Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Twext.exe trojan - am I done yet?


  • This topic is locked This topic is locked
15 replies to this topic

#1 dkaczka

dkaczka

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 31 August 2009 - 12:17 PM

Hello... this is my first post at bleepingcomputer.com. My antivirus program found trojan spyware programs this weekend, including twext.exe. After a quick web search on the name, I ran Malwarebytes Anti-Malware. It identified several items and removed them. (Log file attached).

Then I did some additional research on line to figure out what twext.exe does to figure out any next steps. I found info recommending the sequence of SDFix, Combofix, and Malwarebytes Anti-Malware. I ran SDFix, which also found and removed a few items (Log file attached). I checked on Combofix, but didn't download or run it.

Instead, I accessed the "Preparation Guide For Use Before Using Hijack This and other Malware Removal Tools" and followed all of the listed steps, including DDS and RootRepeal. One note - when I run RootRepeal a get an error message - "Invalid PE image found."

I guess I have done some things out of sequence, and hope that doesn't cause a problem. Have I corrected the problem, or should I take additional steps? Thanks in advance for your help!

The logs from DDS and RootRepeal scans are copied in below.



DDS Log:
DDS (Ver_09-07-30.01) - NTFSx86
Run by David Kaczka at 12:31:32.20 on Mon 08/31/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.161 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\David Kaczka\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://freakonomics.blogs.nytimes.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} - hxxps://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-19 201320]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-19 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-19 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-19 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-19 35240]
S2 DellBIOS;DellBIOS;\??\c:\windows\dellbios.sys --> c:\windows\DellBIOS.Sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-19 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-19 40488]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-19 695624]

=============== Created Last 30 ================

2009-08-31 10:19 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-08-31 10:15 <DIR> --d----- c:\windows\ERUNT
2009-08-31 10:06 <DIR> --d----- C:\SDFix
2009-08-13 07:03 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-09 10:02 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-08 22:16 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-08 22:14 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-08 22:14 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-08 22:14 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-08 22:14 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-08 22:14 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-08 22:14 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-08 22:14 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-08 22:14 <DIR> --d----- C:\3293ee78e5ea7f0be48a5a
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-19 09:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll
2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 07:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 04:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 04:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 04:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 08:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-27 11:57 70,984 ac------ c:\documents and settings\david kaczka\g2mdlhlpx.exe
2009-02-15 17:30 56 ---shr-- c:\windows\system32\8E16539D25.sys
2009-02-15 17:30 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-17 21:16 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101720081018\index.dat

============= FINISH: 12:33:16.39 ===============




RootRepeal report:


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/31 12:43
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF8524000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF8385000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA9898000 Size: 138496 File Visible: - Signed: -
Status: -

Name: APPDRV.SYS
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
Address: 0xF76F4000 Size: 16128 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF7B15000 Size: 60800 File Visible: - Signed: -
Status: -

Name: asyncmac.sys
Image Path: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Address: 0xA9611000 Size: 14336 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF8317000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF8A92000 Size: 3072 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF88CC000 Size: 16384 File Visible: - Signed: -
Status: -

Name: bcm4sbxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
Address: 0xF8614000 Size: 45312 File Visible: - Signed: -
Status: -

Name: bcmwl5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
Address: 0xF7888000 Size: 424320 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF89E4000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF88C4000 Size: 12288 File Visible: - Signed: -
Status: -

Name: catchme.sys
Image Path: C:\DOCUME~1\DAVIDK~1\LOCALS~1\Temp\catchme.sys
Address: 0xF87F4000 Size: 30592 File Visible: No Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF8574000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF8654000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF84F4000 Size: 53248 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF89A0000 Size: 13952 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF88C8000 Size: 10240 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF84E4000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF832F000 Size: 153344 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF86F4000 Size: 61440 File Visible: - Signed: -
Status: -

Name: drvmcdb.sys
Image Path: drvmcdb.sys
Address: 0xF82CF000 Size: 86208 File Visible: - Signed: -
Status: -

