Can't find this process

Icon · May 31, 2010

I did a check on processes, and this came up. I did a forum search and I got pages and pages, but nothing related to this.
BiFrOsT Dr.AdNaN 0.3 ByPaSs LiMiT.exe
It shows to be a process to create a back door, and a big threat, but a scan does not pick it up, and when doing a file search, it doesn't show.
So how do I delete it from my system?
Thanks
Also just found this, doesn't seem to be any info on it.
Hxiqaa.exe

TimW · May 31, 2010

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****

Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this aother user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.

To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:

Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.

Icon · May 31, 2010

I got to "How to view hidden, system files & folders!" but mine does not list these,
Uncheck the Hide extensions for known file types option.
Uncheck the Hide protected operating system files (recommended) option.

It only has "search hidden files and folders" and "System Folders". I presume this is all there is then? I have xp, 32 bit, service pack 3.

chaslang · May 31, 2010

Icon said: ↑

I got to "How to view hidden, system files & folders!" but mine does not list these,
Click to expand...

The below is a quote from the very beginning of the READ & RUN ME

Read These Important Notes:

Complete ALL of the below steps including the specific cleaning instructions for your Windows Version.

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.

Click to expand...

Thus, Keep going.

Icon · May 31, 2010

Going to post this as I get it done, so I don't lose anything.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/31/2010 at 08:42 PM

Application Version : 4.28.1010

Core Rules Database Version : 5012
Trace Rules Database Version: 2824

Scan type : Complete Scan
Total Scan Time : 00:21:59

Memory items scanned : 412
Memory threats detected : 0
Registry items scanned : 4359
Registry threats detected : 0
File items scanned : 14717
File threats detected : 0

Icon · May 31, 2010

Quick scan,
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4160

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/31/2010 9:06:13 PM
mbam-log-2010-05-31 (21-06-13).txt

Scan type: Quick scan
Objects scanned: 113339
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Full scan.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4160

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/31/2010 9:29:53 PM
mbam-log-2010-05-31 (21-29-53).txt

Scan type: Full scan (C:\|)
Objects scanned: 142595
Time elapsed: 22 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Icon · May 31, 2010

ComboFix would not run. AV would not let it install, shut down AV and then it kept saying file path not found.
Here is the log for MGTools. If it is not the correct one, please let me know.

*************************************************************
MGtools installation folder and files at Start of Scans
******************************************************************************
Volume in drive C has no label.
Volume Serial Number is 5C40-E0CB

