Jump to content

Recommended Posts

I hope someone can point me in the right direction. I think that there is a malware issue with

Name: MSIVXivmlkjbocpxkdlitjdxjadtabrntmcem.sys

Image Path: C:\WINDOWS\system32\drivers\MSIVXivmlkjbocpxkdlitjdxjadtabrntmcem.sys

I'm not sure but I wonder about KMXAGENT.SYS and the other KMX entries. I read that they may be malware also.

I downloaded mbam (I had to rename it to get it to run) and tried to delete the MSIVX...sys but it always returns.

Help on how to proceed would be most appreciated.

I have now got a copy of Rootrepeal and managed to product the following report.

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Time: 2009/06/22 22:20

Program Version: Version 1.3.0.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF74C7000 Size: 187776 File Visible: - Signed: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2180352 File Visible: - Signed: -

Status: -

Name: aeaudio.sys

Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys

Address: 0xF682C000 Size: 96416 File Visible: - Signed: -

Status: -

Name: afd.sys

Image Path: C:\WINDOWS\System32\drivers\afd.sys

Address: 0xEE275000 Size: 138368 File Visible: - Signed: -

Status: -

Name: ASPI32.SYS

Image Path: C:\WINDOWS\System32\Drivers\ASPI32.SYS

Address: 0xEDB4C000 Size: 15232 File Visible: - Signed: -

Status: -

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF7459000 Size: 95360 File Visible: - Signed: -

Status: -

Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -

Status: -

Name: audstub.sys

Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys

Address: 0xF7B7D000 Size: 3072 File Visible: - Signed: -

Status: -

Name: avgldx86.sys

Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys

Address: 0xEE0DC000 Size: 319232 File Visible: - Signed: -

Status: -

Name: avgmfx86.sys

Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys

Address: 0xF7906000 Size: 21120 File Visible: - Signed: -

Status: -

Name: avgtdix.sys

Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys

Address: 0xEE34B000 Size: 101888 File Visible: - Signed: -

Status: -

Name: Beep.SYS

Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS

Address: 0xF7A50000 Size: 4224 File Visible: - Signed: -

Status: -

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7926000 Size: 12288 File Visible: - Signed: -

Status: -

Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xF7716000 Size: 63744 File Visible: - Signed: -

Status: -

Name: Cdr4_xp.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS

Address: 0xF7B36000 Size: 2432 File Visible: - Signed: -

Status: -

Name: Cdralw2k.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdralw2k.SYS

Address: 0xF7B37000 Size: 2560 File Visible: - Signed: -

Status: -

Name: cdrom.sys

Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys

Address: 0xF75B6000 Size: 49536 File Visible: - Signed: -

Status: -

Name: cdudf_xp.SYS

Image Path: C:\WINDOWS\System32\Drivers\cdudf_xp.SYS

Address: 0xEE4B0000 Size: 291456 File Visible: - Signed: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS

Address: 0xF7566000 Size: 53248 File Visible: - Signed: -

Status: -

Name: ClntMgmt.sys

Image Path: C:\WINDOWS\System32\Drivers\ClntMgmt.sys

Address: 0xF7676000 Size: 40224 File Visible: - Signed: -

Status: -

Name: CVPNDRVA.sys

Image Path: C:\WINDOWS\System32\Drivers\CVPNDRVA.sys

Address: 0xED78A000 Size: 536576 File Visible: - Signed: -

Status: -

Name: disk.sys

Image Path: disk.sys

Address: 0xF7556000 Size: 36352 File Visible: - Signed: -

Status: -

Name: dmio.sys

Image Path: dmio.sys

Address: 0xF7471000 Size: 153344 File Visible: - Signed: -

Status: -

Name: dmload.sys

Image Path: dmload.sys

Address: 0xF7A1C000 Size: 5888 File Visible: - Signed: -

Status: -

Name: dne2000.sys

Image Path: C:\WINDOWS\System32\DRIVERS\dne2000.sys

Address: 0xF6810000 Size: 112928 File Visible: - Signed: -

Status: -

Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xF6AEA000 Size: 61440 File Visible: - Signed: -

Status: -

Name: drvmcdb.sys

Image Path: drvmcdb.sys

Address: 0xF73F8000 Size: 90624 File Visible: - Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xEE09C000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7A96000 Size: 8192 File Visible: No Signed: -

Status: -

Name: dvd_2K.SYS

Image Path: C:\WINDOWS\System32\Drivers\dvd_2K.SYS

Address: 0xF789E000 Size: 24064 File Visible: - Signed: -

Status: -

Name: DVDVRRdr_xp.SYS

Image Path: C:\WINDOWS\System32\Drivers\DVDVRRdr_xp.SYS

Address: 0xEE47B000 Size: 141184 File Visible: - Signed: -

Status: -

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xEE692000 Size: 12288 File Visible: - Signed: -

