Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove malware/spyware, despite multiple antimalware programs and antivirus software


  • Please log in to reply
8 replies to this topic

#1 zephyr11

zephyr11

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 11 August 2009 - 03:33 AM

Hi,

My computer was infected by Antivirus Pro today. I downloaded Malawarebytes' Anti-Malaware, which seemingly solved the problem, but my computer still seems to be infected with malware. When I type something into the Google search box on Mozilla, I am redirected to pages such as "Shopica" or "lowpriceshopper." If I click back and search for the same term again, the appropriate website will come up after the second try.

I have downloaded numerous free malware programs, and they all seem to run for long periods and then get stuck.

1) Malaware Anti-malaware-scans and then (Not responding)-->gets stuck at C:\Windows\system32\config\Default.LOG1

2) Superantispyware-gets stuck in the scanning process at C:\Windows\system32\config\RegBack

3) Spybot search and destroy-"coolwwwsearch.bootconf, couponbar, Mediaplex, and Win32.TDSS.rtk" come up, but it says that "This action may not be performed since you are not an administrator. If you want this performed for all users, please elevate this as an administrator."

4) Advanced system care-did not detect anything!!!

5) AVG anti-virus-scans for hours and never seems to end

Please help!

I can post a hijack this log if that helps.

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:35 PM

Posted 11 August 2009 - 03:36 AM

Hello zephyr11 and :thumbsup: to BleepingComputer!

First of all we need to run a rootkit scan.
Also, please tell me if Malwarebytes Antimalware can be updated without problems.

ROOTREPEAL
-------------
We need to check for rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Edited by elise025, 11 August 2009 - 03:38 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 zephyr11

zephyr11
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 11 August 2009 - 08:55 AM

Hi Elise025,

Little problem. Does the rootrepeal take a long time to run? I had it running overnight for about 4 hours, and it was stuck at a certain point and then I saw the blue death screen which told me to restart.

Thanks. Gonna give it another try.

#4 zephyr11

zephyr11
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 11 August 2009 - 09:00 AM

Also, first thing that comes up in the file path is "C:\hiberfil.sys" with status "Locked to Windows API"

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:35 PM

Posted 11 August 2009 - 09:02 AM

Also, first thing that comes up in the file path is "C:\hiberfil.sys" with status "Locked to Windows API"

Thats normal

Re-run RootRepeal and leave the Files checkbox unchecked. This should shorten the scan time.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 zephyr11

zephyr11
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 11 August 2009 - 06:46 PM

Okay, ran rootrepair and here goes. By the way, resident shield alert has popped up and now "multiple threat detection" keeps popping up on my computer

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/11 07:10
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8E3E3000 Size: 57344 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x82608000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8200C000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8F4D6000 Size: 294912 File Visible: - Signed: -
Status: -

Name: amdk8.sys
Image Path: C:\Windows\system32\DRIVERS\amdk8.sys
Address: 0x8A312000 Size: 65536 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x82720000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x82728000 Size: 122880 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\Windows\System32\Drivers\avgldx86.sys
Address: 0x8F80B000 Size: 329088 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\Windows\System32\Drivers\avgmfx86.sys
Address: 0x8F5DD000 Size: 21120 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x82698000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8F3F3000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80620000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xA0292000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x96EA0000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xA13C7000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8E402000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x80669000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8A5A2000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80628000 Size: 266240 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x82695000 Size: 10496 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8F8BB000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8A5C3000 Size: 36864 File Visible: - Signed: -
Status: -

Name: CVPNDRVA.sys
Image Path: C:\Windows\system32\Drivers\CVPNDRVA.sys
Address: 0xA120E000 Size: 589824 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8F5C6000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8A591000 Size: 69632 File Visible: - Signed: -
Status: -

Name: dne2000.sys
Image Path: C:\Windows\system32\DRIVERS\dne2000.sys
Address: 0x8E45D000 Size: 121728 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8E59D000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_diskdump.sys
Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
Address: 0x8F8C8000 Size: 40960 File Visible: No Signed: -
Status: -

Name: dump_nvstor32.sys
Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
Address: 0x8F8D2000 Size: 118784 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8F8EF000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8ED3E000 Size: 651264 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8A56A000 Size: 159744 File Visible: - Signed: -
Status: -

Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0xA03CA000 Size: 163840 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x827E3000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x827B1000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8F3E3000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8A2EE000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Address: 0x8E41A000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x823C5000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8A1E9000 Size: 73728 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8F888000 Size: 65536 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8F200000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8F87F000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8E312000 Size: 737280 File Visible: - Signed: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8E20F000 Size: 1060864 File Visible: - Signed: -
Status: -

Name: HSXHWBS2.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWBS2.sys
Address: 0x8A3B5000 Size: 303104 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0xA020A000 Size: 438272 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8E52B000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8F898000 Size: 36864 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80607000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x807D2000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8A008000 Size: 462848 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x8F9DA000 Size: 65536 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8F908000 Size: 110592 File Visible: - Signed: -
Status: -

