Jump to content

Infected with Antivirus 2010 and no internet connection ><


Recommended Posts

Hello Malwarebytes Forum!

My laptop is infected with Antivirus 2010.

It is a Windows xp, Toshiba version.

I have been using Malwarebytes since around Jan, 2009, but it's not working right now.

Malwarebytes shuts down when I try to scan past 6 seconds.

I've been reading other threads on this forum from people with similar problems.

So I downloaded RootRepeal and the Process Explorer. As well as the updated version of Malwarebytes.

Currently, my only antivirus programs should be AVG and Malwarebytes since I got rid of Ad-aware (thinking there would be interference).

The biggest issue I'm having is that suddenly my net connection got lost. And my comp. can't pick up any wireless connections although my home modem is working fine.

I think it's due to the virus, but I'm not sure ><

I've tried locating braviax.exe (after reading about how it was a virus) and b.exe, and deleting them.

But the virus still seems to be there since I can't run Malwarebytes... and my AVG scan won't work either!

Plus, now my net connection is gone. So I can't directly work on the infected laptop.

I'm on a borrowed laptop currently, and I'm not sure what to do right now!

I've checked this thread about the Antivirus 2010: http://www.malwarebytes.org/forums/index.php?showtopic=6703

And I've checked the Pre_HJT post, but I couldn't follow the actions much without net connection.

I would really appreciate your help! Thank you.

Link to post
Share on other sites

(Sorry about the double post! Forgot to add...)

I've found UAC, braviax, and b.exe files with the RootRepeal and attempted to delete them.

The braviax and b.exe don't show up on the Process Explorer or the RootRepeal.

But I couldn't wipe or delete the UAC file.

The Antivirus 2010 pop-ups don't come up anymore. So hopefully that's a good thing.

But I don't know why Malwarebytes and AVG fail to scan, and why I can't find my previous wireless connection.

Link to post
Share on other sites

I've been following along with this thread: http://www.malwarebytes.org/forums/index.p...&hl=avenger

Since I thought that person's situation was very similar to mine.

I know SpySentinel said not to use avenger's script if I wasn't the particular person asking for help...

But I was getting desperate! At least I was happy to see sysprot and avenger running...

This is the logfile I got from avenger. I tried running Malwarebytes after, but it stopped scanning at 6 seconds again.

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: file "c:\scecli.dll" not found!

File move operation "c:\scecli.dll|C:\WINDOWS\system32\scecli.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Link to post
Share on other sites

This is a scan log for my drivers from RootRepeal:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/22 17:48

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: 1394BUS.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS

Address: 0xF77B0000 Size: 57344 File Visible: - Signed: -

Status: -

Name: ACPI.sys

Image Path: ACPI.sys

Address: 0xF7741000 Size: 187776 File Visible: - Signed: -

Status: -

Name: ACPI_HAL

Image Path: \Driver\ACPI_HAL

Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -

Status: -

Name: ACPIEC.sys

Image Path: ACPIEC.sys

Address: 0xF7BAC000 Size: 11648 File Visible: - Signed: -

Status: -

Name: AegisP.sys

Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys

Address: 0xF01DC000 Size: 15968 File Visible: - Signed: -

Status: -

Name: AGRSM.sys

Image Path: C:\WINDOWS\system32\DRIVERS\AGRSM.sys

Address: 0xF2CD6000 Size: 1122592 File Visible: - Signed: -

Status: -

Name: ar5211.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ar5211.sys

Address: 0xF7289000 Size: 468736 File Visible: - Signed: -

Status: -

Name: atapi.sys

Image Path: atapi.sys

Address: 0xF76DB000 Size: 96512 File Visible: - Signed: -

Status: -

Name: ati2cqag.dll

Image Path: C:\WINDOWS\System32\ati2cqag.dll

Address: 0xBFA0C000 Size: 212992 File Visible: - Signed: -

Status: -

Name: ati2dvag.dll

Image Path: C:\WINDOWS\System32\ati2dvag.dll

Address: 0xBF9D5000 Size: 225280 File Visible: - Signed: -

Status: -

Name: ati2mtag.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

Address: 0xF73AD000 Size: 1331200 File Visible: - Signed: -

Status: -

Name: ati3duag.dll

Image Path: C:\WINDOWS\System32\ati3duag.dll

Address: 0xBFA75000 Size: 2367488 File Visible: - Signed: -

Status: -

Name: atikvmag.dll

Image Path: C:\WINDOWS\System32\atikvmag.dll

Address: 0xBFA40000 Size: 217088 File Visible: - Signed: -

Status: -

Name: ativvaxx.dll

Image Path: C:\WINDOWS\System32\ativvaxx.dll

Address: 0xBFCB7000 Size: 643072 File Visible: - Signed: -

Status: -

Name: ATMFD.DLL

Image Path: C:\WINDOWS\System32\ATMFD.DLL

Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -

Status: -

Name: audstub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys

Address: 0xF7DF4000 Size: 3072 File Visible: - Signed: -

Status: -

Name: avgldx86.sys

Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys

Address: 0xF25DD000 Size: 328576 File Visible: - Signed: -

Status: -

Name: avgmfx86.sys

Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys

Address: 0xF7A80000 Size: 21120 File Visible: - Signed: -

Status: -

Name: BATTC.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS

Address: 0xF7BA8000 Size: 16384 File Visible: - Signed: -

Status: -

Name: BOOTVID.dll

Image Path: C:\WINDOWS\system32\BOOTVID.dll

Address: 0xF7BA0000 Size: 12288 File Visible: - Signed: -

Status: -

Name: CDAC15BA.SYS

Image Path: C:\WINDOWS\system32\drivers\CDAC15BA.SYS

Address: 0xF00CC000 Size: 8352 File Visible: - Signed: -

Status: -

Name: Cdfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Address: 0xEFDBE000 Size: 63744 File Visible: - Signed: -

Status: -

Name: cdrom.sys

Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Address: 0xF79A0000 Size: 62976 File Visible: - Signed: -

Status: -

Name: CLASSPNP.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Address: 0xF77F0000 Size: 53248 File Visible: - Signed: -

Status: -

Name: CmBatt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys

Address: 0xF7C60000 Size: 13952 File Visible: - Signed: -

Status: -

Name: compbatt.sys

Image Path: compbatt.sys

Address: 0xF7BA4000 Size: 10240 File Visible: - Signed: -

Status: -

Name: csiidecoder_kern_i386.sys

Image Path: C:\WINDOWS\system32\DRIVERS\csiidecoder_kern_i386.sys

Address: 0xF7007000 Size: 36864 File Visible: - Signed: -

Status: -

Name: disk.sys

Image Path: disk.sys

Address: 0xF77E0000 Size: 36352 File Visible: - Signed: -

Status: -

Name: DLABOIOM.SYS

Image Path: C:\WINDOWS\System32\DLA\DLABOIOM.SYS

Address: 0xF7B98000 Size: 25568 File Visible: - Signed: -

Status: -

Name: DLACDBHM.SYS

Image Path: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS

Address: 0xF7CB0000 Size: 5568 File Visible: - Signed: -

Status: -

Name: DLADResN.SYS

Image Path: C:\WINDOWS\System32\DLA\DLADResN.SYS

Address: 0xF7DF8000 Size: 2432 File Visible: - Signed: -

Status: -

Name: DLAIFS_M.SYS

Image Path: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS

Address: 0xF02FD000 Size: 86464 File Visible: - Signed: -

Status: -

Name: DLAOPIOM.SYS

Image Path: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS

Address: 0xF281F000 Size: 14624 File Visible: - Signed: -

Status: -

Name: DLAPoolM.SYS

Image Path: C:\WINDOWS\System32\DLA\DLAPoolM.SYS

Address: 0xF7D1E000 Size: 6304 File Visible: - Signed: -

Status: -

Name: DLARTL_N.SYS

Image Path: C:\WINDOWS\System32\Drivers\DLARTL_N.SYS

Address: 0xF7A60000 Size: 22624 File Visible: - Signed: -

Status: -

Name: DLAUDF_M.SYS

Image Path: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS

Address: 0xF02D0000 Size: 86944 File Visible: - Signed: -

Status: -

Name: DLAUDFAM.SYS

Image Path: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS

Address: 0xF02E6000 Size: 92640 File Visible: - Signed: -

Status: -

Name: drmk.sys

Image Path: C:\WINDOWS\system32\drivers\drmk.sys

Address: 0xF78E0000 Size: 61440 File Visible: - Signed: -

Status: -

Name: DRVMCDB.SYS

Image Path: DRVMCDB.SYS

Address: 0xF7649000 Size: 86560 File Visible: - Signed: -

Status: -

Name: DRVNDDM.SYS

Image Path: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS

Address: 0xF046B000 Size: 38304 File Visible: - Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xF259D000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7CF6000 Size: 8192 File Visible: No Signed: -