Status: -

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -

Status: -

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7B3E000 Size: 4096 File Visible: - Signed: -

Status: -

Name: e100b325.sys

Image Path: C:\WINDOWS\System32\DRIVERS\e100b325.sys

Address: 0xF694A000 Size: 139776 File Visible: - Signed: -

Status: -

Name: eaps2kbd.sys

Image Path: C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys

Address: 0xF786E000 Size: 23232 File Visible: - Signed: -

Status: -

Name: EAWDMFD.sys

Image Path: C:\WINDOWS\system32\drivers\EAWDMFD.sys

Address: 0xF79C2000 Size: 14048 File Visible: - Signed: -

Status: -

Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xED3A5000 Size: 143360 File Visible: - Signed: -

Status: -

Name: fdc.sys

Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys

Address: 0xF7876000 Size: 27392 File Visible: - Signed: -

Status: -

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xF7666000 Size: 34944 File Visible: - Signed: -

Status: -

Name: flpydisk.sys

Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys

Address: 0xF78A6000 Size: 20480 File Visible: - Signed: -

Status: -

Name: fltmgr.sys

Image Path: fltmgr.sys

Address: 0xF7421000 Size: 128896 File Visible: - Signed: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF7A4E000 Size: 7936 File Visible: - Signed: -

Status: -

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF7497000 Size: 125056 File Visible: - Signed: -

Status: -

Name: GEARAspiWDM.sys

Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

Address: 0xF6AFA000 Size: 40960 File Visible: - Signed: -

Status: -

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806EC000 Size: 131968 File Visible: - Signed: -

Status: -

Name: HTTP.sys

Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys

Address: 0xEC949000 Size: 262784 File Visible: - Signed: -

Status: -

Name: i8042prt.sys

Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys

Address: 0xF7776000 Size: 52736 File Visible: - Signed: -

Status: -

Name: ialmdd5.DLL

Image Path: C:\WINDOWS\System32\ialmdd5.DLL

Address: 0xBFA2E000 Size: 905216 File Visible: - Signed: -

Status: -

Name: ialmdev5.DLL

Image Path: C:\WINDOWS\System32\ialmdev5.DLL

Address: 0xBFA02000 Size: 180224 File Visible: - Signed: -

Status: -

Name: ialmdnt5.dll

Image Path: C:\WINDOWS\System32\ialmdnt5.dll

Address: 0xBF9E3000 Size: 126976 File Visible: - Signed: -

Status: -

Name: ialmnt5.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ialmnt5.sys

Address: 0xF69A4000 Size: 807872 File Visible: - Signed: -

Status: -

Name: ialmrnt5.dll

Image Path: C:\WINDOWS\System32\ialmrnt5.dll

Address: 0xBF9D5000 Size: 57344 File Visible: - Signed: -

Status: -

Name: intelide.sys

Image Path: intelide.sys

Address: 0xF7A1A000 Size: 5504 File Visible: - Signed: -

Status: -

Name: intelppm.sys

Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys

Address: 0xF6ADA000 Size: 36096 File Visible: - Signed: -

Status: -

Name: iomdisk.sys

Image Path: iomdisk.sys

Address: 0xF77AE000 Size: 28224 File Visible: - Signed: -

Status: -

Name: ipnat.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys

Address: 0xEE297000 Size: 134912 File Visible: - Signed: -

Status: -

Name: ipsec.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys

Address: 0xEE3BC000 Size: 74752 File Visible: - Signed: -

Status: -

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF7516000 Size: 35840 File Visible: - Signed: -

Status: -

Name: kbdclass.sys

Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys

Address: 0xF784E000 Size: 24576 File Visible: - Signed: -

Status: -

Name: kbstuff5.sys

Image Path: C:\WINDOWS\System32\DRIVERS\kbstuff5.sys

Address: 0xF7A44000 Size: 7264 File Visible: - Signed: -

Status: -

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7A16000 Size: 8192 File Visible: - Signed: -

