Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

At the recommendation of Blade Zephon / Root Kid / PC_Antispyware Help?!?


  • Please log in to reply
1 reply to this topic

#1 Wesley Hawkins

Wesley Hawkins

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 29 August 2009 - 02:25 AM

My original post is here: http://www.bleepingcomputer.com/forums/ind...Antispyware2010


I am unable to run full scans with Root Repeal Or DDS I do however have this:



Root Repeal Drivers Log:

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/08/29 01:28
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA128000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9F79000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA809E000 Size: 138496 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xBA178000 Size: 60800 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9F31000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA7D3000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xA7F12000 Size: 328576 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xBA388000 Size: 21120 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xA8136000 Size: 101888 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB9333000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xB92D3000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: ctac32k.sys
Image Path: C:\WINDOWS\System32\drivers\ctac32k.sys
Address: 0xA86A3000 Size: 129824 File Visible: - Signed: -
Status: -

Name: ctaud2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctaud2k.sys
Address: 0xB8A26000 Size: 458336 File Visible: - Signed: -
Status: -

Name: ctgame.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ctgame.sys
Address: 0xBA598000 Size: 12160 File Visible: - Signed: -
Status: -

Name: ctoss2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctoss2k.sys
Address: 0xB89D7000 Size: 176064 File Visible: - Signed: -
Status: -

Name: ctprxy2k.sys
Image Path: C:\WINDOWS\System32\drivers\ctprxy2k.sys
Address: 0xBA5CC000 Size: 5632 File Visible: - Signed: -
Status: -

Name: ctsfm2k.sys
Image Path: C:\WINDOWS\System32\drivers\ctsfm2k.sys
Address: 0xA86C3000 Size: 124000 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA0D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: Dot4Scan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
Address: 0xA821F000 Size: 8704 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xB9303000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA7C00000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA608000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA8207000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA7BF000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e1e5132.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xB8CDF000 Size: 266240 File Visible: - Signed: -
Status: -

Name: emupia2k.sys
Image Path: C:\WINDOWS\System32\drivers\emupia2k.sys
Address: 0xA86E2000 Size: 136064 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBA460000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA198000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9E4A000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5F6000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9F49000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xB92B3000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ha10kx2k.sys
Image Path: C:\WINDOWS\System32\drivers\ha10kx2k.sys
Address: 0xA8704000 Size: 795840 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: hap16v2k.sys
Image Path: C:\WINDOWS\System32\drivers\hap16v2k.sys
Address: 0xA8682000 Size: 131200 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB8C93000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xA686F000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBA4A8000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA6AF9000 Size: 10368 File Visible: - Signed: -
Status: -

Name: hpfxbulk.sys
Image Path: C:\WINDOWS\system32\drivers\hpfxbulk.sys
Address: 0xB88F7000 Size: 9344 File Visible: - Signed: -
Status: -

Name: HPFXGEN.SYS
Image Path: C:\WINDOWS\system32\drivers\HPFXGEN.SYS
Address: 0xBA3B0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: HPZid412.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xB9343000 Size: 49920 File Visible: - Signed: -
Status: -

Name: HPZipr12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xA821B000 Size: 16224 File Visible: - Signed: -
Status: -

Name: HPZius12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xBA3A8000 Size: 21568 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xB8A96000 Size: 680704 File Visible: - Signed: -
Status: -

Name: HSF_DP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Address: 0xB8B3D000 Size: 1042432 File Visible: - Signed: -
Status: -

Name: HSFHWBS2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Address: 0xB8C5F000 Size: 212224 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA6D8D000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xBA58C000 Size: 8576 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xB9E6A000 Size: 815104 File Visible: - Signed: -
Status: -

Name: igxpdv32.DLL
Image Path: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF04E000 Size: 1720320 File Visible: - Signed: -
Status: -

Name: igxpdx32.DLL
Image Path: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF1F2000 Size: 2732032 File Visible: - Signed: -
Status: -

Name: igxpgd32.dll
Image Path: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000 Size: 172032 File Visible: - Signed: -
Status: -

Name: igxpmp32.sys
Image Path: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xB8D34000 Size: 5760096 File Visible: - Signed: -
Status: -

Name: igxprd32.dll
Image Path: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000 Size: 73728 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xB92E3000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xB9323000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA8110000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA81A8000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA490000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xA7ADC000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA68AF000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB8C3C000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9E33000 Size: 92928 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xBA0F8000 Size: 57472 File Visible: - Signed: -
Status: -

Name: lv302af.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lv302af.sys
Address: 0xBA600000 Size: 7136 File Visible: - Signed: -
Status: -

Name: LV302AV.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
Address: 0xA7E33000 Size: 913280 File Visible: - Signed: -
Status: -

Name: lvsvf2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lvsvf2.sys
Address: 0xA7C18000 Size: 2207744 File Visible: - Signed: -
Status: -

Name: lvusbsta.sys
Image Path: C:\WINDOWS\system32\drivers\lvusbsta.sys
Address: 0xBA1B8000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ManyCam.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ManyCam.sys
Address: 0xBA468000 Size: 21632 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xA7757000 Size: 9920 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5F8000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBA458000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xB9B52000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA498000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA77B8000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA7773000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA7F63000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA350000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA288000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB9D24000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9D4C000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9D66000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA5A0000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA7A34000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB89C0000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA2B8000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA168000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA80E8000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xBA1E8000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA380000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9D93000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA694000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA118000 Size: 61696 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB9F68000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PfModNT.sys
Image Path: C:\WINDOWS\system32\drivers\PfModNT.sys
Address: 0xA7693000 Size: 15776 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB8A02000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB896D000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA478000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA108000 Size: 36288 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBA594000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA258000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA268000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA278000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA480000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA7FD3000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA5FA000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xB92C3000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7489000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xA822B000 Size: 4550656 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA7609000 Size: 333952 File Visible: - Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xBA1F8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5EA000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA76BB000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA814F000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA470000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA298000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB890F000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xBA1C8000 Size: 60032 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xBA390000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5F0000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA450000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA2D8000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB8CBB000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xA7B98000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA448000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA4B0000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8D20000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA158000 Size: 34560 File Visible: - Signed: -
Status: -

Name: wanatw4.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
Address: 0xBA488000 Size: 20512 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBA3B8000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA7144000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xBA3D8000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xA802E000 Size: 61440 File Visible: No Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xB9E20000 Size: 77568 File Visible: - Signed: -
Status: -



I also have the Win32K log Here:


Log file is located at: C:\Documents and Settings\Wes Vance\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11E.tmp\ZAP11E.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BD.tmp\ZAP1BD.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29A.tmp\ZAP29A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C5.tmp\ZAP2C5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Preferences\Preferences

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\Z6K764LG\Z6K764LG

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\{DFF16927-88E6-4EAA-A097-460B7E65289B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield\ISEngine12.0\ISEngine12.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1617023511-80581552-1153729540-1003\S-1-5-21-1617023511-80581552-1153729540-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1617023511-80581552-1153729540-1003\S-1-5-21-1617023511-80581552-1153729540-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!\Companion\Buttons\Buttons

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Adobe\Updater5\Install\Install

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\c07f5d9ef178\c07f5d9ef178

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1617023511-80581552-1153729540-1003\S-1-5-21-1617023511-80581552-1153729540-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1708537768-616249376-725345543-1003\S-1-5-21-1708537768-616249376-725345543-1003

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Works\Portfolio\Portfolio

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 06:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)



Any help would be much appreciated

Thanks


Wes.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:55 PM

Posted 30 August 2009 - 11:12 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
==========
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users