Name: drvnddm.sys
Image Path: C:\WINDOWS\system32\drivers\drvnddm.sys
Address: 0xA9828000 Size: 38304 File Visible: - Signed: -
Status: -

Name: DSproct.sys
Image Path: C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
Address: 0xF89D0000 Size: 4736 File Visible: - Signed: -
Status: -

Name: dsunidrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Address: 0xF8A78000 Size: 5376 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA96ED000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A10000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA99A8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8B64000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7B55000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF82F7000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF89E2000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF8355000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF89B0000 Size: 9984 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF78F0000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF7B45000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF874C000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF76EC000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HSX_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
Address: 0xAA4AC000 Size: 745472 File Visible: - Signed: -
Status: -

Name: HSX_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
Address: 0xAA562000 Size: 1011712 File Visible: - Signed: -
Status: -

Name: HSXHWAZL.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
Address: 0xAA659000 Size: 237568 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA91AF000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF8978000 Size: 8576 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF8634000 Size: 52480 File Visible: - Signed: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBF077000 Size: 925696 File Visible: - Signed: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBF042000 Size: 217088 File Visible: - Signed: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF020000 Size: 139264 File Visible: - Signed: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Address: 0xF792C000 Size: 1363904 File Visible: - Signed: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF012000 Size: 57344 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF8644000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF8604000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Address: 0xF7B85000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA98E2000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA9985000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF84B4000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF885C000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF89B4000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA7358000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF77B2000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF82B8000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xA8F9D000 Size: 12544 File Visible: - Signed: -
Status: -

Name: mfeavfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0xA85EE000 Size: 72576 File Visible: - Signed: -
Status: -

Name: mfebopk.sys
Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xF88B4000 Size: 28512 File Visible: - Signed: -
Status: -

Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xA972D000 Size: 194592 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF89E6000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF8884000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF8854000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xF76E4000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF84C4000 Size: 42368 File Visible: - Signed: -
Status: -

Name: Mpfp.sys
Image Path: C:\WINDOWS\System32\Drivers\Mpfp.sys
Address: 0xA9908000 Size: 147456 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA92E0000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA975D000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF88A4000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF86B4000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF81A0000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF81E4000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF81FE000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF81BC000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA95C1000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF779B000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF86D4000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7B75000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA98BA000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF8684000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF88AC000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF822B000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8B8C000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF8514000 Size: 61696 File Visible: - Signed: -
Status: -

Name: omci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\omci.sys
Address: 0xF887C000 Size: 17088 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF873C000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF8374000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF8A7C000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF8734000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAA693000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF778A000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF886C000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF8504000 Size: 45184 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF897C000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF8674000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF8694000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF86A4000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF8874000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA97CD000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF89E8000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF775A000 Size: 196224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF8664000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rimmptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
Address: 0xF884C000 Size: 28544 File Visible: - Signed: -
Status: -

Name: rimsptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
Address: 0xF8624000 Size: 51328 File Visible: - Signed: -
Status: -

Name: rixdptsk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
Address: 0xF7804000 Size: 307968 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7593000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xF7850000 Size: 79232 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF82E5000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA906D000 Size: 333952 File Visible: - Signed: -
Status: -

Name: sscdbhk5.sys
Image Path: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Address: 0xF89CA000 Size: 5568 File Visible: - Signed: -
Status: -

Name: ssrtln.sys
Image Path: C:\WINDOWS\system32\drivers\ssrtln.sys
Address: 0xF8894000 Size: 23488 File Visible: - Signed: -
Status: -

Name: sthda.sys
Image Path: C:\WINDOWS\system32\drivers\sthda.sys
Address: 0xAA6B7000 Size: 1013216 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF89CC000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xF77D5000 Size: 191936 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA88C5000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA992C000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF8864000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF86C4000 Size: 40704 File Visible: - Signed: -
Status: -

