Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All anti-virus/ Restore programs unaccessable [Moved]


  • Please log in to reply
17 replies to this topic

#1 As Beauty Dies

As Beauty Dies

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 10 August 2009 - 09:06 AM

1. Upon logging into the computer under log it a little box pops up that reads "error loading tapi.nfo

The specific module could not be found."
2. Upon trying to run anti-virus it either
a. Doesn't run / ignores the prompt
b. runs for five secounds and closes immediately (If it was a downloaded)
And begins 5
3. Cannot access system restore
4. Cannot edit registry
5. If I schedule a scan a box usually pops up that reads "Cannot access caavguiscan.exe you may not have permission to access this file"
6. The virus seems to even run in safe mode all of the same problems still occur.
7. Erecovery does not even work

The computer is and Acer Veriton M410 desktop. Windows XP Professional.

DDS isn't working for some reason the command pops up but the logs never do...

Edited by As Beauty Dies, 10 August 2009 - 09:21 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:22 AM

Posted 10 August 2009 - 09:12 AM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:22 AM

Posted 10 August 2009 - 11:33 AM

Hello can yuo run this Sophos tool. Also from another computer can you download and transfer this on a flash drive,then run it.
ftp://downloads2.kaspersky-labs.com/devbu...Tool/index.html

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 As Beauty Dies

As Beauty Dies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 10 August 2009 - 04:56 PM

Both Downloaded but The Kaspersky Labs did install but only ran up to 1% before closing without warning. This repeats if I try to reopen it.

Sophos Anti-rootkit gets to the installation page and loads but immediately exits. Leaving it unistalled.

I can no longer access the internet in normal mode I did all of this in safe mode with networking...

When I tried this %temp%\sarscan.log it would let me do it...
Said it couldn't find that file.

I will try to repeat this is just safe mode.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:22 AM

Posted 10 August 2009 - 08:36 PM

These are 2 tools good in safe Mode. try running both. They will each probably take more than an hour.

SAS..
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

DrWeb Cure-it
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 As Beauty Dies

As Beauty Dies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 11 August 2009 - 07:21 AM

Super anti-spyware did not even finish installing before closing out without waning.
It repeats upon reopening.

Dotor web installed but a window pops up when it begins and says

xye2r

Invalid virus database or invalid path to virus dattabase. Whethe I click the "x" or "ok" the program closes.
It repeats upon reopening.