Status: -

Name: kmixer.sys

Image Path: C:\WINDOWS\system32\drivers\kmixer.sys

Address: 0xEC0E5000 Size: 172416 File Visible: - Signed: -

Status: -

Name: kmxagent.sys

Image Path: C:\WINDOWS\System32\DRIVERS\kmxagent.sys

Address: 0xEE679000 Size: 86016 File Visible: - Signed: -

Status: -

Name: kmxcfg.sys

Image Path: C:\WINDOWS\System32\DRIVERS\kmxcfg.sys

Address: 0xEE642000 Size: 225280 File Visible: - Signed: -

Status: -

Name: kmxstart.sys

Image Path: kmxstart.sys

Address: 0xF72C5000 Size: 131072 File Visible: - Signed: -

Status: -

Name: ks.sys

Image Path: C:\WINDOWS\system32\drivers\ks.sys

Address: 0xF6844000 Size: 143360 File Visible: - Signed: -

Status: -

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF73E1000 Size: 92032 File Visible: - Signed: -

Status: -

Name: Lbd.sys

Image Path: Lbd.sys

Address: 0xF7576000 Size: 57472 File Visible: - Signed: -

Status: -

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xF7A52000 Size: 4224 File Visible: - Signed: -

Status: -

Name: Modem.SYS

Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS

Address: 0xF787E000 Size: 30080 File Visible: - Signed: -

Status: -

Name: mouclass.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys

Address: 0xF7866000 Size: 23040 File Visible: - Signed: -

Status: -

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF7526000 Size: 42240 File Visible: - Signed: -

Status: -

Name: MrFilter.sys

Image Path: MrFilter.sys

Address: 0xF792A000 Size: 12096 File Visible: - Signed: -

Status: -

Name: mrxdav.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys

Address: 0xED885000 Size: 179584 File Visible: - Signed: -

Status: -

Name: mrxsmb.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys

Address: 0xEE1DB000 Size: 453120 File Visible: - Signed: -

Status: -

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF78CE000 Size: 19072 File Visible: - Signed: -

Status: -

Name: msgpc.sys

Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys

Address: 0xF6A9A000 Size: 35072 File Visible: - Signed: -

Status: -

Name: MSIVXivmlkjbocpxkdlitjdxjadtabrntmcem.sys

Image Path: C:\WINDOWS\system32\drivers\MSIVXivmlkjbocpxkdlitjdxjadtabrntmcem.sys

Address: 0xEE43B000 Size: 188416 File Visible: - Signed: -

Status: Hidden from Windows API!

Name: mssmbios.sys

Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys

Address: 0xF7A0A000 Size: 15488 File Visible: - Signed: -

Status: -

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF72E5000 Size: 107904 File Visible: - Signed: -

Status: -

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF7314000 Size: 182912 File Visible: - Signed: -

Status: -

Name: ndistapi.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys

Address: 0xF79E6000 Size: 9600 File Visible: - Signed: -

Status: -

Name: ndisuio.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys

Address: 0xEDF54000 Size: 12928 File Visible: - Signed: -

Status: -

Name: ndiswan.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys

Address: 0xF67F9000 Size: 91776 File Visible: - Signed: -

Status: -

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF6A7A000 Size: 38016 File Visible: - Signed: -

Status: -

Name: netbios.sys

Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys

Address: 0xF7606000 Size: 34560 File Visible: - Signed: -

Status: -

Name: netbt.sys

Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys

Address: 0xEE323000 Size: 162816 File Visible: - Signed: -

Status: -

Name: NMSCFG.SYS

Image Path: C:\WINDOWS\system32\drivers\NMSCFG.SYS

Address: 0xECC5D000 Size: 9152 File Visible: - Signed: -

Status: -

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF78D6000 Size: 30848 File Visible: - Signed: -

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF7341000 Size: 574464 File Visible: - Signed: -

Status: -

Name: ntoskrnl.exe

Image Path: C:\WINDOWS\system32\ntoskrnl.exe

Address: 0x804D7000 Size: 2180352 File Visible: - Signed: -

Status: -

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF7C6B000 Size: 2944 File Visible: - Signed: -

Status: -

Name: ONSIO.SYS

Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS

Address: 0xED29D000 Size: 261888 File Visible: - Signed: -

Status: -

Name: parport.sys

Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys

Address: 0xF6936000 Size: 80128 File Visible: - Signed: -

Status: -

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF779E000 Size: 18688 File Visible: - Signed: -

Status: -

Name: ParVdm.SYS

Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS

Address: 0xF7A90000 Size: 6784 File Visible: - Signed: -

Status: -

Name: pci.sys

Image Path: pci.sys

Address: 0xF74B6000 Size: 68224 File Visible: - Signed: -

Status: -

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS

Address: 0xF7796000 Size: 28672 File Visible: - Signed: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2180352 File Visible: - Signed: -

Status: -

Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xF6867000 Size: 147456 File Visible: - Signed: -