Name: tfsnboio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnboio.sys
Address: 0xF87A4000 Size: 25664 File Visible: - Signed: -
Status: -

Name: tfsncofs.sys
Image Path: C:\WINDOWS\system32\dla\tfsncofs.sys
Address: 0xA9818000 Size: 34784 File Visible: - Signed: -
Status: -

Name: tfsndrct.sys
Image Path: C:\WINDOWS\system32\dla\tfsndrct.sys
Address: 0xF8B7F000 Size: 4064 File Visible: - Signed: -
Status: -

Name: tfsndres.sys
Image Path: C:\WINDOWS\system32\dla\tfsndres.sys
Address: 0xF8B68000 Size: 2176 File Visible: - Signed: -
Status: -

Name: tfsnifs.sys
Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys
Address: 0xA9597000 Size: 86816 File Visible: - Signed: -
Status: -

Name: tfsnopio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnopio.sys
Address: 0xA9619000 Size: 15008 File Visible: - Signed: -
Status: -

Name: tfsnpool.sys
Image Path: C:\WINDOWS\system32\dla\tfsnpool.sys
Address: 0xF8A34000 Size: 6304 File Visible: - Signed: -
Status: -

Name: tfsnudf.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudf.sys
Address: 0xA9556000 Size: 98656 File Visible: - Signed: -
Status: -

Name: tfsnudfa.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudfa.sys
Address: 0xA953D000 Size: 100544 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF76FC000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF89C8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF8844000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF8714000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF7864000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF883C000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF889C000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF7918000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF84D4000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF7B25000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF878C000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA87E8000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF89B6000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF8998000 Size: 12032 File Visible: - Signed: -
Status: -

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:39 AM

Posted 15 September 2009 - 12:01 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 dkaczka

dkaczka
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 15 September 2009 - 12:55 PM

Hi,

Thanks for your note back! I have performed the recommended steps and posted the files as directed.

I will wait for further instructions before completing any additional steps.




DDS Log:
DDS (Ver_09-07-30.01) - NTFSx86
Run by David Kaczka at 13:14:30.40 on Tue 09/15/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.255 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\cidaemon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\David Kaczka\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://freakonomics.blogs.nytimes.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} - hxxps://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-19 201320]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-19 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-19 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-19 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-19 35240]
S2 DellBIOS;DellBIOS;\??\c:\windows\dellbios.sys --> c:\windows\DellBIOS.Sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-19 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-19 40488]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-19 695624]