Directory of C:\MGtools

05/31/2010 09:48 PM <DIR> .
05/31/2010 09:48 PM <DIR> ..
04/23/2010 01:18 AM 388,608 analyse.exe
06/07/2007 12:24 AM 6,146 chodefix.bat
12/13/2009 03:25 PM 1,954 config.reg
08/01/2007 10:13 PM 120 DisableUAC.reg
08/01/2007 10:13 PM 120 EnableUAC.reg
05/31/2010 09:48 PM 228 filelog.txt
04/18/2009 01:48 AM 320 FindOVL.bat
07/10/2008 12:50 AM 1,897 FixBagle.bat
01/26/2009 11:27 PM 3,765 fixBagle.reg
01/13/2009 11:28 PM 1,034 FixCF.bat
01/02/2009 08:44 PM 581 fixCF.reg
06/07/2007 12:14 AM 738 fixChode.reg
12/29/2008 12:29 AM 438 FixFA.bat
12/28/2008 11:47 PM 10,700 fixFA.reg
12/24/2009 01:37 PM 6,988 FixPerm.bat
10/30/2006 11:17 AM 245,760 GetDetails.exe
05/03/2010 09:30 PM 9,447 GetLogs.Bat
05/04/2010 01:08 AM 112,632 GetRunKey.bat
01/23/2009 04:00 PM 2,949 GetUnKeys.bat
04/14/2003 12:00 AM 80,412 grep.exe
05/04/2010 01:28 AM 117,351 GRK.bat
05/04/2010 01:09 AM 113,997 GRK64.bat
06/22/2009 09:48 PM 393 hide.reg
05/30/2010 05:55 PM 33,842 history.txt
03/06/2009 02:30 AM 6,606 HTAfind.bat
04/02/2004 06:44 PM 1,756 IEFIX.reg
01/13/2005 09:41 PM 11,254 locate.com
10/28/1986 11:51 AM 13,184 ltime.exe
03/04/2010 11:39 PM 220 mbrfix.bat
05/30/2010 05:54 PM 5,011 MGclean.bat
04/29/2010 05:58 PM 2,951 NwkTst.bat
06/05/2003 08:13 PM 53,248 Process.exe
08/01/2006 08:14 AM 6,656 ProcessDll.exe
04/18/2007 12:55 PM 145 Regfix.bat
07/30/2009 10:09 PM 497 RemMWS.bat
06/15/2009 09:01 PM 195 RunMB.bat
08/31/2000 08:00 AM 98,816 sed.exe
05/30/2010 12:34 AM 92,153 ShowNew.bat
05/30/2010 12:34 AM 101,322 SN64.bat
12/16/2007 05:36 PM 156,160 swreg.exe
12/16/2007 05:47 PM 66,048 swwhoami.exe
09/10/2009 11:37 PM 5,841 SysBU.bat
05/31/2010 09:48 PM <DIR> temp
08/03/2007 04:11 PM 213 unhide.reg
05/29/2010 11:38 PM 1,667 UnKeys.bat
05/03/2010 10:11 PM 3,004 UserInfo.bat
12/28/2007 02:42 PM 49,152 vfind.exe
12/28/2007 03:16 PM 861 VunFind.bat
01/13/2005 09:41 PM 126,976 zip.exe
48 File(s) 1,944,356 bytes
3 Dir(s) 112,280,436,736 bytes free
******************************************************************************

******************************************************************************
* File Versions Used: *
* GetLogs.Bat - 05/03/2010 Version 2.31 *
* 32 bit Windows OS found *
* GetUnKeys.Bat - 01/23/2009 Version 0.19 *
* 32 bit Windows OS found *
* GetRunKey.Bat - 05/03/2010 Version 2.53 *
* ShowNew.Bat - 05/30/2010 Version 2.71 *
* UserInfo.Bat - 04/29/2010 Version 1.02 *
* NwkTst.bat - 04/29/2010 Version 0.04 *
******************************************************************************

******************************************************************************
MGtools installation folder and files at End of Scans
******************************************************************************
Volume in drive C has no label.
Volume Serial Number is 5C40-E0CB

