NAV2009: Unable to perform a scan

link_is_my_hero · June 19, 2009, 2:33am

Hi, I'm a noob so please bear with me. I too am having a problem with Norton Antivirus (2009 edition) not scanning. Yesterday, I tried to run a scan and it said 'scanning files' but everything read zero. I let it run for three hours and still got 0 files scanned. So I uninstalled Norton, tried to reinstall, and run a scan again and still at zero only this time, it said 'Initializing'.

So I Googled and found this similar problem and tried to download the Malware tool. Everytime I click on it, nothing happens. No promt box shows up for me to start a scan on my computer when I try to bring up the program.

I even tried scanning with Windows Defender (And yes, I know it's not the best protection for your computer, but I just had to try something...) and it was scanning alright until 4 hours and 22 minutes in the scan (I am pretty sure it was almost done.) it froze and I had to close down Windows Defender.

So what can I do to try to fix this computer?

<<Edit: Edited subject to better reflect the issue>>

Message Edited by TomV on 06-18-2009 08:19 PM

Stu · June 19, 2009, 3:49am

What is the exact version you are using?16..

link_is_my_hero · June 19, 2009, 4:19am

The version of Norton:

Norton AntiVirus 2009 with Antispyware

The Version of Windows Vista:

Windows Vista Home Basic

Service Pack 1

System: Dell Inspiron 530

Processor: Intel Celeron CPU 450 @ 2.20 GHz 2.19GHz

Stu · June 19, 2009, 4:22am

What have you allready tried to solve this?

Quads · June 19, 2009, 4:23am

Is Malwarebytes the program you tried to install and run??

Quads

link_is_my_hero · June 19, 2009, 2:33am

Hi, I'm a noob so please bear with me. I too am having a problem with Norton Antivirus (2009 edition) not scanning. Yesterday, I tried to run a scan and it said 'scanning files' but everything read zero. I let it run for three hours and still got 0 files scanned. So I uninstalled Norton, tried to reinstall, and run a scan again and still at zero only this time, it said 'Initializing'.

So I Googled and found this similar problem and tried to download the Malware tool. Everytime I click on it, nothing happens. No promt box shows up for me to start a scan on my computer when I try to bring up the program.

I even tried scanning with Windows Defender (And yes, I know it's not the best protection for your computer, but I just had to try something...) and it was scanning alright until 4 hours and 22 minutes in the scan (I am pretty sure it was almost done.) it froze and I had to close down Windows Defender.

So what can I do to try to fix this computer?

<<Edit: Edited subject to better reflect the issue>>

Message Edited by TomV on 06-18-2009 08:19 PM

delphinium · June 19, 2009, 6:10am

If Malwarbytes is the program that failed to install, you may be able to do it by changing the name of the file. When the download screen comes up use "Save as" and name it link.exe. Once it installs, go into the program and change the name of the .exe file that runs the program to the same name. Some malware have antimalware recognition built into them so they are protected.

You can also download Rootrepeal from here http://homepages.slingshot.co.nz/~crutches/RootRepel/

and post the log for us.

Message Edited by delphinium on 06-19-2009 06:11 PM

link_is_my_hero · June 19, 2009, 6:31pm

Ok, tried to rename Malware like you told me to, delphinium, and it gave me these errors:

Run-time error '440'

Automation Error

and

'Run-time error '0'

I ran RootRepel and scanned everything.

However, the board is giving me trouble with posting the reports since they are very long and exceed 20,000 characters. Is there a site I can use to upload my documents and have you all view them? I'm sorry for the inconvinence. :robotsad:

link_is_my_hero · June 19, 2009, 6:38pm

Quads, yes, I tried to use Malware from this link: http://www.malwarebytes.org/ All it did was give me the errors above when I tried to rename them as delphinium suggested. I’m lost, haha, trust me. I know computers as a basic user with knowing a few very simple tricks but nothing awesome if something bad like this happens. I feel like a moron, heh.

delphinium · June 19, 2009, 6:38pm

Hi Link:

You will have to split the log into two or three portions for the time being and then post the sections individually. Sorry for the inconvenience.

Quads · June 19, 2009, 7:16pm

Yes To post the Rootrepeal log you will have to split over 2 or 3 messages.

Quads

link_is_my_hero · June 19, 2009, 7:46pm

Not a problem! :robothappy: I don't mind doing that!!!