=============== Created Last 30 ================

2009-09-04 13:25 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-09-04 11:52 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-09-04 11:52 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-09-04 11:52 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2009-09-04 11:52 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
2009-09-04 11:52 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
2009-09-04 11:52 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-09-04 11:52 28,288 a------- c:\windows\system32\dllcache\xjis.nls
2009-09-04 11:52 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-09-04 11:52 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-09-04 11:52 19,200 a------- c:\windows\system32\dllcache\wstcodec.sys
2009-09-04 11:52 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-09-04 11:51 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-09-04 11:32 8,832 a------- c:\windows\system32\dllcache\wmiacpi.sys
2009-09-04 11:32 154,624 a------- c:\windows\system32\dllcache\wlluc48.sys
2009-09-04 11:32 34,890 a------- c:\windows\system32\dllcache\wlandrv2.sys
2009-09-04 11:30 397,502 a------- c:\windows\system32\dllcache\vpctcom.sys
2009-09-04 11:30 604,253 a------- c:\windows\system32\dllcache\vmodem.sys
2009-09-04 11:30 249,402 a------- c:\windows\system32\dllcache\vinwm.sys
2009-09-04 11:30 24,576 a------- c:\windows\system32\dllcache\viairda.sys
2009-09-04 11:30 53,760 a------- c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-04 11:30 687,999 a------- c:\windows\system32\dllcache\usrwdxjs.sys
2009-09-04 11:30 765,884 a------- c:\windows\system32\dllcache\usrti.sys
2009-09-04 11:30 113,762 a------- c:\windows\system32\dllcache\usrpda.sys
2009-09-04 11:30 7,556 a------- c:\windows\system32\dllcache\usroslba.sys
2009-09-04 11:30 224,802 a------- c:\windows\system32\dllcache\usr1807a.sys
2009-09-04 11:30 794,399 a------- c:\windows\system32\dllcache\usr1806v.sys
2009-09-04 11:30 793,598 a------- c:\windows\system32\dllcache\usr1806.sys
2009-09-04 11:30 794,654 a------- c:\windows\system32\dllcache\usr1801.sys
2009-09-04 11:28 166,784 a------- c:\windows\system32\dllcache\tridxpm.sys
2009-09-04 11:28 525,568 a------- c:\windows\system32\dllcache\tridxp.dll
2009-09-04 11:28 159,232 a------- c:\windows\system32\dllcache\tridkbm.sys
2009-09-04 11:28 440,576 a------- c:\windows\system32\dllcache\tridkb.dll
2009-09-04 11:28 222,336 a------- c:\windows\system32\dllcache\trid3dm.sys
2009-09-04 11:28 315,520 a------- c:\windows\system32\dllcache\trid3d.dll
2009-09-04 11:28 34,375 a------- c:\windows\system32\dllcache\tpro4.sys
2009-09-04 11:28 42,496 a------- c:\windows\system32\dllcache\tp4res.dll
2009-09-04 11:28 82,944 a------- c:\windows\system32\dllcache\tp4mon.exe
2009-09-04 11:28 31,744 a------- c:\windows\system32\dllcache\tp4.dll
2009-09-04 11:28 230,912 a------- c:\windows\system32\dllcache\tosdvd03.sys
2009-09-04 11:28 241,664 a------- c:\windows\system32\dllcache\tosdvd02.sys
2009-09-04 11:28 28,232 a------- c:\windows\system32\dllcache\tos4mo.sys
2009-09-04 11:26 10,240 a------- c:\windows\system32\dllcache\swpidflt.dll
2009-09-04 11:25 106,584 a------- c:\windows\system32\dllcache\spdports.dll
2009-09-04 11:24 31,744 a------- c:\windows\system32\dllcache\smb6w.dll
2009-09-04 11:23 101,760 a------- c:\windows\system32\dllcache\sis300ip.sys
2009-09-04 11:22 16,640 a------- c:\windows\system32\dllcache\scmstcs.sys
2009-09-04 11:21 82,432 a------- c:\windows\system32\dllcache\rwia450.dll
2009-09-04 11:20 899,146 a------- c:\windows\system32\dllcache\r2mdkxga.sys
2009-09-04 11:19 19,840 a------- c:\windows\system32\dllcache\philtune.sys
2009-09-04 11:18 44,544 a------- c:\windows\system32\dllcache\ovui2.dll
2009-09-04 11:17 51,552 a------- c:\windows\system32\dllcache\ntgrip.sys
2009-09-04 11:16 27,936 a------- c:\windows\system32\dllcache\n9i3d.sys
2009-09-04 11:15 12,416 a------- c:\windows\system32\dllcache\msriffwv.sys
2009-09-04 11:15 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys
2009-09-04 11:15 1,875,968 a------- c:\windows\system32\dllcache\msir3jp.lex
2009-09-04 11:15 22,016 a------- c:\windows\system32\dllcache\msircomm.sys
2009-09-04 11:15 98,304 a------- c:\windows\system32\dllcache\msir3jp.dll
2009-09-04 11:15 35,200 a------- c:\windows\system32\dllcache\msgame.sys
2009-09-04 11:15 6,016 a------- c:\windows\system32\dllcache\msfsio.sys
2009-09-04 11:15 51,200 a------- c:\windows\system32\dllcache\msdv.sys
2009-09-04 11:15 15,232 a------- c:\windows\system32\dllcache\mpe.sys
2009-09-04 11:15 16,128 a------- c:\windows\system32\dllcache\modemcsa.sys
2009-09-04 11:15 6,528 a------- c:\windows\system32\dllcache\miniqic.sys
2009-09-04 11:15 34,304 a------- c:\windows\system32\dllcache\migisol.exe
2009-09-04 11:15 320,384 a------- c:\windows\system32\dllcache\mgaum.sys
2009-09-04 11:13 20,573 a------- c:\windows\system32\dllcache\lne100.sys
2009-09-04 11:12 7,168 a------- c:\windows\system32\dllcache\isapips.dll
2009-09-04 11:11 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
2009-09-04 11:10 542,879 a------- c:\windows\system32\dllcache\hsf_msft.sys
2009-09-04 11:09 123,392 a------- c:\windows\system32\dllcache\hpgt21tk.dll
2009-09-04 11:08 441,728 a------- c:\windows\system32\dllcache\fpcmbase.sys
2009-09-04 11:07 72,192 a------- c:\windows\system32\dllcache\es1969.sys
2009-09-04 11:06 20,992 a------- c:\windows\system32\dllcache\dshowext.ax
2009-09-04 11:05 24,064 a------- c:\windows\system32\dllcache\devldr32.exe
2009-09-04 11:04 20,736 a------- c:\windows\system32\dllcache\cmbp0wdm.sys
2009-09-04 11:03 66,082 a------- c:\windows\system32\dllcache\c_1149.nls
2009-09-04 11:02 281,600 a------- c:\windows\system32\dllcache\atimtai.sys
2009-09-04 11:00 7,168 a------- c:\windows\system32\dllcache\wamregps.dll
2009-09-04 11:00 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-09-04 11:00 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll
2009-09-04 11:00 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
2009-09-04 11:00 169,984 a------- c:\windows\system32\dllcache\iisui.dll
2009-09-04 11:00 14,336 a------- c:\windows\system32\dllcache\iisreset.exe
2009-09-04 11:00 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll
2009-09-04 11:00 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll
2009-09-04 11:00 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
2009-08-31 10:15 <DIR> --d----- c:\windows\ERUNT
2009-08-31 10:06 <DIR> --d----- C:\SDFix