Got a scan to work here are the results

Scan Log
Version of virus signature database: 4083 (20090518)
Date: 8/11/2009 Time: 10:14:04 AM
Scanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\
Operating memory - Win32/Rootkit.Agent.ODG trojan - unable to clean
C:\WINDOWS\system32\scecli.dll - error opening [4]
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp - error opening [4]
C:\Documents and Settings\All Users\Application Data\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}38be9ac6.zip ZIP - archive damaged
C:\Documents and Settings\All Users\Application Data\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}3c2008e0.zip ZIP - archive damaged
C:\Documents and Settings\All Users\Application Data\Symantec\ErrLogs\{830D8CBD-C668-49e2-A969-C2C2106332E0}9563bde.zip ZIP - archive damaged
C:\Documents and Settings\Jacqueline Curry\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Application Data\Mozilla\Firefox\Profiles\8zbrsz2x.default\extensions\youtube2mp3@mondayx.de\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Application Data\Mozilla\Firefox\Profiles\8zbrsz2x.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Application Data\Mozilla\Firefox\Profiles\8zbrsz2x.default\extensions\{2e768a0b-9ee3-4e60-babc-9ff4bc4aacfb}\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Local Settings\Application Data\Identities\{6003B9B5-5444-4733-B54B-AC6A8AE9D302}\Microsoft\Outlook Express\CA Anti-Spam.dbx DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Local Settings\Temp\AVGDownloadManager\packages\10\AVGToolbarInstall.exe INNO file0006.bin MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Local Settings\Temp\AVGDownloadManager\packages\31\avgfree_us.mht MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Local Settings\Temp\AVGDownloadManager\packages\31\avgmwdef_us.mht MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Local Settings\Temp\AVGDownloadManager\packages\31\avgsbfree_us.mht MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Local Settings\Temp\AVGDownloadManager\packages\35\lschrome.manifest MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Jacqueline Curry\Local Settings\Temp\RarSFX0\FI.exe - error opening [4]
C:\Documents and Settings\Jacqueline Curry\Local Settings\Temporary Internet Files\Content.IE5\OSPD70WB\eav_nt32_enu[1].msi MSI - error - unknown compression method
C:\Documents and Settings\Jacqueline Curry\My Documents\Downloads\RSIT(2).exe - error opening [4]
C:\Documents and Settings\Jacqueline Curry\My Documents\Downloads\RSIT.exe - error opening [4]
C:\Documents and Settings\Luccornya Coney\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Luccornya Coney\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Luccornya Coney\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Luccornya Coney\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Luccornya Coney\Local Settings\Application Data\Identities\{6003B9B5-5444-4733-B54B-AC6A8AE9D302}\Microsoft\Outlook Express\Inbox.dbx DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Marvetta Coney\Local Settings\Application Data\Identities\{6003B9B5-5444-4733-B54B-AC6A8AE9D302}\Microsoft\Outlook Express\Deleted Items.dbx DBX - is OK (internal scanning not performed)
C:\i386\COMPDATA\MSMQCOMP.TXT MIME - is OK (internal scanning not performed)
C:\Program Files\Audacity\audacity-1.2-help.htb ZIP audacity.hhp MIME - is OK (internal scanning not performed)
C:\Program Files\AVG\AVG8\avgfree_us.mht MIME - is OK (internal scanning not performed)
C:\Program Files\AVG\AVG8\avgmwdef_us.mht MIME - is OK (internal scanning not performed)
C:\Program Files\AVG\AVG8\avgsbfree_us.mht MIME - is OK (internal scanning not performed)
C:\Program Files\AVG\AVG8\AVGToolbarInstall.exe INNO file0006.bin MIME - is OK (internal scanning not performed)
C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\AVG\AVG8\Toolbar.new\Firefox\avg@igeared\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavguiscan.exe - error opening [4]
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\Firefox\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\Firefox\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\Firefox\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\Firefox\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip ZIP lib/deploy/ffjcext.zip ZIP {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}/chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip ZIP lib/resources.jar ZIP com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip ZIP lib/resources.jar ZIP com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\core3.zip ZIP lib/resources.jar ZIP javax/xml/bind/Messages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.A1FFBB52_4F2E_44F1_8614_5D66C2EF43F0 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.03A77D79_488A_445D_B528_0E0089E3FCB3 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.D495C848_F235_46BF_A9A0_77D7C2120E3B MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.445237FC_7259_4EAD_ACEF_7ED7A95D32D7 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.79A89863_540B_470E_9C71_D57F22BFA44D MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.5ACB9F6A_C06C_4121_B854_7133C2ED29A8 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.15989D71_6BEB_424A_88DF_78A882081F91 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.1C571119_9D2B_4542_84BD_0CD3AA24E739 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.C4EB4D09_95BA_4DC2_9551_B6E637DA2230 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.C39C5B26_ED03_4B04_9CFD_166FDC7523D1 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.C05C46CB_E961_4BBA_86BE_4FE1A4426A32 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.87E45AFF_C0E7_4B6E_8E37_52EEB71BF5B7 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.E34CAC5A_4546_4E3A_BFFA_CE28E0CED140 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.14AFC4D4_5454_4AD5_B7FC_10D4FAB85CF3 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.B4924446_617C_4229_8C33_089CD780544D MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.F02247A4_BA3B_4A1D_B7EA_2CB2F17490B7 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.0F75E4D6_4C58_47F6_B626_BA408BA6F03B MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.B3E4ACDE_961E_474B_87CC_22A67A5E77CB MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.D8256176_51D5_41D4_B965_C7B0BC9E4A27 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.D073AD43_9C5B_4759_A404_ED1717BEEAD7 MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\Getting Started.mht MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Wise Installation Wizard\WISCDB98E2F7B2A42C2B718F1F6B31586DF_1_0_0_57.MSI MSI Cabs.w1.cab CAB chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Wise Installation Wizard\WISCDB98E2F7B2A42C2B718F1F6B31586DF_1_0_0_57.MSI MSI Cabs.w1.cab CAB chrome.manifest3 MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar ZIP com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar ZIP com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar ZIP javax/xml/bind/Messages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_05\lib\deploy\ffjcext.zip ZIP {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}/chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_07\lib\resources.jar ZIP com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_07\lib\resources.jar ZIP com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_07\lib\resources.jar ZIP javax/xml/bind/Messages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre1.6.0_07\lib\deploy\ffjcext.zip ZIP {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}/chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar ZIP com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar ZIP com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar ZIP javax/xml/bind/Messages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip ZIP {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}/chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\JRE\jre-windows-i586.exe CAB core.zip ZIP lib/deploy/ffjcext.zip ZIP {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}/chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\JRE\jre-windows-i586.exe CAB core.zip ZIP lib/deploy/jqs/ff/chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\JRE\jre-windows-i586.exe CAB core.zip ZIP lib/resources.jar ZIP com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\JRE\jre-windows-i586.exe CAB core.zip ZIP lib/resources.jar ZIP com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties MIME - is OK (internal scanning not performed)