Status: -

Name: Dxapi.sys

Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys

Address: 0xF7C38000 Size: 12288 File Visible: - Signed: -

Status: -

Name: dxg.sys

Image Path: C:\WINDOWS\System32\drivers\dxg.sys

Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -

Status: -

Name: dxgthk.sys

Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys

Address: 0xF7E0E000 Size: 4096 File Visible: - Signed: -

Status: -

Name: Fastfat.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS

Address: 0xEECE5000 Size: 143744 File Visible: - Signed: -

Status: -

Name: Fips.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS

Address: 0xF6F87000 Size: 44544 File Visible: - Signed: -

Status: -

Name: fltmgr.sys

Image Path: fltmgr.sys

Address: 0xF7671000 Size: 129792 File Visible: - Signed: -

Status: -

Name: Fs_Rec.SYS

Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Address: 0xF7CD8000 Size: 7936 File Visible: - Signed: -

Status: -

Name: ftdisk.sys

Image Path: ftdisk.sys

Address: 0xF76F3000 Size: 125056 File Visible: - Signed: -

Status: -

Name: hal.dll

Image Path: C:\WINDOWS\system32\hal.dll

Address: 0x806EE000 Size: 131840 File Visible: - Signed: -

Status: -

Name: HDAudBus.sys

Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

Address: 0xF732A000 Size: 163840 File Visible: - Signed: -

Status: -

Name: HTTP.sys

Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys

Address: 0xEF564000 Size: 264832 File Visible: - Signed: -

Status: -

Name: i8042prt.sys

Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys

Address: 0xF79C0000 Size: 52480 File Visible: - Signed: -

Status: -

Name: imapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys

Address: 0xF7990000 Size: 42112 File Visible: - Signed: -

Status: -

Name: intelppm.sys

Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys

Address: 0xF7980000 Size: 36352 File Visible: - Signed: -

Status: -

Name: ipsec.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Address: 0xF280C000 Size: 75264 File Visible: - Signed: -

Status: -

Name: isapnp.sys

Image Path: isapnp.sys

Address: 0xF7790000 Size: 37248 File Visible: - Signed: -

Status: -

Name: kbdclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Address: 0xF7AC8000 Size: 24576 File Visible: - Signed: -

Status: -

Name: KDCOM.DLL

Image Path: C:\WINDOWS\system32\KDCOM.DLL

Address: 0xF7C90000 Size: 8192 File Visible: - Signed: -

Status: -

Name: KR10N.sys

Image Path: KR10N.sys

Address: 0xF76A9000 Size: 204160 File Visible: - Signed: -

Status: -

Name: ks.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys

Address: 0xF7352000 Size: 143360 File Visible: - Signed: -

Status: -

Name: KSecDD.sys

Image Path: KSecDD.sys

Address: 0xF7632000 Size: 92288 File Visible: - Signed: -

Status: -

Name: Lbd.sys

Image Path: Lbd.sys

Address: 0xF7800000 Size: 57472 File Visible: - Signed: -

Status: -

Name: LVPr2Mon.sys

Image Path: C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

Address: 0xF7B68000 Size: 18944 File Visible: - Signed: -

Status: -

Name: meiudf.sys

Image Path: C:\WINDOWS\System32\Drivers\meiudf.sys

Address: 0xF2858000 Size: 102112 File Visible: - Signed: -

Status: -

Name: mnmdd.SYS

Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Address: 0xF7CDA000 Size: 4224 File Visible: - Signed: -

Status: -

Name: Modem.SYS

Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS

Address: 0xF7B78000 Size: 30080 File Visible: - Signed: -

Status: -

Name: mouclass.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Address: 0xF7AD0000 Size: 23040 File Visible: - Signed: -

Status: -

Name: MountMgr.sys

Image Path: MountMgr.sys

Address: 0xF77C0000 Size: 42368 File Visible: - Signed: -

Status: -

Name: Msfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS

Address: 0xF7A70000 Size: 19072 File Visible: - Signed: -

Status: -

Name: mssmbios.sys

Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Address: 0xF7C88000 Size: 15488 File Visible: - Signed: -

Status: -

Name: Mup.sys

Image Path: Mup.sys

Address: 0xF754B000 Size: 105344 File Visible: - Signed: -

Status: -

Name: NBSMI.sys

Image Path: C:\WINDOWS\system32\DRIVERS\NBSMI.sys

Address: 0xF7CBE000 Size: 6144 File Visible: - Signed: -

Status: -

Name: NDIS.sys

Image Path: NDIS.sys

Address: 0xF7565000 Size: 182656 File Visible: - Signed: -

Status: -

Name: ndistapi.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Address: 0xF7C7C000 Size: 10112 File Visible: - Signed: -

