of: In the event you previously have comprise Combofix, this is an innovative version or description that I necessitate you to download. It is significant that it is saved and renamed following this procedure unswervingly to your desktop. If you are using Firefox, create certain that your download settings are as follows: First you have to go to the tools->Options->Main tab. Subsequent to that you have to set to "forever ask me where to Save the files". During the download, rename Combofix to Combo-Fix might it may help you.

[addie]

The ComboFix might reset a numeral of Internet Explorer's settings, together with making it the defaulting browser. Make a note of: Combofix protects auto run of the entire CDs, floppies and USB apparatus to assist by means of malware removal & increase sanctuary. Give pleasure to do not install several innovative programs or bring up to date anything (always permit your antivirus/antispyware to update) unless told to do so at the same time as we are fixing your tribulations. If combofix alerts to a innovative version or description and presents to bring up to date, please let it. It is essential we always use the most recent version.

[Carley]

I go subsequent to your instructions, additional than I seemed to have comprised encountered a tribulations: subsequent to combofix restarted the system and began its scan, I stepped away. I afterward returned to locate my laptop in the procedure of a startup repair; I noted in the error log it originate the root cause to be a corrupt atapi.svs file. What be supposed to I do here. It maintains getting that similar disappointment. I be able to have right of entry system recovery alternatives, I figured I would ask previous to I do anything though.

[Pabloa]

The file paths in Vista are moderately long. We determine to necessitate replacing the atapi.sys in order to boot. For a superior user, it determines to be simple to do throughout MSDOS. If you are up to it, this is the procedure. First, you have to confirm that you be able to have right of entry the Vista Recovery surroundings. To do so, restart your system and begin tapping the F8 key to facilitate the Advanced Start menu. If the alternative 'Repair your system' is obtainable, select it. If not obtainable, you determine to necessitate inserting your Vista installation DVD and restart, then pressing any key when prompted to boot from the CD. At the Install Windows screen, choose Repair your system.

[OS-X-10+]

You have to go back to the Command prompt. Type Regedit and press Enter. The Registry editor determine to be displayed. Hit it off on the HKEY_LOCAL_MACHINE to highlight it. Then you have to choose File from the Menu, then Load Hive. Subsequent to that Browse to the C:\Windows\System32\Config folder. Then you have to choose the System hive and hit it off on Open. Name the key Test. Subsequent to that expand the HKEY_LOCAL_MACHINE, then the Test key. Then you have to hit it off on the Select key to highlight it. On the right pane, give the impression of being at the value for Defaulting. Under the Test key you determine to observe keys such as Controlset001, Controlset002, Controlset003 etc. If the value for defaulting is 0X00000001, then you are going to work on the Controlset001, if 0X00000002, then Controlset002, and so forth. So make bigger the equivalent Controlset key, then services. Hit it off on the atapi key. On the right pane right hit it off the Imagepath and choose modify. Basically modify the extension of atapi from .svs to .sys and hit it off OK. If you create a mistake immediately hit it off on cancel and tries the entire in excess of again. At the end go back to the Test key and hit it off on it to highlight it. Choose File from the menu, then Unload Hive. Close the editor and restart the system.