==================== Find3M ====================

2009-08-13 11:16 512,000 a------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-19 09:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\dllcache\atl.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll
2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 07:07 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 04:35 634,632 a------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 04:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 04:33 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 a------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-21 17:44 153,088 a------- c:\windows\system32\dllcache\triedit.dll
2009-05-27 11:57 70,984 ac------ c:\documents and settings\david kaczka\g2mdlhlpx.exe
2009-02-15 17:30 56 ---shr-- c:\windows\system32\8E16539D25.sys
2009-02-15 17:30 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-17 21:16 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101720081018\index.dat

============= FINISH: 13:15:31.34 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 16 September 2009 - 06:54 PM

Hello.

Please run a rootkit scan.

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.
  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Posted Image tab at the bottom.
  • Now press the Posted Image button.
  • A box will pop up, check the boxes beside All Seven options/scan area
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.
Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Basically give me an update of the condition of your system.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 dkaczka

dkaczka
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 17 September 2009 - 12:42 PM

Hi Extremeboy, thanks for the help.

I downloaded RootRepeal to my desktop from the primary mirror, disconnected from the net, and then turned off my sec. software.

When I double click RootRepeal, I get the following message: "Error - invalid PE image found"

It goes away when I click OK.

Then when I click scan, RootRepeal runs for perhaps 15 seconds. The dialog box you show below does not come up. The report I received is attached to this post.

I don't think RootRepeal is running correctly, so I'm holding off on re-running DDS until I can give you a valid RootRepeal report.

What can I do to fix the error?

Thanks!

Attached Files



#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 17 September 2009 - 05:07 PM

Hello.

I don't think RootRepeal is running correctly, so I'm holding off on re-running DDS until I can give you a valid RootRepeal report.