Status: -

Name: ndisuio.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Address: 0xF01D8000 Size: 14592 File Visible: - Signed: -

Status: -

Name: ndiswan.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Address: 0xF7038000 Size: 91520 File Visible: - Signed: -

Status: -

Name: NDProxy.SYS

Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Address: 0xF7940000 Size: 40576 File Visible: - Signed: -

Status: -

Name: netdevio.sys

Image Path: C:\WINDOWS\system32\DRIVERS\netdevio.sys

Address: 0xF01D4000 Size: 12032 File Visible: - Signed: -

Status: -

Name: Npfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS

Address: 0xF7A78000 Size: 30848 File Visible: - Signed: -

Status: -

Name: Ntfs.sys

Image Path: Ntfs.sys

Address: 0xF7592000 Size: 574976 File Visible: - Signed: -

Status: -

Name: ntoskrnl.exe

Image Path: C:\WINDOWS\system32\ntoskrnl.exe

Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -

Status: -

Name: Null.SYS

Image Path: C:\WINDOWS\System32\Drivers\Null.SYS

Address: 0xF7D89000 Size: 2944 File Visible: - Signed: -

Status: -

Name: ohci1394.sys

Image Path: ohci1394.sys

Address: 0xF77A0000 Size: 61696 File Visible: - Signed: -

Status: -

Name: OPRGHDLR.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

Address: 0xF7D59000 Size: 4096 File Visible: - Signed: -

Status: -

Name: PartMgr.sys

Image Path: PartMgr.sys

Address: 0xF7A18000 Size: 19712 File Visible: - Signed: -

Status: -

Name: pci.sys

Image Path: pci.sys

Address: 0xF7730000 Size: 68224 File Visible: - Signed: -

Status: -

Name: pciide.sys

Image Path: pciide.sys

Address: 0xF7D58000 Size: 3328 File Visible: - Signed: -

Status: -

Name: PCIIDEX.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Address: 0xF7A10000 Size: 28672 File Visible: - Signed: -

Status: -

Name: pcmcia.sys

Image Path: pcmcia.sys

Address: 0xF7712000 Size: 120192 File Visible: - Signed: -

Status: -

Name: pfc.sys

Image Path: C:\WINDOWS\system32\drivers\pfc.sys

Address: 0xF7AC0000 Size: 21248 File Visible: - Signed: -

Status: -

Name: pjxlx.sys

Image Path: C:\WINDOWS\system32\drivers\pjxlx.sys

Address: 0xF047B000 Size: 61440 File Visible: No Signed: -

Status: -

Name: PnpManager

Image Path: \Driver\PnpManager

Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -

Status: -

Name: portcls.sys

Image Path: C:\WINDOWS\system32\drivers\portcls.sys

Address: 0xF28B3000 Size: 147456 File Visible: - Signed: -

Status: -

Name: PROCEXP113.SYS

Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

Address: 0xF7CF0000 Size: 7872 File Visible: No Signed: -

Status: -

Name: ptilink.sys

Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Address: 0xF7B50000 Size: 17792 File Visible: - Signed: -

Status: -

Name: PxHelp20.sys

Image Path: PxHelp20.sys

Address: 0xF7810000 Size: 35712 File Visible: - Signed: -

Status: -

Name: rasacd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Address: 0xF7C6C000 Size: 8832 File Visible: - Signed: -

Status: -

Name: rasl2tp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Address: 0xF78F0000 Size: 51328 File Visible: - Signed: -

Status: -

Name: raspppoe.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Address: 0xF7900000 Size: 41472 File Visible: - Signed: -

Status: -

Name: raspti.sys

Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys

Address: 0xF7B58000 Size: 16512 File Visible: - Signed: -

Status: -

Name: RAW

Image Path: \FileSystem\RAW

Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -

Status: -

Name: rdbss.sys

Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Address: 0xF269E000 Size: 175744 File Visible: - Signed: -

Status: -

Name: RDPCDD.sys

Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Address: 0xF7CDC000 Size: 4224 File Visible: - Signed: -

Status: -

Name: redbook.sys

Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys

Address: 0xF79B0000 Size: 57600 File Visible: - Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xEEEFE000 Size: 49152 File Visible: No Signed: -