Name: MCSTRM.SYS
Image Path: C:\Windows\System32\Drivers\MCSTRM.SYS
Address: 0xA129E000 Size: 7360 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0xA12A0000 Size: 12672 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8E3C6000 Size: 53248 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8F8F9000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8E536000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8F8A1000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x82710000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xA02AB000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0xA02C0000 Size: 131072 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0xA02E0000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0xA02FF000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0xA0338000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8F433000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x82657000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8E47B000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8A184000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8E541000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8A55B000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8A079000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8EDF5000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x8F9EA000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8E4C0000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8E58C000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8F534000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8F490000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8A1AF000 Size: 237568 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8F43E000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8F5BC000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8A40B000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x8200C000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8F3EC000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8E606000 Size: 7568576 File Visible: - Signed: -
Status: -

Name: nvstor.sys
Image Path: C:\Windows\system32\drivers\nvstor.sys
Address: 0x82746000 Size: 53248 File Visible: - Signed: -
Status: -

Name: nvstor32.sys
Image Path: C:\Windows\system32\DRIVERS\nvstor32.sys
Address: 0x82794000 Size: 118784 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x8A5CC000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8E3D3000 Size: 61952 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8F51E000 Size: 90112 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\Windows\system32\DRIVERS\parport.sys
Address: 0x8A346000 Size: 98304 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x82686000 Size: 61440 File Visible: - Signed: -
Status: -

Name: parvdm.sys
Image Path: C:\Windows\system32\DRIVERS\parvdm.sys
Address: 0xA03C3000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x8265F000 Size: 159744 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x826FB000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x82702000 Size: 57344 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA12A4000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8200C000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8F3B6000 Size: 184320 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8060F000 Size: 69632 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x827F3000 Size: 36320 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8F471000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8E4A9000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8E4E3000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8E4F2000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8E506000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8200C000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8F580000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8F423000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8F42B000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA13E2000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x8F5E3000 Size: 77824 File Visible: - Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8F207000 Size: 1764288 File Visible: - Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0x8F57A000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0xA13DD000 Size: 20480 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0x8F555000 Size: 151552 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA1382000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\Windows\system32\DRIVERS\serenum.sys
Address: 0x8A33C000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\Windows\system32\DRIVERS\serial.sys
Address: 0x8A322000 Size: 106496 File Visible: - Signed: -
Status: -

Name: SKYNETvrcqttbo.sys
Image Path: C:\Windows\system32\drivers\SKYNETvrcqttbo.sys
Address: 0x8F44C000 Size: 151552 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8F4C2000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8A553000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x8F92B000 Size: 716800 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA0377000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0xA0350000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xA0275000 Size: 118784 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\drivers\storport.sys
Address: 0x82753000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8E600000 Size: 4992 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8A207000 Size: 946176 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA138C000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8EDEA000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8F47A000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8E51B000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x96E80000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8A309000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8A400000 Size: 45056 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8E54B000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8F868000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8F866000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8A3A6000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8E558000 Size: 212992 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x8A35E000 Size: 40960 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8A368000 Size: 253952 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\Windows\system32\DRIVERS\usbprint.sys
Address: 0x8F85C000 Size: 40960 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8F8A9000 Size: 73728 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8E5DE000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8F402000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x826A2000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x826B1000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8A51A000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8F542000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8EDDD000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80749000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x807C5000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x96C60000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x96C60000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x8264E000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8200C000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0xA13AD000 Size: 73728 File Visible: - Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0xA1398000 Size: 83328 File Visible: - Signed: -
Status: -

Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0xA13BF000 Size: 32768 File Visible: - Signed: -
Status: -

Name: yk60x86.sys
Image Path: C:\Windows\system32\DRIVERS\yk60x86.sys
Address: 0x8E424000 Size: 233472 File Visible: - Signed: -
Status: -

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:35 PM

Posted 12 August 2009 - 01:42 AM

Please re-run RootRepeal and go to the Drivers tab, press the Scan button.

After the results come up, please locate the following file C:\Windows\system32\drivers\SKYNETvrcqttbo.sys

Right-click on that file and select Wipe

Now immediately reboot your computer.

Run Malwarebytes Antimalware, update it first and run a full scan.

Post the results here.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 zephyr11

zephyr11
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 12 August 2009 - 09:20 AM

Hi, Thanks for all your help so far.

Here is the rootrepeal report:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/12 07:19
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8E3DF000 Size: 57344 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x80609000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82034000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8F2B6000 Size: 294912 File Visible: - Signed: -
Status: -

Name: amdk8.sys
Image Path: C:\Windows\system32\DRIVERS\amdk8.sys
Address: 0x8A3E9000 Size: 65536 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x80721000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x80729000 Size: 122880 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\Windows\System32\Drivers\avgldx86.sys
Address: 0x8F3A4000 Size: 329088 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\Windows\System32\Drivers\avgmfx86.sys
Address: 0x8F39E000 Size: 21120 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x80699000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8F1F2000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80419000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x9B1CC000 Size: 102400 File Visible: - Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x96F10000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xA0108000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8A1DF000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x80462000 Size: 917504 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8A39E000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80421000 Size: 266240 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x80696000 Size: 10496 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8A3BF000 Size: 36864 File Visible: - Signed: -
Status: -