Please go ahead and take a new DDS run and post the results here.

Do you mean that you did not receive Posted Image <- This image when you clicked scan?

Just want to clarify on that.

--

Try GMER..

Download and Run Scan with GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    Posted Image
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 dkaczka

dkaczka
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 17 September 2009 - 08:00 PM

You're correct. I did not receive the image you showed when I clicked scan in DDS.

I will run GMER now then post the results. Thanks!

#8 dkaczka

dkaczka
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 18 September 2009 - 11:48 AM

Thanks again! Looking forward to the next steps, and finishing this project off! GMER ran with no problems. Here is the log (and the new DDS Log follows it):

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-18 12:08:23
Windows 5.1.2600 Service Pack 3
Running: jb8j218c.exe; Driver: C:\DOCUME~1\DAVIDK~1\LOCALS~1\Temp\pxtyypow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA9BA49AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA9BA4A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA9BA4958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA9BA496C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA9BA4A55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA9BA4A81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA9BA4AEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA9BA4AD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA9BA49EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA9BA4B1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA9BA4A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA9BA4930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA9BA4944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA9BA49BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA9BA4B57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA9BA4AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA9BA4AAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA9BA4A6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA9BA4B43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA9BA4B2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA9BA4996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA9BA4982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA9BA4A97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA9BA4A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA9BA4B05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA9BA4A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA9BA49D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP821\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-2642809172-2686089099-1939456335-1009 2097152 bytes
File C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP821\snapshot\ComDb.Dat 34536 bytes
File C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP821\snapshot\domain.txt 46 bytes
File C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP821\snapshot\Repository 0 bytes
File C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP821\snapshot\Repository\$WinMgmt.CFG 20 bytes
File C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP821\snapshot\Repository\FS 0 bytes
File C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP821\snapshot\Repository\FS\INDEX.BTR 1474560 bytes
File C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP821\snapshot\Repository\FS\INDEX.MAP 768 bytes

---- EOF - GMER 1.0.15 ----

New DDS Log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by David Kaczka at 12:23:49.32 on Fri 09/18/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.236 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\David Kaczka\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://freakonomics.blogs.nytimes.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McAfee Backup] c:\program files\mcafee\mbk\McAfeeDataBackup.exe
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} - hxxps://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-19 201320]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-29 206096]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-19 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-19 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-19 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-19 35240]
S2 DellBIOS;DellBIOS;\??\c:\windows\dellbios.sys --> c:\windows\DellBIOS.Sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-19 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-19 40488]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-19 695624]