Drivers' Scan:

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time:   2009/06/19 13:29
Program Version:  Version 1.2.3.0
Windows Version:  Windows Vista SP1
==================================================

Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x8068D000 Size: 286720 File Visible: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x81C4F000 Size: 3907584 File Visible: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8C634000 Size: 294912 File Visible: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x8079F000 Size: 32768 File Visible: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x807A7000 Size: 122880 File Visible: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8AC00000 Size: 28672 File Visible: -
Status: -

Name: BHDrvx86.sys
Image Path: C:\Windows\system32\drivers\NAV\1000000.07D\BHDrvx86.sys
Address: 0x8CA92000 Size: 266240 File Visible: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80488000 Size: 32768 File Visible: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xA45CC000 Size: 102400 File Visible: -
Status: -

Name: ccHPx86.sys
Image Path: C:\Windows\system32\drivers\NAV\1000000.07D\ccHPx86.sys
Address: 0x8CA35000 Size: 380928 File Visible: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x93260000 Size: 57344 File Visible: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xACEF2000 Size: 90112 File Visible: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8BC02000 Size: 98304 File Visible: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804D1000 Size: 917504 File Visible: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x823DA000 Size: 135168 File Visible: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80490000 Size: 266240 File Visible: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8CAF6000 Size: 53248 File Visible: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x879E0000 Size: 36864 File Visible: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8CA1E000 Size: 94208 File Visible: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x879CF000 Size: 69632 File Visible: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8BDA1000 Size: 151552 File Visible: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8CB0E000 Size: 32768 File Visible: No
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8CB03000 Size: 45056 File Visible: No
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8CB16000 Size: 40960 File Visible: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8BA5B000 Size: 651264 File Visible: -
Status: -

Name: e1e6032.sys
Image Path: C:\Windows\system32\DRIVERS\e1e6032.sys
Address: 0x8BB07000 Size: 241664 File Visible: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x879A8000 Size: 159744 File Visible: -
Status: -

Name: eeCtrl.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0x8C78A000 Size: 385024 File Visible: -
Status: -

Name: EraserUtilRebootDrv.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Address: 0x8CA01000 Size: 118784 File Visible: -
Status: -

Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0xA5F7E000 Size: 163840 File Visible: -
Status: -

Name: fdc.sys
Image Path: C:\Windows\system32\DRIVERS\fdc.sys
Address: 0x8B1F0000 Size: 45056 File Visible: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x805B1000 Size: 65536 File Visible: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x807C5000 Size: 204800 File Visible: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8ADEA000 Size: 36864 File Visible: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8BF6B000 Size: 110592 File Visible: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x81C1C000 Size: 208896 File Visible: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8BB9A000 Size: 73728 File Visible: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8CADC000 Size: 65536 File Visible: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8BDCF000 Size: 28672 File Visible: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8CAD3000 Size: 36864 File Visible: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Address: 0x8B12E000 Size: 741376 File Visible: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Address: 0x8B02C000 Size: 1056768 File Visible: -
Status: -

Name: HSXHWBS2.sys
Image Path: C:\Windows\system32\DRIVERS\HSXHWBS2.sys
Address: 0x8BBAC000 Size: 311296 File Visible: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x8CB49000 Size: 438272 File Visible: -
Status: -

Name: IDSvix86.sys
Image Path: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090610.006\IDSvix86.sys
Address: 0x8C73E000 Size: 311296 File Visible: -
Status: -

Name: igdkmd32.sys
Image Path: C:\Windows\system32\DRIVERS\igdkmd32.sys
Address: 0x8B40E000 Size: 6606848 File Visible: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\DRIVERS\intelide.sys
Address: 0x80773000 Size: 28672 File Visible: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x805EC000 Size: 61440 File Visible: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8BD21000 Size: 45056 File Visible: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8CB20000 Size: 36864 File Visible: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x8040F000 Size: 32768 File Visible: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8B002000 Size: 172032 File Visible: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8225E000 Size: 462848 File Visible: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0xA458C000 Size: 65536 File Visible: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0xA4571000 Size: 110592 File Visible: -
Status: -

Name: lv302af.sys
Image Path: C:\Windows\system32\DRIVERS\lv302af.sys
Address: 0xA4494000 Size: 7168 File Visible: -
Status: -

Name: LV302V32.SYS
Image Path: C:\Windows\system32\DRIVERS\LV302V32.SYS
Address: 0xA4205000 Size: 2679424 File Visible: -
Status: -

Name: LVPr2Mon.sys
Image Path: C:\Windows\system32\Drivers\LVPr2Mon.sys
Address: 0xA8302000 Size: 18944 File Visible: -
Status: -

Name: lvrs.sys
Image Path: C:\Windows\system32\DRIVERS\lvrs.sys
Address: 0xA44A8000 Size: 761344 File Visible: -
Status: -