C:\Program Files\JRE\jre-windows-i586.exe CAB core.zip ZIP lib/resources.jar ZIP javax/xml/bind/Messages.properties MIME - is OK (internal scanning not performed)
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe - error opening [4]
C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.mht MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\chrome.manifest MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\struct.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\compiler\visitor.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\idlelib\IdleHistory.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\idlelib\MultiStatusBar.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\idlelib\OutputWindow.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\idlelib\Percolator.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\idlelib\ReplaceDialog.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\idlelib\ScrolledList.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\idlelib\SearchDialog.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\idlelib\SearchDialogBase.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\idlelib\WidgetRedirector.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\idlelib\WindowList.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\double_const.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\relimport.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar TAR - archive damaged
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_bigaddrspace.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_bigmem.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_cgi.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_cmath.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_codecs.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_contains.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_crypt.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_dbm.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_deque.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_docxmlrpc.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_dummy_threading.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_funcattrs.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_future3.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_future4.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_linuxaudiodev.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_locale.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_long_future.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_mmap.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_multifile.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_mutants.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_nis.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_normalization.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_ossaudiodev.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_pkgutil.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_quopri.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_select.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_softspace.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_sort.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_sqlite.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_structmembers.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_sunaudiodev.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_time.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_tuple.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_undocumented_details.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_uuid.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_warnings.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_wave.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_wsgiref.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test_xdrlib.py MIME - is OK (internal scanning not performed)
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\test__locale.py MIME - is OK (internal scanning not performed)
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - error opening [4]
C:\Program Files\trend micro\Jacqueline Curry.exe - error opening [4]
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.cab CAB Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\ConTest.dll - Win32/Adware.Ascentive application - cleaned by deleting - quarantined [1]
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.A1FFBB52_4F2E_44F1_8614_5D66C2EF43F0 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.03A77D79_488A_445D_B528_0E0089E3FCB3 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.D495C848_F235_46BF_A9A0_77D7C2120E3B MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.445237FC_7259_4EAD_ACEF_7ED7A95D32D7 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.79A89863_540B_470E_9C71_D57F22BFA44D MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.5ACB9F6A_C06C_4121_B854_7133C2ED29A8 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.15989D71_6BEB_424A_88DF_78A882081F91 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.1C571119_9D2B_4542_84BD_0CD3AA24E739 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.C4EB4D09_95BA_4DC2_9551_B6E637DA2230 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.C39C5B26_ED03_4B04_9CFD_166FDC7523D1 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.C05C46CB_E961_4BBA_86BE_4FE1A4426A32 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.87E45AFF_C0E7_4B6E_8E37_52EEB71BF5B7 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.E34CAC5A_4546_4E3A_BFFA_CE28E0CED140 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.14AFC4D4_5454_4AD5_B7FC_10D4FAB85CF3 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.B4924446_617C_4229_8C33_089CD780544D MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.F02247A4_BA3B_4A1D_B7EA_2CB2F17490B7 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.0F75E4D6_4C58_47F6_B626_BA408BA6F03B MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.B3E4ACDE_961E_474B_87CC_22A67A5E77CB MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.D8256176_51D5_41D4_B965_C7B0BC9E4A27 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht.D073AD43_9C5B_4759_A404_ED1717BEEAD7 MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\LS_HSI.msi MSI Data1.cab CAB Getting_Started.mht MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\MRT.exe - error opening [4]
C:\WINDOWS\system32\scecli.dll - error opening [4]
C:\WINDOWS\system32\wispex.html - Win32/Adware.WinAntiVirus application - cleaned by deleting - quarantined [1]
C:\WINDOWS\system32\drivers\d381f98d.sys - error opening [4]
Number of scanned objects: 392033
Number of threats found: 3
Number of cleaned objects: 2
Time of completion: 11:20:16 AM Total scanning time: 3972 sec (01:06:12)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.