Directory of C:\MGtools

05/31/2010 09:51 PM <DIR> .
05/31/2010 09:51 PM <DIR> ..
04/23/2010 01:18 AM 388,608 analyse.exe
06/07/2007 12:24 AM 6,146 chodefix.bat
12/13/2009 03:25 PM 1,954 config.reg
08/01/2007 10:13 PM 120 DisableUAC.reg
08/01/2007 10:13 PM 120 EnableUAC.reg
05/31/2010 09:50 PM 3,004 ffdata.txt
05/31/2010 09:51 PM 4,230 filelog.txt
04/18/2009 01:48 AM 320 FindOVL.bat
07/10/2008 12:50 AM 1,897 FixBagle.bat
01/26/2009 11:27 PM 3,765 fixBagle.reg
01/13/2009 11:28 PM 1,034 FixCF.bat
01/02/2009 08:44 PM 581 fixCF.reg
06/07/2007 12:14 AM 738 fixChode.reg
12/29/2008 12:29 AM 438 FixFA.bat
12/28/2008 11:47 PM 10,700 fixFA.reg
12/24/2009 01:37 PM 6,988 FixPerm.bat
10/30/2006 11:17 AM 245,760 GetDetails.exe
05/03/2010 09:30 PM 9,447 GetLogs.Bat
05/04/2010 01:08 AM 112,632 GetRunKey.bat
05/31/2010 09:48 PM 155,775 GetUnKey.txt
01/23/2009 04:00 PM 2,949 GetUnKeys.bat
04/14/2003 12:00 AM 80,412 grep.exe
05/04/2010 01:28 AM 117,351 GRK.bat
05/04/2010 01:09 AM 113,997 GRK64.bat
06/22/2009 09:48 PM 393 hide.reg
05/31/2010 09:51 PM 6,791 hijackthis.log
05/30/2010 05:55 PM 33,842 history.txt
03/06/2009 02:30 AM 6,606 HTAfind.bat
04/02/2004 06:44 PM 1,756 IEFIX.reg
01/13/2005 09:41 PM 11,254 locate.com
10/28/1986 11:51 AM 13,184 ltime.exe
03/04/2010 11:39 PM 220 mbrfix.bat
05/30/2010 05:54 PM 5,011 MGclean.bat
05/31/2010 09:50 PM 86,324 newfiles.txt
04/29/2010 05:58 PM 2,951 NwkTst.bat
05/31/2010 09:50 PM 4,434 nwktst.txt
05/31/2010 09:51 PM 78,357 procdll.txt
06/05/2003 08:13 PM 53,248 Process.exe
08/01/2006 08:14 AM 6,656 ProcessDll.exe
04/18/2007 12:55 PM 145 Regfix.bat
07/30/2009 10:09 PM 497 RemMWS.bat
05/31/2010 09:49 PM 52,130 runkeys.txt
06/15/2009 09:01 PM 195 RunMB.bat
08/31/2000 08:00 AM 98,816 sed.exe
05/30/2010 12:34 AM 92,153 ShowNew.bat
05/30/2010 12:34 AM 101,322 SN64.bat
12/16/2007 05:36 PM 156,160 swreg.exe
12/16/2007 05:47 PM 66,048 swwhoami.exe
09/10/2009 11:37 PM 5,841 SysBU.bat
05/31/2010 09:51 PM 3,794 sysinfo.txt
05/31/2010 09:51 PM 0 sysrest.txt
05/31/2010 09:51 PM <DIR> temp
08/03/2007 04:11 PM 213 unhide.reg
05/29/2010 11:38 PM 1,667 UnKeys.bat
05/03/2010 10:11 PM 3,004 UserInfo.bat
05/31/2010 09:50 PM 5,411 UserInfo.txt
12/28/2007 02:42 PM 49,152 vfind.exe
12/28/2007 03:16 PM 861 VunFind.bat
05/31/2010 09:50 PM 320,659 winfiles.txt
01/13/2005 09:41 PM 126,976 zip.exe
59 File(s) 2,665,037 bytes
3 Dir(s) 112,277,377,024 bytes free
******************************************************************************

Icon · May 31, 2010

Forgot to post this one.
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/31 22:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xBA779000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xBACC4000 Size: 11648 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB98E9000 Size: 138496 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xBA731000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBAFB2000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xBACC0000 Size: 16384 File Visible: - Signed: -
Status: -

Name: bcmwl5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
Address: 0xBA38E000 Size: 604928 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBADDC000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBACB8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBAA28000 Size: 62976 File Visible: - Signed: -
Status: -

Name: cercsr6.sys
Image Path: cercsr6.sys
Address: 0xBAB40000 Size: 29120 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA8E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xBAD70000 Size: 13952 File Visible: - Signed: -
Status: -

Name: cmdguard.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
Address: 0xB9EFC000 Size: 126848 File Visible: - Signed: -
Status: -

Name: cmdhlp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
Address: 0xBAC68000 Size: 18304 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xBACBC000 Size: 10240 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA8D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBAAF8000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB94E6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE08000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB9F2F000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C4000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBAFC4000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA908000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xBA6F9000 Size: 129792 File Visible: - Signed: -
Status: -