Status: -

Name: ppa.sys

Image Path: ppa.sys

Address: 0xF77A6000 Size: 17792 File Visible: - Signed: -

Status: -

Name: psched.sys

Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys

Address: 0xF67E8000 Size: 69120 File Visible: - Signed: -

Status: -

Name: ptilink.sys

Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys

Address: 0xF788E000 Size: 17792 File Visible: - Signed: -

Status: -

Name: pwd_2k.SYS

Image Path: C:\WINDOWS\System32\Drivers\pwd_2k.SYS

Address: 0xF6919000 Size: 117632 File Visible: - Signed: -

Status: -

Name: PxHelp20.sys

Image Path: PxHelp20.sys

Address: 0xF7586000 Size: 36320 File Visible: - Signed: -

Status: -

Name: rasacd.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys

Address: 0xF67DC000 Size: 8832 File Visible: - Signed: -

Status: -

Name: rasl2tp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys

Address: 0xF6ACA000 Size: 51328 File Visible: - Signed: -

Status: -

Name: raspppoe.sys

Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys

Address: 0xF6ABA000 Size: 41472 File Visible: - Signed: -

Status: -

Name: raspptp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys

Address: 0xF6AAA000 Size: 48384 File Visible: - Signed: -

Status: -

Name: raspti.sys

Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys

Address: 0xF7896000 Size: 16512 File Visible: - Signed: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2180352 File Visible: - Signed: -

Status: -

Name: rdbss.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys

Address: 0xEE24A000 Size: 174592 File Visible: - Signed: -

Status: -

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF7A54000 Size: 4224 File Visible: - Signed: -

Status: -

Name: rdpdr.sys

Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys

Address: 0xF678F000 Size: 196864 File Visible: - Signed: -

Status: -

Name: RootMdm.sys

Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys

Address: 0xF7A46000 Size: 5888 File Visible: - Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xEC25B000 Size: 49152 File Visible: No Signed: -

Status: -

Name: SCSIPORT.SYS

Image Path: C:\WINDOWS\System32\drivers\SCSIPORT.SYS

Address: 0xF7441000 Size: 98304 File Visible: - Signed: -

Status: -

Name: scsiscan.sys

Image Path: C:\WINDOWS\System32\DRIVERS\scsiscan.sys

Address: 0xF7A06000 Size: 10880 File Visible: - Signed: -

Status: -

Name: sdcplh.sys

Image Path: C:\WINDOWS\System32\drivers\sdcplh.sys

Address: 0xF7636000 Size: 40576 File Visible: - Signed: -

Status: -

Name: serenum.sys

Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys

Address: 0xF79E2000 Size: 15488 File Visible: - Signed: -

Status: -

Name: serial.sys

Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys

Address: 0xF7786000 Size: 64896 File Visible: - Signed: -

Status: -

Name: SMPLSCSI.SYS

Image Path: SMPLSCSI.SYS

Address: 0xF7546000 Size: 60416 File Visible: - Signed: -

Status: -

Name: smwdm.sys

Image Path: C:\WINDOWS\system32\drivers\smwdm.sys

Address: 0xF688B000 Size: 578304 File Visible: - Signed: -

Status: -

Name: sr.sys

Image Path: sr.sys

Address: 0xF740F000 Size: 73472 File Visible: - Signed: -

Status: -

Name: srescan.sys

Image Path: srescan.sys

Address: 0xF7300000 Size: 81920 File Visible: No Signed: -

Status: -

Name: srv.sys

Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys

Address: 0xED418000 Size: 332928 File Visible: - Signed: -

Status: -

Name: swenum.sys

Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys

Address: 0xF7A48000 Size: 4352 File Visible: - Signed: -

Status: -

Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xEDC8C000 Size: 60800 File Visible: - Signed: -