Name: LVUSBSta.sys
Image Path: C:\Windows\system32\drivers\LVUSBSta.sys
Address: 0x8CB40000 Size: 35072 File Visible: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x80417000 Size: 393216 File Visible: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Address: 0xA5F7A000 Size: 12672 File Visible: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8B1E3000 Size: 53248 File Visible: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0xA4562000 Size: 61440 File Visible: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8BD2C000 Size: 45056 File Visible: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8CAEE000 Size: 32768 File Visible: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x8078F000 Size: 65536 File Visible: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xA45E5000 Size: 86016 File Visible: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x8CBB4000 Size: 131072 File Visible: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x8CBD4000 Size: 126976 File Visible: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0xA5E07000 Size: 233472 File Visible: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0xA5E40000 Size: 98304 File Visible: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8BE34000 Size: 45056 File Visible: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x806DC000 Size: 32768 File Visible: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8BC1A000 Size: 188416 File Visible: -
Status: -

Name: MSIVXwojkyruspcmcndwvtrsqfrxbcqwhqffw.sys
Image Path: C:\Windows\system32\drivers\MSIVXwojkyruspcmcndwvtrsqfrxbcqwhqffw.sys
Address: 0x8BE3F000 Size: 188416 File Visible: -
Status: Hidden from Windows API!

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x805C1000 Size: 176128 File Visible: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8BD39000 Size: 40960 File Visible: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x87999000 Size: 61440 File Visible: -
Status: -

link_is_my_hero · June 19, 2009, 7:52pm

Name: NAVENG.SYS
Image Path: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.004\NAVENG.SYS
Address: 0xACED5000 Size: 82400 File Visible: -
Status: -

Name: NAVEX15.SYS
Image Path: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090619.004\NAVEX15.SYS
Address: 0xACE00000 Size: 869440 File Visible: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x822CF000 Size: 1093632 File Visible: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8BCAB000 Size: 45056 File Visible: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8BCB6000 Size: 143360 File Visible: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8BD85000 Size: 69632 File Visible: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8C6CD000 Size: 57344 File Visible: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8C67C000 Size: 204800 File Visible: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8780F000 Size: 237568 File Visible: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8BE6D000 Size: 57344 File Visible: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8C734000 Size: 40960 File Visible: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x87849000 Size: 1110016 File Visible: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x81C4F000 Size: 3907584 File Visible: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8ADF3000 Size: 28672 File Visible: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8C6AE000 Size: 90112 File Visible: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x8070B000 Size: 61440 File Visible: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x806E4000 Size: 159744 File Visible: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x80788000 Size: 28672 File Visible: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\DRIVERS\PCIIDEX.SYS
Address: 0x8077A000 Size: 57344 File Visible: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA8206000 Size: 909312 File Visible: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x81C4F000 Size: 3907584 File Visible: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8ADBD000 Size: 184320 File Visible: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80477000 Size: 69632 File Visible: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8BE7B000 Size: 36864 File Visible: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8BC94000 Size: 94208 File Visible: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8BCD9000 Size: 61440 File Visible: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8BCE8000 Size: 81920 File Visible: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8BCFC000 Size: 86016 File Visible: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x81C4F000 Size: 3907584 File Visible: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8C6F8000 Size: 245760 File Visible: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8BE24000 Size: 32768 File Visible: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8BE2C000 Size: 32768 File Visible: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\Windows\system32\drivers\rootrepeal[1].sys
Address: 0xACF08000 Size: 45056 File Visible: No
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0xA459C000 Size: 77824 File Visible: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8AC0D000 Size: 1767872 File Visible: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA82E4000 Size: 40960 File Visible: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8C620000 Size: 81920 File Visible: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x87991000 Size: 32768 File Visible: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0xA5ECB000 Size: 716800 File Visible: -
Status: -

Name: SRTSP.SYS
Image Path: C:\Windows\system32\drivers\NAV\1000000.07D\SRTSP.SYS
Address: 0xA8307000 Size: 331776 File Visible: -
Status: -

Name: SRTSPX.SYS
Image Path: C:\Windows\system32\drivers\NAV\1000000.07D\SRTSPX.SYS
Address: 0x8C6EE000 Size: 36992 File Visible: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA5E7F000 Size: 311296 File Visible: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0xA5E58000 Size: 159744 File Visible: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xA45AF000 Size: 118784 File Visible: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8BC48000 Size: 266240 File Visible: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8BD37000 Size: 4992 File Visible: -
Status: -