Edited by As Beauty Dies, 11 August 2009 - 10:42 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:22 AM

Posted 11 August 2009 - 11:25 AM

Ok, glad it ran as it went well. Now let's see if we can run these to see what may be left.

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Next..RootRepeal
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 As Beauty Dies

As Beauty Dies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 11 August 2009 - 11:41 AM

The ATF Cleaner ran and cleaned the computer.

Malwarebytes however closed while still preparing to scan.

Rootkit however ran and here's the report

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/11 12:40
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 0000140F
Image Path: 0000140F
Address: 0x81ACD000 Size: 41221 File Visible: No Signed: -
Status: -

Name: 0000140F
Image Path: 0000140F
Address: 0xA6F1F000 Size: 76544 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF742D000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAA8AE000 Size: 138496 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF73BF000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA1A000 Size: 376832 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D5000 Size: 282624 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF4FCA000 Size: 2502656 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFAD9000 Size: 2945024 File Visible: - Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBFA76000 Size: 331776 File Visible: - Signed: -
Status: -

Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBFAC7000 Size: 73728 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFDA8000 Size: 1515520 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7B5E000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xAA762000 Size: 328576 File Visible: No Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF7904000 Size: 21120 File Visible: No Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xAA8F8000 Size: 101888 File Visible: No Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A7E000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF796C000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF75CC000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF767C000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF759C000 Size: 53248 File Visible: - Signed: -
Status: -

Name: d381f98d.sys
Image Path: C:\WINDOWS\System32\drivers\d381f98d.sys
Address: 0xAA7B3000 Size: 73600 File Visible: No Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF758C000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF73D7000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7A60000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF774C000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA726000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A8A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAAB3D000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7C94000 Size: 4096 File Visible: - Signed: -
Status: -

Name: E666.tmp
Image Path: C:\WINDOWS\system32\E666.tmp
Address: 0xF7AD0000 Size: 6144 File Visible: No Signed: -
Status: -

Name: eamon.sys
Image Path: C:\WINDOWS\system32\DRIVERS\eamon.sys
Address: 0xA5D24000 Size: 770048 File Visible: - Signed: -
Status: -

Name: ehdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Address: 0xA6461000 Size: 118784 File Visible: - Signed: -
Status: -

Name: eLock2BurnerLockDriver.sys
Image Path: C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
Address: 0xF7914000 Size: 17664 File Visible: - Signed: -
Status: -

Name: eLock2FSCTLDriver.sys
Image Path: C:\WINDOWS\system32\eLock2FSCTLDriver.sys
Address: 0xA73CB000 Size: 90112 File Visible: - Signed: -
Status: -

Name: epfwtdir.sys
Image Path: C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
Address: 0xA6448000 Size: 102400 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xAA73E000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7874000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF77AC000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF739F000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A7A000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF73FD000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF4CAA000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF777C000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF78CC000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF4C16000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA675B000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF76AC000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF766C000 Size: 42112 File Visible: - Signed: -
Status: -

Name: int15.sys
Image Path: C:\WINDOWS\system32\drivers\int15.sys
Address: 0xA7392000 Size: 69632 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAA860000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAA96A000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF755C000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7884000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A5C000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA64A0000 Size: 172416 File Visible: - Signed: -
Status: -

Name: kmxagent.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kmxagent.sys
Address: 0xAAB26000 Size: 77824 File Visible: - Signed: -
Status: -

Name: KmxCF.sys
Image Path: C:\WINDOWS\System32\DRIVERS\KmxCF.sys
Address: 0xA727D000 Size: 151552 File Visible: - Signed: -
Status: -

Name: kmxcfg.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kmxcfg.sys
Address: 0xAAB0C000 Size: 106496 File Visible: - Signed: -
Status: -

Name: KmxFile.sys
Image Path: C:\WINDOWS\System32\DRIVERS\KmxFile.sys
Address: 0xF776C000 Size: 61440 File Visible: - Signed: -
Status: -

Name: kmxfw.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kmxfw.sys
Address: 0xAAAEC000 Size: 131072 File Visible: - Signed: -
Status: -