Status: -

Name: RtkHDAud.sys

Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys

Address: 0xF28D7000 Size: 4190208 File Visible: - Signed: -

Status: -

Name: Rtlnicxp.sys

Image Path: C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

Address: 0xF7276000 Size: 74496 File Visible: - Signed: -

Status: -

Name: SCSIPORT.SYS

Image Path: C:\WINDOWS\system32\drivers\SCSIPORT.SYS

Address: 0xF7691000 Size: 98304 File Visible: - Signed: -

Status: -

Name: sr.sys

Image Path: sr.sys

Address: 0xF765F000 Size: 73472 File Visible: - Signed: -

Status: -

Name: swenum.sys

Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys

Address: 0xF7CBC000 Size: 4352 File Visible: - Signed: -

Status: -

Name: SynTP.sys

Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys

Address: 0xF72FC000 Size: 185728 File Visible: - Signed: -

Status: -

Name: sysaudio.sys

Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys

Address: 0xEFD6E000 Size: 60800 File Visible: - Signed: -

Status: -

Name: tbiosdrv.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys

Address: 0xF7C8C000 Size: 9472 File Visible: - Signed: -

Status: -

Name: termdd.sys

Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys

Address: 0xF7930000 Size: 40704 File Visible: - Signed: -

Status: -

Name: tsxt_kern_i386.sys

Image Path: C:\WINDOWS\system32\DRIVERS\tsxt_kern_i386.sys

Address: 0xF7B80000 Size: 32768 File Visible: - Signed: -

Status: -

Name: Tvs.sys

Image Path: C:\WINDOWS\system32\DRIVERS\Tvs.sys

Address: 0xF7017000 Size: 43264 File Visible: - Signed: -

Status: -

Name: Udfs.SYS

Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS

Address: 0xF2847000 Size: 66048 File Visible: - Signed: -

Status: -

Name: update.sys

Image Path: C:\WINDOWS\system32\DRIVERS\update.sys

Address: 0xF6F29000 Size: 384768 File Visible: - Signed: -

Status: -

Name: USBD.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Address: 0xF7CB2000 Size: 8192 File Visible: - Signed: -

Status: -

Name: usbehci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Address: 0xF7AB8000 Size: 30208 File Visible: - Signed: -

Status: -

Name: usbhub.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Address: 0xF79E0000 Size: 59520 File Visible: - Signed: -

Status: -

Name: usbohci.sys

Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys

Address: 0xF7AB0000 Size: 17152 File Visible: - Signed: -

Status: -

Name: USBPORT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Address: 0xF7375000 Size: 147456 File Visible: - Signed: -

Status: -

Name: vga.sys

Image Path: C:\WINDOWS\System32\drivers\vga.sys

Address: 0xF7A68000 Size: 20992 File Visible: - Signed: -

Status: -

Name: VIDEOPRT.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Address: 0xF7399000 Size: 81920 File Visible: - Signed: -

Status: -

Name: VolSnap.sys

Image Path: VolSnap.sys

Address: 0xF77D0000 Size: 52352 File Visible: - Signed: -

Status: -

Name: watchdog.sys

Image Path: C:\WINDOWS\System32\watchdog.sys

Address: 0xF7AE0000 Size: 20480 File Visible: - Signed: -

Status: -

Name: wdmaud.sys

Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys

Address: 0xEF932000 Size: 83072 File Visible: - Signed: -

Status: -

Name: Win32k

Image Path: \Driver\Win32k

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: win32k.sys

Image Path: C:\WINDOWS\System32\win32k.sys

Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -

Status: -

Name: win32k.sys:1

Image Path: C:\WINDOWS\win32k.sys:1

Address: 0xF7A50000 Size: 20480 File Visible: No Signed: -

Status: -

Name: win32k.sys:2

Image Path: C:\WINDOWS\win32k.sys:2

Address: 0xF2E26000 Size: 61440 File Visible: No Signed: -

Status: -

Name: WMILIB.SYS

Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS

Address: 0xF7C92000 Size: 8192 File Visible: - Signed: -

Status: -

Name: WMIxWDM

Image Path: \Driver\WMIxWDM

Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -

Status: -

Name: wowhd_kern_i386.sys

Image Path: C:\WINDOWS\system32\DRIVERS\wowhd_kern_i386.sys

Address: 0xF7B90000 Size: 28672 File Visible: - Signed: -

Status: -

Name: WudfPf.sys

Image Path: WudfPf.sys

Address: 0xF761F000 Size: 77568 File Visible: - Signed: -

Status: -

Link to post
Share on other sites

And this is one for stealth objects. A UAC file was in here, but I deleted it before:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/08/22 17:53

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Stealth Objects

-------------------

Object: Hidden Module [Name: kbiwkmqxtccxby.dll]

Process: svchost.exe (PID: 564) Address: 0x10000000 Size: 53248

Object: Hidden Module [Name: kbiwkmwvafiakn.dll]

Process: Explorer.EXE (PID: 2204) Address: 0x10000000 Size: 28672

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.