Name: SYMDNS.SYS
Image Path: C:\Windows\system32\drivers\NAV\1000000.07D\SYMDNS.SYS
Address: 0x8BFF5000 Size: 6272 File Visible: -
Status: -

Name: SYMEFA.SYS
Image Path: C:\Windows\system32\drivers\NAV\1000000.07D\SYMEFA.SYS
Address: 0x8220F000 Size: 323584 File Visible: -
Status: -

Name: SYMEVENT.SYS
Image Path: C:\Windows\system32\Drivers\SYMEVENT.SYS
Address: 0x8BFCB000 Size: 151552 File Visible: -
Status: -

Name: SYMFW.SYS
Image Path: C:\Windows\system32\drivers\NAV\1000000.07D\SYMFW.SYS
Address: 0x8C60B000 Size: 83200 File Visible: -
Status: -

Name: SymIMv.sys
Image Path: C:\Windows\system32\DRIVERS\SymIMv.sys
Address: 0x8C6C4000 Size: 36864 File Visible: -
Status: -

Name: SYMNDISV.SYS
Image Path: C:\Windows\system32\drivers\NAV\1000000.07D\SYMNDISV.SYS
Address: 0x8BDE2000 Size: 53248 File Visible: -
Status: -

Name: SYMREDRV.SYS
Image Path: C:\Windows\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS
Address: 0x8BFF0000 Size: 18048 File Visible: -
Status: -

Name: SYMTDI.SYS
Image Path: C:\Windows\system32\drivers\NAV\1000000.07D\SYMTDI.SYS
Address: 0x8BF9C000 Size: 191488 File Visible: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8BE84000 Size: 946176 File Visible: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA82EE000 Size: 49152 File Visible: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8BC89000 Size: 45056 File Visible: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8BF86000 Size: 90112 File Visible: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8BD11000 Size: 65536 File Visible: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x93240000 Size: 36864 File Visible: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x807F7000 Size: 36864 File Visible: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x82200000 Size: 45056 File Visible: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8BD43000 Size: 53248 File Visible: -
Status: -

Name: usbaudio.sys
Image Path: C:\Windows\system32\drivers\usbaudio.sys
Address: 0xA4496000 Size: 73088 File Visible: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8CB29000 Size: 94208 File Visible: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8CAEC000 Size: 8192 File Visible: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8BB8B000 Size: 61440 File Visible: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8BD50000 Size: 217088 File Visible: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8BB4D000 Size: 253952 File Visible: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8BB42000 Size: 45056 File Visible: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8BDD6000 Size: 49152 File Visible: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8BE03000 Size: 135168 File Visible: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x8071A000 Size: 61440 File Visible: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x80729000 Size: 303104 File Visible: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x87958000 Size: 233472 File Visible: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8C6DB000 Size: 77824 File Visible: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8BAFA000 Size: 53248 File Visible: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80604000 Size: 507904 File Visible: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x80680000 Size: 53248 File Visible: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x93020000 Size: 2105344 File Visible: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x93020000 Size: 2105344 File Visible: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x806D3000 Size: 36864 File Visible: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x81C4F000 Size: 3907584 File Visible: -
Status: -

Name: xaudio.sys
Image Path: C:\Windows\system32\DRIVERS\xaudio.sys
Address: 0xA82FA000 Size: 32768 File Visible: -
Status: -

Quads · June 19, 2009, 8:05pm

Hi

You can stop that one there, I found it.

I Need a GMER log, GMER, http://www.gmer.net/ and "Scan" then "Save" the log, Post the log section from "DEVICES" section to the end of the log.

Please do not use GMER for anything else as it could cause a crash / BSOD.

I am looking for if there is the Ramdom .dll's

Quads

link_is_my_hero · June 19, 2009, 8:14pm

Files' Scan:

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time:   2009/06/19 14:15
Program Version:  Version 1.2.3.0
Windows Version:  Windows Vista SP1
==================================================

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cbed9aa2-5656-11de-92f2-00219b2b032c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cbed9aad-5656-11de-92f2-00219b2b032c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cbed9ab8-5656-11de-92f2-00219b2b032c}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\WindowsUpdate.log
Status: Allocation size mismatch (API: 1802240, Raw: 1744896)

Path: C:\Windows\System32\MSIVXcount
Status: Invisible to the Windows API!

Path: C:\Windows\System32\MSIVXgmyithoahayunktybsjmrxutchtopeax.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\MSIVXvmxvyltxeqmdyirbpohftxtopikpvaxh.dll
Status: Invisible to the Windows API!