Name: KmxSbx.sys
Image Path: C:\WINDOWS\System32\DRIVERS\KmxSbx.sys
Address: 0xA82D3000 Size: 77824 File Visible: - Signed: -
Status: -

Name: kmxstart.sys
Image Path: kmxstart.sys
Address: 0xF7275000 Size: 114688 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF4F53000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7365000 Size: 92288 File Visible: - Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7B95000 Size: 2560 File Visible: No Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A80000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF787C000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF756C000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA7CDE000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAA7C5000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF78DC000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF76EC000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7A30000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7291000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF72AB000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7A14000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA82C7000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF4C7F000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF770C000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF778C000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAA8D0000 Size: 162816 File Visible: - Signed: -
Status: -

Name: netlimiter.sys
Image Path: C:\WINDOWS\system32\drivers\netlimiter.sys
Address: 0xA72C2000 Size: 11136 File Visible: - Signed: -
Status: -

Name: netlock.sys
Image Path: C:\WINDOWS\system32\drivers\netlock.sys
Address: 0xA6F32000 Size: 2134016 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF78E4000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF72D8000 Size: 574976 File Visible: - Signed: -
Status: -

Name: NTIDrvr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
Address: 0xF7A72000 Size: 6144 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7C3D000 Size: 2944 File Visible: - Signed: -
Status: -

Name: OsaFsLoc.sys
Image Path: C:\WINDOWS\system32\drivers\OsaFsLoc.sys
Address: 0xF78FC000 Size: 20096 File Visible: - Signed: -
Status: -

Name: osaio.sys
Image Path: C:\WINDOWS\system32\drivers\osaio.sys
Address: 0xF78A4000 Size: 28672 File Visible: - Signed: -
Status: -

Name: osanbm.sys
Image Path: C:\WINDOWS\system32\drivers\osanbm.sys
Address: 0xF7C6A000 Size: 3520 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF4C96000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF77E4000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF741C000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7B24000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF77DC000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCTCore.sys
Image Path: PCTCore.sys
Address: 0xF737C000 Size: 143360 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAAB61000 Size: 147456 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xF765C000 Size: 35840 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF4C6E000 Size: 69120 File Visible: - Signed: -
Status: -

Name: psdfilter.sys
Image Path: C:\WINDOWS\system32\Drivers\psdfilter.sys
Address: 0xF7844000 Size: 32768 File Visible: - Signed: -
Status: -

Name: psdvdisk.sys
Image Path: C:\WINDOWS\system32\Drivers\psdvdisk.sys
Address: 0xA6748000 Size: 77824 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7894000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF4BA0000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76BC000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF76CC000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF76DC000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF789C000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAA835000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A82000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF4C3E000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF768C000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6E07000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAAB85000 Size: 4689920 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF7A10000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF769C000 Size: 64512 File Visible: - Signed: -
Status: -

Name: SKYNETdlltowkr.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETdlltowkr.sys
Address: 0xAA97D000 Size: 151552 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA722B000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A74000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA7DC3000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tblafakj.sys
Image Path: C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\tblafakj.sys
Address: 0xA45D3000 Size: 83584 File Visible: No Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAA911000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF788C000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF76FC000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tvicport.sys
Image Path: C:\WINDOWS\system32\drivers\tvicport.sys
Address: 0xA6EBF000 Size: 11808 File Visible: - Signed: -
Status: -

Name: UBHelper.sys
Image Path: UBHelper.sys
Address: 0xF7970000 Size: 13952 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF4BB8000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF78BC000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A76000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF786C000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF773C000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF7864000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF4CD2000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF78C4000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xF4C1A000 Size: 15104 File Visible: - Signed: -
Status: -

Name: vet-filt.SYS
Image Path: C:\WINDOWS\System32\Drivers\vet-filt.SYS
Address: 0xF78B4000 Size: 20992 File Visible: - Signed: -
Status: -

Name: vet-rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\vet-rec.SYS
Address: 0xF4C2E000 Size: 15744 File Visible: - Signed: -
Status: -

Name: veteboot.SYS
Image Path: C:\WINDOWS\System32\Drivers\veteboot.SYS
Address: 0xAA9C2000 Size: 97824 File Visible: - Signed: -
Status: -

Name: vetefile.SYS
Image Path: C:\WINDOWS\System32\Drivers\vetefile.SYS
Address: 0xAAA00000 Size: 802304 File Visible: - Signed: -
Status: -