Status: -

Name: tcpip.sys

Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys

Address: 0xEE364000 Size: 360320 File Visible: - Signed: -

Status: -

Name: TDI.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS

Address: 0xF7886000 Size: 20480 File Visible: - Signed: -

Status: -

Name: termdd.sys

Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys

Address: 0xF6A8A000 Size: 40704 File Visible: - Signed: -

Status: -

Name: UDFReadr.SYS

Image Path: C:\WINDOWS\System32\Drivers\UDFReadr.SYS

Address: 0xEE409000 Size: 202368 File Visible: - Signed: -

Status: -

Name: update.sys

Image Path: C:\WINDOWS\System32\DRIVERS\update.sys

Address: 0xF6736000 Size: 364160 File Visible: - Signed: -

Status: -

Name: USBD.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS

Address: 0xF7A4A000 Size: 8192 File Visible: - Signed: -

Status: -

Name: usbehci.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys

Address: 0xF785E000 Size: 26624 File Visible: - Signed: -

Status: -

Name: usbhub.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys

Address: 0xF75D6000 Size: 57600 File Visible: - Signed: -

Status: -

Name: USBPORT.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS

Address: 0xF696D000 Size: 143360 File Visible: - Signed: -

Status: -

Name: USBSTOR.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS

Address: 0xF78B6000 Size: 26496 File Visible: - Signed: -

Status: -

Name: usbuhci.sys

Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys

Address: 0xF7856000 Size: 20480 File Visible: - Signed: -

Status: -

Name: VET-FILT.SYS

Image Path: C:\WINDOWS\System32\Drivers\VET-FILT.SYS

Address: 0xF78BE000 Size: 20992 File Visible: - Signed: -

Status: -

Name: VET-REC.SYS

Image Path: C:\WINDOWS\System32\Drivers\VET-REC.SYS

Address: 0xF79AE000 Size: 15744 File Visible: - Signed: -

Status: -

Name: VETEBOOT.SYS

Image Path: C:\WINDOWS\System32\Drivers\VETEBOOT.SYS

Address: 0xEE62A000 Size: 97824 File Visible: - Signed: -

Status: -

Name: VETEFILE.SYS

Image Path: C:\WINDOWS\System32\Drivers\VETEFILE.SYS

Address: 0xEE566000 Size: 802304 File Visible: - Signed: -

Status: -

Name: VETFDDNT.SYS

Image Path: C:\WINDOWS\System32\Drivers\VETFDDNT.SYS

Address: 0xF7285000 Size: 16128 File Visible: - Signed: -

Status: -

Name: VETMONNT.SYS

Image Path: C:\WINDOWS\System32\Drivers\VETMONNT.SYS

Address: 0xEE540000 Size: 155648 File Visible: - Signed: -

Status: -

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF78C6000 Size: 20992 File Visible: - Signed: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS

Address: 0xF6990000 Size: 81920 File Visible: - Signed: -

Status: -

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF7536000 Size: 52352 File Visible: - Signed: -

Status: -

Name: vsdatant.sys

Image Path: C:\WINDOWS\System32\vsdatant.sys

Address: 0xEE2B8000 Size: 438272 File Visible: - Signed: -

Status: -

Name: wanarp.sys

Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys

Address: 0xF75F6000 Size: 34560 File Visible: - Signed: -

Status: -

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF791E000 Size: 20480 File Visible: - Signed: -

Status: -

Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0xEDB37000 Size: 82944 File Visible: - Signed: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: WMILIB.SYS

Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS

Address: 0xF7A18000 Size: 8192 File Visible: - Signed: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2180352 File Visible: - Signed: -

Status: -

Name: WudfPf.sys

Image Path: WudfPf.sys

Address: 0xF73CE000 Size: 77568 File Visible: - Signed: -

Status: -

Link to post
Share on other sites

  • Staff

Hi,

Can you try a Force delete on the MSIVXivmlkjbocpxkdlitjdxjadtabrntmcem.sys ? This one locks malwarebytes detection...

Then you should be able to scan with Malwarebytes in order to remove the leftovers.

Don't worry about the kmx files, they are OK.

Let me know if you were able to run malwarebytes afterwards to get rid of leftovers.

Link to post
Share on other sites

Thanks. I ran rootrepeal and Force deleted the MSIVX...SYS. The program reported it was done. I tried to run Mbam but it wouldn't start. I renamed it, it ran and it found (full report below) C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot. I rebooted. I had also installed Tinywatcher, so on reboot it found:

2009/06/24,09:38:30 | *** warning: File C:\WINDOWS\system32\MSIVXdrehflxakgkmlypcylkdvyweyfyeelty.dll : File was created

2009/06/24,09:38:30 | *** warning: File C:\WINDOWS\system32\MSIVXkahsxdviiubyvtnhygkbjvsyufoqowol.dll : File was created

I removed both immediately. I ran Mbam (under its own name) and it ran fine and found no problems. I haven't rebooted since. Should I do anything else? Once again thanks.

Mbam report:

Malwarebytes' Anti-Malware 1.38

Database version: 2321

Windows 5.1.2600 Service Pack 2

6/24/2009 7:40:39 AM

mbam-log-2009-06-24 (07-40-39).txt

Scan type: Full Scan (C:\|)

Objects scanned: 227062

Time elapsed: 1 hour(s), 2 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.

Link to post
Share on other sites

  • Staff

Hi,

To have an extra check...

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.