Name: CVPNDRVA.sys
Image Path: C:\Windows\system32\Drivers\CVPNDRVA.sys
Address: 0x9ECEF000 Size: 589824 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8F387000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8A38D000 Size: 69632 File Visible: - Signed: -
Status: -

Name: dne2000.sys
Image Path: C:\Windows\system32\DRIVERS\dne2000.sys
Address: 0x8EC46000 Size: 121728 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8ED9E000 Size: 151552 File Visible: - Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8E400000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8EB47000 Size: 651264 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8A366000 Size: 159744 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x807E4000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x807B2000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8F1E2000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8A0F1000 Size: 110592 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Address: 0x8E200000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x82001000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8E3ED000 Size: 73728 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8EDEB000 Size: 65536 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8F1F9000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8F3F5000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8E30E000 Size: 737280 File Visible: - Signed: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8E20B000 Size: 1060864 File Visible: - Signed: -
Status: -

Name: HSXHWBS2.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWBS2.sys
Address: 0x8A195000 Size: 303104 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x9B144000 Size: 438272 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8ED2A000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8EC00000 Size: 36864 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80400000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x805CB000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x82602000 Size: 462848 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x9B0ED000 Size: 65536 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x9B01B000 Size: 110592 File Visible: - Signed: -
Status: -

Name: MCSTRM.SYS
Image Path: C:\Windows\System32\Drivers\MCSTRM.SYS
Address: 0x9ED7F000 Size: 7360 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0x9ED81000 Size: 12672 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8E3C2000 Size: 53248 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x9B00C000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8ED35000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8EBF3000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x80711000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x9B1E5000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x9EC05000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x9EC24000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x9EC5D000 Size: 98304 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8F238000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x80658000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8EC64000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8277E000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8ED42000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8A357000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x82673000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8ECB4000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x9B127000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8ECBF000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8ED8D000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8F320000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8F270000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x827A9000 Size: 237568 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8F243000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8F37D000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8A207000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x82034000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8F1EB000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8E40F000 Size: 7568576 File Visible: - Signed: -
Status: -

Name: nvstor.sys
Image Path: C:\Windows\system32\drivers\nvstor.sys
Address: 0x80747000 Size: 53248 File Visible: - Signed: -
Status: -

Name: nvstor32.sys
Image Path: C:\Windows\system32\DRIVERS\nvstor32.sys
Address: 0x80795000 Size: 118784 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x9B0FD000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8E3CF000 Size: 61952 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8F2FE000 Size: 90112 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\Windows\system32\DRIVERS\parport.sys
Address: 0x8A126000 Size: 98304 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x80687000 Size: 61440 File Visible: - Signed: -
Status: -

Name: parvdm.sys
Image Path: C:\Windows\system32\DRIVERS\parvdm.sys
Address: 0x9ECE8000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x80660000 Size: 159744 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x806FC000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x80703000 Size: 57344 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA000C000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82034000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8F1B5000 Size: 184320 File Visible: - Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80408000 Size: 69632 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x807F4000 Size: 36320 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8F251000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8EC9D000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8ECE2000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8ECF1000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8ED05000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82034000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8F341000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8F228000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8F230000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA013D000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x9B131000 Size: 77824 File Visible: - Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8F006000 Size: 1764288 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA00EA000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\Windows\system32\DRIVERS\serenum.sys
Address: 0x8A3C8000 Size: 40960 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\Windows\system32\DRIVERS\serial.sys
Address: 0x8A10C000 Size: 106496 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8F2A2000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8A34F000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x9B03E000 Size: 716800 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9EC9C000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x9EC75000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x9B1AF000 Size: 118784 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\drivers\storport.sys
Address: 0x80754000 Size: 266240 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8ED40000 Size: 4992 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8A00A000 Size: 946176 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA00F4000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8EC92000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8F25A000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8ED1A000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x96EF0000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8A3E0000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0xA0126000 Size: 45056 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8ED4C000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8EDC3000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8F31E000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8A186000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8ED59000 Size: 212992 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x8A13E000 Size: 40960 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8A148000 Size: 253952 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\Windows\system32\DRIVERS\usbprint.sys
Address: 0x8F314000 Size: 40960 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x827E3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8EDDF000 Size: 49152 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8F207000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x806A3000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x806B2000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8A316000 Size: 233472 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8F32E000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8EBE6000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80542000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x805BE000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x96CD0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x96CD0000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x8064F000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82034000 Size: 3903488 File Visible: - Signed: -
Status: -

Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0xA0100000 Size: 32768 File Visible: - Signed: -
Status: -

Name: yk60x86.sys
Image Path: C:\Windows\system32\DRIVERS\yk60x86.sys
Address: 0x8EC0D000 Size: 233472 File Visible: - Signed: -
Status: -

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:35 PM

Posted 12 August 2009 - 09:25 AM

Can you please post me the MBAM log as well? Rootrepeal looks good now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users