Name: vetfddnt.SYS
Image Path: C:\WINDOWS\System32\Drivers\vetfddnt.SYS
Address: 0xF4C32000 Size: 16128 File Visible: - Signed: -
Status: -

Name: vetmonnt.SYS
Image Path: C:\WINDOWS\System32\Drivers\vetmonnt.SYS
Address: 0xAA9DA000 Size: 155648 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF78D4000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF4FB6000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF757C000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF779C000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF791C000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA7C79000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7934000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF4AF0000 Size: 61440 File Visible: No Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7A5E000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: yk51x86.sys
Image Path: C:\WINDOWS\system32\DRIVERS\yk51x86.sys
Address: 0xF4F76000 Size: 259712 File Visible: - Signed: -
Status: -

Name: zntport.sys
Image Path: C:\WINDOWS\system32\drivers\zntport.sys
Address: 0xF7C65000 Size: 3552 File Visible: - Signed: -
Status: -

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:22 AM

Posted 11 August 2009 - 11:48 AM

Hi, much better,how is it running now.. Run this Online scan in IE ..
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:22 AM

Posted 11 August 2009 - 11:55 AM

Name: SKYNETdlltowkr.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETdlltowkr.sys
Address: 0xAA97D000 Size: 151552 File Visible: - Signed: -
Status: Hidden from the Windows API!


Chewy

No. Try not. Do... or do not. There is no try.

#11 As Beauty Dies

As Beauty Dies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 11 August 2009 - 12:36 PM

Much better...
I really appreciate all of your help your a godsend!!!!

When I tried to run the online scan this popped up

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program.



You must be online to update the Kaspersky Online Scanner 7.0 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7.0. [ERROR: Key is expired]

Name: SKYNETdlltowkr.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETdlltowkr.sys
Address: 0xAA97D000 Size: 151552 File Visible: - Signed: -
Status: Hidden from the Windows API!


Should I get rid of it? I don't understand... Should I have had it clean that file?

Edited by As Beauty Dies, 11 August 2009 - 12:38 PM.


#12 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:22 AM

Posted 11 August 2009 - 01:57 PM

Please download RootRepeal.zip and save it to your Desktop.
alternate download link 1
alternate download link 2
  • Unzip the file on your Desktop or create a new folder on the hard drive called RootRepeal (C:\RootRepeal) and extract it there.
    (click here if you're not sure how to do this. Vista users refer to these instructions.)
  • Disconnect from the Internet as your system will be unprotected while using this tool.
  • Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
    This will ensure more accurate results and avoid common issues that may cause false detections.
  • Click this link to see a list of such programs and how to disable them.
  • Open the RootRepeal folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
  • Click on the Files tab at the bottom of the window, then click the Scan button.
  • In the Select Drives, dialog Please select drives to scan: select your main drive(usually C), then click OK.
  • When the scan has completed, a list of files will be generated in the RootRepeal window.
  • Click on the Save Report button and save it as rootrepeal.txt to your desktop.
  • A copy of the report with the date (i.e. RootRepeal report 07-30-09 (17-35-54).txt) is also saved to the root of your system drive (usually C:\).
  • Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.
  • Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "safe mode".
Chewy

No. Try not. Do... or do not. There is no try.

#13 As Beauty Dies

As Beauty Dies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 11 August 2009 - 02:06 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/11 15:05
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 0000140F
Image Path: 0000140F
Address: 0x81ACD000 Size: 41221 File Visible: No Signed: -
Status: -

Name: 0000140F
Image Path: 0000140F
Address: 0xA6F1F000 Size: 76544 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF742D000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAA8AE000 Size: 138496 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF73BF000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA1A000 Size: 376832 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D5000 Size: 282624 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF4FCA000 Size: 2502656 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFAD9000 Size: 2945024 File Visible: - Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBFA76000 Size: 331776 File Visible: - Signed: -
Status: -

Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBFAC7000 Size: 73728 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFDA8000 Size: 1515520 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7B5E000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xAA762000 Size: 328576 File Visible: No Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF7904000 Size: 21120 File Visible: No Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xAA8F8000 Size: 101888 File Visible: No Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7A7E000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF796C000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF75CC000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF767C000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF759C000 Size: 53248 File Visible: - Signed: -
Status: -