=============== Created Last 30 ================

2009-09-15 13:40 <DIR> --d----- c:\docume~1\davidk~1\applic~1\Free-backup.info
2009-09-04 13:25 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-09-04 11:52 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-09-04 11:52 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-09-04 11:52 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2009-09-04 11:52 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
2009-09-04 11:52 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
2009-09-04 11:52 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-09-04 11:52 28,288 a------- c:\windows\system32\dllcache\xjis.nls
2009-09-04 11:52 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-09-04 11:52 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-09-04 11:52 19,200 a------- c:\windows\system32\dllcache\wstcodec.sys
2009-09-04 11:52 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-09-04 11:51 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-09-04 11:32 8,832 a------- c:\windows\system32\dllcache\wmiacpi.sys
2009-09-04 11:32 154,624 a------- c:\windows\system32\dllcache\wlluc48.sys
2009-09-04 11:32 34,890 a------- c:\windows\system32\dllcache\wlandrv2.sys
2009-09-04 11:30 397,502 a------- c:\windows\system32\dllcache\vpctcom.sys
2009-09-04 11:30 604,253 a------- c:\windows\system32\dllcache\vmodem.sys
2009-09-04 11:30 249,402 a------- c:\windows\system32\dllcache\vinwm.sys
2009-09-04 11:30 24,576 a------- c:\windows\system32\dllcache\viairda.sys
2009-09-04 11:30 53,760 a------- c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-04 11:30 687,999 a------- c:\windows\system32\dllcache\usrwdxjs.sys
2009-09-04 11:30 765,884 a------- c:\windows\system32\dllcache\usrti.sys
2009-09-04 11:30 113,762 a------- c:\windows\system32\dllcache\usrpda.sys
2009-09-04 11:30 7,556 a------- c:\windows\system32\dllcache\usroslba.sys
2009-09-04 11:30 224,802 a------- c:\windows\system32\dllcache\usr1807a.sys
2009-09-04 11:30 794,399 a------- c:\windows\system32\dllcache\usr1806v.sys
2009-09-04 11:30 793,598 a------- c:\windows\system32\dllcache\usr1806.sys
2009-09-04 11:30 794,654 a------- c:\windows\system32\dllcache\usr1801.sys
2009-09-04 11:28 166,784 a------- c:\windows\system32\dllcache\tridxpm.sys
2009-09-04 11:28 525,568 a------- c:\windows\system32\dllcache\tridxp.dll
2009-09-04 11:28 159,232 a------- c:\windows\system32\dllcache\tridkbm.sys
2009-09-04 11:28 440,576 a------- c:\windows\system32\dllcache\tridkb.dll
2009-09-04 11:28 222,336 a------- c:\windows\system32\dllcache\trid3dm.sys
2009-09-04 11:28 315,520 a------- c:\windows\system32\dllcache\trid3d.dll
2009-09-04 11:28 34,375 a------- c:\windows\system32\dllcache\tpro4.sys
2009-09-04 11:28 42,496 a------- c:\windows\system32\dllcache\tp4res.dll
2009-09-04 11:28 82,944 a------- c:\windows\system32\dllcache\tp4mon.exe
2009-09-04 11:28 31,744 a------- c:\windows\system32\dllcache\tp4.dll
2009-09-04 11:28 230,912 a------- c:\windows\system32\dllcache\tosdvd03.sys
2009-09-04 11:28 241,664 a------- c:\windows\system32\dllcache\tosdvd02.sys
2009-09-04 11:28 28,232 a------- c:\windows\system32\dllcache\tos4mo.sys
2009-09-04 11:26 10,240 a------- c:\windows\system32\dllcache\swpidflt.dll
2009-09-04 11:25 106,584 a------- c:\windows\system32\dllcache\spdports.dll
2009-09-04 11:24 31,744 a------- c:\windows\system32\dllcache\smb6w.dll
2009-09-04 11:23 101,760 a------- c:\windows\system32\dllcache\sis300ip.sys
2009-09-04 11:22 16,640 a------- c:\windows\system32\dllcache\scmstcs.sys
2009-09-04 11:21 82,432 a------- c:\windows\system32\dllcache\rwia450.dll
2009-09-04 11:20 899,146 a------- c:\windows\system32\dllcache\r2mdkxga.sys
2009-09-04 11:19 19,840 a------- c:\windows\system32\dllcache\philtune.sys
2009-09-04 11:18 44,544 a------- c:\windows\system32\dllcache\ovui2.dll
2009-09-04 11:17 51,552 a------- c:\windows\system32\dllcache\ntgrip.sys
2009-09-04 11:16 27,936 a------- c:\windows\system32\dllcache\n9i3d.sys
2009-09-04 11:15 12,416 a------- c:\windows\system32\dllcache\msriffwv.sys
2009-09-04 11:15 2,944 a------- c:\windows\system32\dllcache\msmpu401.sys
2009-09-04 11:15 1,875,968 a------- c:\windows\system32\dllcache\msir3jp.lex
2009-09-04 11:15 22,016 a------- c:\windows\system32\dllcache\msircomm.sys
2009-09-04 11:15 98,304 a------- c:\windows\system32\dllcache\msir3jp.dll
2009-09-04 11:15 35,200 a------- c:\windows\system32\dllcache\msgame.sys
2009-09-04 11:15 6,016 a------- c:\windows\system32\dllcache\msfsio.sys
2009-09-04 11:15 51,200 a------- c:\windows\system32\dllcache\msdv.sys
2009-09-04 11:15 15,232 a------- c:\windows\system32\dllcache\mpe.sys
2009-09-04 11:15 16,128 a------- c:\windows\system32\dllcache\modemcsa.sys
2009-09-04 11:15 6,528 a------- c:\windows\system32\dllcache\miniqic.sys
2009-09-04 11:15 34,304 a------- c:\windows\system32\dllcache\migisol.exe
2009-09-04 11:15 320,384 a------- c:\windows\system32\dllcache\mgaum.sys
2009-09-04 11:13 20,573 a------- c:\windows\system32\dllcache\lne100.sys
2009-09-04 11:12 7,168 a------- c:\windows\system32\dllcache\isapips.dll
2009-09-04 11:11 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
2009-09-04 11:10 542,879 a------- c:\windows\system32\dllcache\hsf_msft.sys
2009-09-04 11:09 123,392 a------- c:\windows\system32\dllcache\hpgt21tk.dll
2009-09-04 11:08 441,728 a------- c:\windows\system32\dllcache\fpcmbase.sys
2009-09-04 11:07 72,192 a------- c:\windows\system32\dllcache\es1969.sys
2009-09-04 11:06 20,992 a------- c:\windows\system32\dllcache\dshowext.ax
2009-09-04 11:05 24,064 a------- c:\windows\system32\dllcache\devldr32.exe
2009-09-04 11:04 20,736 a------- c:\windows\system32\dllcache\cmbp0wdm.sys
2009-09-04 11:03 66,082 a------- c:\windows\system32\dllcache\c_1149.nls
2009-09-04 11:02 281,600 a------- c:\windows\system32\dllcache\atimtai.sys
2009-09-04 11:00 7,168 a------- c:\windows\system32\dllcache\wamregps.dll
2009-09-04 11:00 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-09-04 11:00 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll
2009-09-04 11:00 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
2009-09-04 11:00 169,984 a------- c:\windows\system32\dllcache\iisui.dll
2009-09-04 11:00 14,336 a------- c:\windows\system32\dllcache\iisreset.exe
2009-09-04 11:00 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll
2009-09-04 11:00 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll
2009-09-04 11:00 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
2009-08-31 10:15 <DIR> --d----- c:\windows\ERUNT
2009-08-31 10:06 <DIR> --d----- C:\SDFix