Path: C:\Windows\tracing\IpHlpSvc.LOG
Status: Allocation size mismatch (API: 589824, Raw: 0)

Path: C:\Windows\tracing\RASMAN.LOG
Status: Allocation size mismatch (API: 327680, Raw: 0)

Path: C:\Windows\tracing\tapi32.LOG
Status: Allocation size mismatch (API: 589824, Raw: 0)

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\System32\drivers\MSIVXwojkyruspcmcndwvtrsqfrxbcqwhqffw.sys
Status: Invisible to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_516953ad0f4d16c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6001.22208_none_4edd1abd1495a186\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.0.6001.18096_none_ada2ec92b42bf87e\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6000.16708_none_820ff368b2f34b62\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6000.20864_none_8254af83cc452d76\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6001.18096_none_8392e048b064a7f7\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalmonospacecf_31bf3856ad364e35_6.0.6001.22208_none_847fced9c9377c1d\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6000.16708_none_4c6d3f4bfe5170cb\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6000.20864_none_4cb1fb6717a352df\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalsansserifcf_31bf3856ad364e35_6.0.6001.18096_none_4df02c2bfbc2cd60\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.16720_none_7081409dee51e2d7\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6000.20883_none_59b9574207f427ca\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.18111_none_705c2553eea3ef78\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

link_is_my_hero · June 19, 2009, 8:15pm

Ahh, HAHA! Thanks! I shall scan and tell you of my results.

link_is_my_hero · June 19, 2009, 9:57pm

Quads-- Is this what you wanted a log of???

Devices' Scan:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-19 17:55:46
Windows 6.0.6001 Service Pack 1

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp    SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp    SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS
AttachedDevice \FileSystem\fastfat \Fat   fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Quads · June 19, 2009, 11:33pm

When GMER starts up it should be on the "Rootkit /Malware Tab

in doing a scan it scans all areas, when I say from devices to the end

it should look like this (the log below is not yours)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84BAE1F8

AttachedDevice \FileSystem\Ntfs \Ntfs chmoktmp.sys

Device \FileSystem\fastfat \FatCdrom 9FB8D1F8

Device \Driver\netbt \Device\NetBT_Tcpip_{FE1348BA-1F3A-4AEA-9A05-B42120FEA31F} 86F091F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbohci \Device\USBFDO-0 85ABF3C8

Device \Driver\usbehci \Device\USBFDO-1 85A441F8

Device \Driver\usbohci \Device\USBFDO-2 85ABF3C8

Device \Driver\netbt \Device\NetBT_Tcpip_{C39BB348-AF2B-4F9A-A621-741660DD29E3} 86F091F8

Device \Driver\usbehci \Device\USBFDO-3 85A441F8

Device \Driver\af2zfvpu \Device\Scsi\af2zfvpu1Port5Path0Target0Lun0 85B0F1F8

Device \Driver\af2zfvpu \Device\Scsi\af2zfvpu1 85B0F1F8

Device \FileSystem\fastfat \Fat 9FB8D1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat chmoktmp.sys

Device \FileSystem\cdfs \Cdfs 9FBE5500

---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\MSIVXedopmooyitxvmoohvyxeqwskwwtwajyb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [828] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\MSIVXcdpppsenlsylcscnqblskitpopcfyxvb.sys (*** hidden *** ) [SYSTEM] MSIVXserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXcdpppsenlsylcscnqblskitpopcfyxvb.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@group file system

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\drivers\MSIVXcdpppsenlsylcscnqblskitpopcfyxvb.sys 80384 bytes executable <-- ROOTKIT !!!

File C:\Windows\System32\MSIVXcount 4 bytes

File C:\Windows\System32\MSIVXedopmooyitxvmoohvyxeqwskwwtwajyb.dll 26624 bytes executable

File C:\Windows\System32\MSIVXqexdxmxerxnimqrsmftejymvnxurvanw.dll 52224 bytes executable

---- EOF - GMER 1.0.15 ----

See how it has Devices, Services, Registry, Files

Quads

link_is_my_hero · June 20, 2009, 12:09am

Ok, rescanning and I have it on the Rootkit/Malware Tab so I can save the proper report. Sorry about my mixup.

link_is_my_hero · June 20, 2009, 12:21am

Oddly enough after I posted, the same things showed up from your example log:

Library \\?\globalroot\systemroot\system32\MSIVXedopmooyitxvmoohvyxeqwskwwtwajyb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [828] 0x10000000

Service C:\Windows\system32\drivers\MSIVXcdpppsenlsylcscnqblskitpopcfyxvb.sys (*** hidden

*** ) [SYSTEM] MSIVXserv.sys

NAV2009: Unable to perform a scan

Announcements