Name: d381f98d.sys
Image Path: C:\WINDOWS\System32\drivers\d381f98d.sys
Address: 0xAA7B3000 Size: 73600 File Visible: No Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF758C000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF73D7000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7A60000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF774C000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA726000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A8A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAAB3D000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7C94000 Size: 4096 File Visible: - Signed: -
Status: -

Name: E666.tmp
Image Path: C:\WINDOWS\system32\E666.tmp
Address: 0xF7AD0000 Size: 6144 File Visible: No Signed: -
Status: -

Name: eamon.sys
Image Path: C:\WINDOWS\system32\DRIVERS\eamon.sys
Address: 0xA5D24000 Size: 770048 File Visible: - Signed: -
Status: -

Name: ehdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ehdrv.sys
Address: 0xA6461000 Size: 118784 File Visible: - Signed: -
Status: -

Name: eLock2BurnerLockDriver.sys
Image Path: C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
Address: 0xF7914000 Size: 17664 File Visible: - Signed: -
Status: -

Name: eLock2FSCTLDriver.sys
Image Path: C:\WINDOWS\system32\eLock2FSCTLDriver.sys
Address: 0xA73CB000 Size: 90112 File Visible: - Signed: -
Status: -

Name: epfwtdir.sys
Image Path: C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
Address: 0xA6448000 Size: 102400 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xAA73E000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF7874000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF77AC000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF739F000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7A7A000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF73FD000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF4CAA000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF777C000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF78CC000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF4C16000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA675B000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF76AC000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF766C000 Size: 42112 File Visible: - Signed: -
Status: -

Name: int15.sys
Image Path: C:\WINDOWS\system32\drivers\int15.sys
Address: 0xA7392000 Size: 69632 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAA860000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAA96A000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF755C000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7884000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7A5C000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA3726000 Size: 172416 File Visible: - Signed: -
Status: -

Name: kmxagent.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kmxagent.sys
Address: 0xAAB26000 Size: 77824 File Visible: - Signed: -
Status: -

Name: KmxCF.sys
Image Path: C:\WINDOWS\System32\DRIVERS\KmxCF.sys
Address: 0xA727D000 Size: 151552 File Visible: - Signed: -
Status: -

Name: kmxcfg.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kmxcfg.sys
Address: 0xAAB0C000 Size: 106496 File Visible: - Signed: -
Status: -

Name: KmxFile.sys
Image Path: C:\WINDOWS\System32\DRIVERS\KmxFile.sys
Address: 0xF776C000 Size: 61440 File Visible: - Signed: -
Status: -

Name: kmxfw.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kmxfw.sys
Address: 0xAAAEC000 Size: 131072 File Visible: - Signed: -
Status: -

Name: KmxSbx.sys
Image Path: C:\WINDOWS\System32\DRIVERS\KmxSbx.sys
Address: 0xA82D3000 Size: 77824 File Visible: - Signed: -
Status: -

Name: kmxstart.sys
Image Path: kmxstart.sys
Address: 0xF7275000 Size: 114688 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF4F53000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7365000 Size: 92288 File Visible: - Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF7B95000 Size: 2560 File Visible: No Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7A80000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF787C000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF756C000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA7CDE000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAA7C5000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF78DC000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF76EC000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7A30000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7291000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF72AB000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7A14000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA82C7000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF4C7F000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF770C000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF778C000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAA8D0000 Size: 162816 File Visible: - Signed: -
Status: -

Name: netlimiter.sys
Image Path: C:\WINDOWS\system32\drivers\netlimiter.sys
Address: 0xA72C2000 Size: 11136 File Visible: - Signed: -
Status: -

Name: netlock.sys
Image Path: C:\WINDOWS\system32\drivers\netlock.sys
Address: 0xA6F32000 Size: 2134016 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF78E4000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF72D8000 Size: 574976 File Visible: - Signed: -
Status: -

Name: NTIDrvr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
Address: 0xF7A72000 Size: 6144 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7C3D000 Size: 2944 File Visible: - Signed: -
Status: -

Name: OsaFsLoc.sys
Image Path: C:\WINDOWS\system32\drivers\OsaFsLoc.sys
Address: 0xF78FC000 Size: 20096 File Visible: - Signed: -
Status: -

Name: osaio.sys
Image Path: C:\WINDOWS\system32\drivers\osaio.sys
Address: 0xF78A4000 Size: 28672 File Visible: - Signed: -
Status: -