Name: framebuf.dll
Image Path: C:\WINDOWS\System32\framebuf.dll
Address: 0xBFF50000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBADDA000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xBA749000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xBA343000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA938000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBAC98000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xBA13E000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB83B0000 Size: 265728 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBAA48000 Size: 52480 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBAA18000 Size: 42112 File Visible: - Signed: -
Status: -

Name: inspect.sys
Image Path: inspect.sys
Address: 0xBA62F000 Size: 79872 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB9933000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB99DA000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA8A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBABD0000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBADA8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB7DE4000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xBA36B000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xBA6D0000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBADDE000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBABE0000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBABD8000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xBA13A000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA8B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB8D49000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB97D9000 Size: 455680 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBAC50000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBAA88000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBAD7C000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBA5E8000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\NDIS.SYS
Address: 0xBA602000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBAD74000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB8FB6000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xBA318000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBAAC8000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBAB08000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB990B000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBAC58000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xBA643000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBAEEF000 Size: 2944 File Visible: - Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xBAE71000 Size: 4096 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBAB30000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pavboot.sys
Image Path: pavboot.sys
Address: 0xBAB38000 Size: 21888 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xBA768000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBAE70000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBAB28000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB9FE3000 Size: 147456 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xBAA08000 Size: 35840 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xBA307000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBABE8000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA8F8000 Size: 37376 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBA462000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBAA58000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBAA68000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBAA78000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBABF0000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB9849000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBADE0000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBAA38000 Size: 57600 File Visible: - Signed: -
Status: -

Name: RimSerial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\RimSerial.sys
Address: 0xBAC00000 Size: 27136 File Visible: - Signed: -
Status: -

Name: RootMdm.sys
Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xBADC0000 Size: 5888 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB85E9000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xBAC70000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0xBAC78000 Size: 20480 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xB98C4000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xBA719000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xBA32F000 Size: 79232 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xBA6E7000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB8969000 Size: 353792 File Visible: - Signed: -
Status: -

Name: sthda.sys
Image Path: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0xBA007000 Size: 1173312 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBADC2000 Size: 4352 File Visible: - Signed: -
Status: -

Name: swivspnt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swivspnt.sys
Address: 0xBABF8000 Size: 20352 File Visible: - Signed: -
Status: -

Name: swmsflt.sys
Image Path: C:\WINDOWS\System32\drivers\swmsflt.sys
Address: 0xBABB8000 Size: 20096 File Visible: - Signed: -
Status: -

Name: swnc8u51.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swnc8u51.sys
Address: 0xB9537000 Size: 197504 File Visible: - Signed: -
Status: -

Name: swumx51.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swumx51.sys
Address: 0xB9ED7000 Size: 148992 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB8E0E000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB9981000 Size: 361600 File Visible: - Signed: -
Status: -

Name: tcpipBM.SYS
Image Path: C:\WINDOWS\System32\Drivers\tcpipBM.SYS
Address: 0xBAC60000 Size: 18816 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xBAB48000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBAA98000 Size: 40704 File Visible: - Signed: -
Status: -

Name: Udfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Udfs.SYS
Address: 0xB94FE000 Size: 66048 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xBA2A9000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xBAC90000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBADCC000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBABC8000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBAAD8000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xBABC0000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xBA422000 Size: 147456 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBAC48000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\drivers\VIDEOPRT.SYS
Address: 0xB9A0D000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA8C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBAB18000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBAB88000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB8C1C000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Address: 0xBAD68000 Size: 8832 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBADAA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xBA446000 Size: 12032 File Visible: - Signed: -
Status: -

chaslang · May 31, 2010

Please stop posting your logs inline. All logs must be attachments. (See: HOW TO: Attach Items To Your Post ) '

Please go back and attach all of the logs. And NOTE, the log for MGtools is C:\MGlogs.zip You should not be attaching anything from the MGtools folder. You don't even need to look in this folder unless we ask you to.

Log in or Sign up

Can't find this process

Icon Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Icon Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Icon Private E-2

Icon Private E-2

Icon Private E-2

Icon Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member