upon running GMER on my machine, i have discovered a hidden module, however upon right clicking it there is no option to remove, GMER said it has detected a rootkit(so im assuming this hidden module in red is it)
how do i remove this module? what is a module?
thanks
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-12 09:57:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PBBZ
Running: u2hm3fn5.exe; Driver: C:\DOCUME~1\Bobbie\LOCALS~1\Temp\pfddqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xBA419738]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA100B640]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xBA419878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xBA419914]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IoReuseIrp + 8B 804EF90D 7 Bytes CALL 8989CFC5
.text iaStor.sys B9E8F997 7 Bytes CALL 89898C70
.text imapi.sys!DdYzechRkpbxCvmzio B1E2D000 161 Bytes [83, 7D, FC, 00, 0F, 8C, C2, ...]
.text imapi.sys!TmNbpnm + 88 B1E2D0A2 36 Bytes [F8, 63, 76, 26, F6, 05, 14, ...]
.text imapi.sys!TmNbpnm + AD B1E2D0C7 154 Bytes [FF, FF, 89, 7D, FC, F6, 05, ...]
.text imapi.sys!TmNbpnm + 148 B1E2D162 19 Bytes [F4, FF, FF, EB, 22, 56, 51, ...]
.text imapi.sys!TmNbpnm + 15D B1E2D177 7 Bytes [EB, 10, 56, 51, E8, FC, 3A]
.text imapi.sys!TmNbpnm + 165 B1E2D17F 30 Bytes [00, EB, 07, 56, 51, E8, 7D, ...]
.text ...
.text imapi.sys!DdYzechRkpbxCvmzio + 26 B1E2D1ED 101 Bytes [41, 14, 66, 3B, 41, 08, 72, ...]
.text imapi.sys!DdYzechRkpbxCvmzio + 8C B1E2D253 3 Bytes [0E, D2, E2] {PUSH CS; SHL DL, CL}
.text imapi.sys!DdYzechRkpbxCvmzio + 90 B1E2D257 121 Bytes [56, 8D, 5F, 40, 53, FF, 15, ...]
.text imapi.sys!DdYzechRkpbxCvmzio + 10A B1E2D2D1 75 Bytes [FF, 55, 8B, EC, 8B, 55, 08, ...]
.text imapi.sys!DdYzechRkpbxCvmzio + 156 B1E2D31D 69 Bytes [72, 04, C6, 46, 07, 0A, 80, ...]
.text ...
? C:\WINDOWS\system32\DRIVERS\imapi.sys suspicious PE modification
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10172] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
Device \Driver\00001034 \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 8989B7C0
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) B7F29000-B7F34000 (45056 bytes)
---- Threads - GMER 1.0.15 ----
Thread System [4:200] 8989CFD5
Thread System [4:204] B7F2E465
Thread System [4:208] B7F2E465
Thread System [4:212] 8989CFD5
Thread System [4:216] 8989CFD5
---- EOF - GMER 1.0.15 ----
how do i remove this module? what is a module?
thanks
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-12 09:57:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PBBZ
Running: u2hm3fn5.exe; Driver: C:\DOCUME~1\Bobbie\LOCALS~1\Temp\pfddqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xBA419738]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA100B640]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xBA419878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xBA419914]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IoReuseIrp + 8B 804EF90D 7 Bytes CALL 8989CFC5
.text iaStor.sys B9E8F997 7 Bytes CALL 89898C70
.text imapi.sys!DdYzechRkpbxCvmzio B1E2D000 161 Bytes [83, 7D, FC, 00, 0F, 8C, C2, ...]
.text imapi.sys!TmNbpnm + 88 B1E2D0A2 36 Bytes [F8, 63, 76, 26, F6, 05, 14, ...]
.text imapi.sys!TmNbpnm + AD B1E2D0C7 154 Bytes [FF, FF, 89, 7D, FC, F6, 05, ...]
.text imapi.sys!TmNbpnm + 148 B1E2D162 19 Bytes [F4, FF, FF, EB, 22, 56, 51, ...]
.text imapi.sys!TmNbpnm + 15D B1E2D177 7 Bytes [EB, 10, 56, 51, E8, FC, 3A]
.text imapi.sys!TmNbpnm + 165 B1E2D17F 30 Bytes [00, EB, 07, 56, 51, E8, 7D, ...]
.text ...
.text imapi.sys!DdYzechRkpbxCvmzio + 26 B1E2D1ED 101 Bytes [41, 14, 66, 3B, 41, 08, 72, ...]
.text imapi.sys!DdYzechRkpbxCvmzio + 8C B1E2D253 3 Bytes [0E, D2, E2] {PUSH CS; SHL DL, CL}
.text imapi.sys!DdYzechRkpbxCvmzio + 90 B1E2D257 121 Bytes [56, 8D, 5F, 40, 53, FF, 15, ...]
.text imapi.sys!DdYzechRkpbxCvmzio + 10A B1E2D2D1 75 Bytes [FF, 55, 8B, EC, 8B, 55, 08, ...]
.text imapi.sys!DdYzechRkpbxCvmzio + 156 B1E2D31D 69 Bytes [72, 04, C6, 46, 07, 0A, 80, ...]
.text ...
? C:\WINDOWS\system32\DRIVERS\imapi.sys suspicious PE modification
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[10172] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
Device \Driver\00001034 \GLOBAL??\ACPI#PNP0303#2&da1a3ff&0 8989B7C0
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) B7F29000-B7F34000 (45056 bytes)
---- Threads - GMER 1.0.15 ----
Thread System [4:200] 8989CFD5
Thread System [4:204] B7F2E465
Thread System [4:208] B7F2E465
Thread System [4:212] 8989CFD5
Thread System [4:216] 8989CFD5
---- EOF - GMER 1.0.15 ----