Name: osanbm.sys
Image Path: C:\WINDOWS\system32\drivers\osanbm.sys
Address: 0xF7C6A000 Size: 3520 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF4C96000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF77E4000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF741C000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7B24000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF77DC000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCTCore.sys
Image Path: PCTCore.sys
Address: 0xF737C000 Size: 143360 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAAB61000 Size: 147456 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xF765C000 Size: 35840 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF4C6E000 Size: 69120 File Visible: - Signed: -
Status: -

Name: psdfilter.sys
Image Path: C:\WINDOWS\system32\Drivers\psdfilter.sys
Address: 0xF7844000 Size: 32768 File Visible: - Signed: -
Status: -

Name: psdvdisk.sys
Image Path: C:\WINDOWS\system32\Drivers\psdvdisk.sys
Address: 0xA6748000 Size: 77824 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7894000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF4BA0000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76BC000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF76CC000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF76DC000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF789C000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAA835000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7A82000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF4C3E000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF768C000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA3F23000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAAB85000 Size: 4689920 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF7A10000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF769C000 Size: 64512 File Visible: - Signed: -
Status: -

Name: SKYNETdlltowkr.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETdlltowkr.sys
Address: 0xAA97D000 Size: 151552 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA722B000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7A74000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA7DC3000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tblafakj.sys
Image Path: C:\DOCUME~1\JACQUE~1\LOCALS~1\Temp\tblafakj.sys
Address: 0xA45D3000 Size: 83584 File Visible: No Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAA911000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF788C000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF76FC000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tvicport.sys
Image Path: C:\WINDOWS\system32\drivers\tvicport.sys
Address: 0xA6EBF000 Size: 11808 File Visible: - Signed: -
Status: -

Name: UBHelper.sys
Image Path: UBHelper.sys
Address: 0xF7970000 Size: 13952 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF4BB8000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF78BC000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7A76000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF786C000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF773C000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF7864000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF4CD2000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys
Address: 0xF78C4000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xF4C1A000 Size: 15104 File Visible: - Signed: -
Status: -

Name: vet-filt.SYS
Image Path: C:\WINDOWS\System32\Drivers\vet-filt.SYS
Address: 0xF78B4000 Size: 20992 File Visible: - Signed: -
Status: -

Name: vet-rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\vet-rec.SYS
Address: 0xF4C2E000 Size: 15744 File Visible: - Signed: -
Status: -

Name: veteboot.SYS
Image Path: C:\WINDOWS\System32\Drivers\veteboot.SYS
Address: 0xAA9C2000 Size: 97824 File Visible: - Signed: -
Status: -

Name: vetefile.SYS
Image Path: C:\WINDOWS\System32\Drivers\vetefile.SYS
Address: 0xAAA00000 Size: 802304 File Visible: - Signed: -
Status: -

Name: vetfddnt.SYS
Image Path: C:\WINDOWS\System32\Drivers\vetfddnt.SYS
Address: 0xF4C32000 Size: 16128 File Visible: - Signed: -
Status: -

Name: vetmonnt.SYS
Image Path: C:\WINDOWS\System32\Drivers\vetmonnt.SYS
Address: 0xAA9DA000 Size: 155648 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF78D4000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF4FB6000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF757C000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF779C000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF791C000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA7C79000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7934000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF4AF0000 Size: 61440 File Visible: No Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7A5E000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: yk51x86.sys
Image Path: C:\WINDOWS\system32\DRIVERS\yk51x86.sys
Address: 0xF4F76000 Size: 259712 File Visible: - Signed: -
Status: -

Name: zntport.sys
Image Path: C:\WINDOWS\system32\drivers\zntport.sys
Address: 0xF7C65000 Size: 3552 File Visible: - Signed: -
Status: -

#14 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:22 AM

Posted 11 August 2009 - 02:10 PM

Posted Image
Chewy

No. Try not. Do... or do not. There is no try.

#15 As Beauty Dies

As Beauty Dies
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 11 August 2009 - 02:24 PM

Sorry I'mma special person...

Okay I ran it on files and this is what happened it scanned and found the file you posted about earlier.
But three seconds after that while it was still scanning it just closed.

Now when I try to click on root repeal a window pops up that says

"Windows cannot access the specific device, path, or file. You may not have the appropriate permission to access this item."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users