==================== Find3M ====================

2009-08-13 11:16 512,000 a------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-19 09:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\dllcache\atl.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll
2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 07:07 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 04:35 634,632 a------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 04:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 04:33 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 a------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-21 17:44 153,088 a------- c:\windows\system32\dllcache\triedit.dll
2009-05-27 11:57 70,984 ac------ c:\documents and settings\david kaczka\g2mdlhlpx.exe
2009-02-15 17:30 56 ---shr-- c:\windows\system32\8E16539D25.sys
2009-02-15 17:30 3,766 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-17 21:16 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101720081018\index.dat

============= FINISH: 12:24:45.75 ===============

Attached Files


Edited by extremeboy, 18 September 2009 - 03:47 PM.
Remove some redudent SVI file lines


#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 18 September 2009 - 03:48 PM

Please give me an update of your machine:

Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Basically give me an update of the condition of your system.


Thanks.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 21 September 2009 - 03:34 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 dkaczka

dkaczka
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 21 September 2009 - 09:35 PM

Hi,

I am still here! I have noticed a few issues with the computer. It does seem to bog down and run slowly periodically, but it rarely crashes or blue screens.

A few other issues I've noticed:

1. I've replaced the subscription version of McAfee with a version provided for free by my ISP. But I still get subscription expired warning that pops up.

2. I wasn't able to run RootRepeal - and received a message saying invalid PE image found.

3. I also get dialog boxes for missing files as I log out / shut down.

I'll keep a log of any issues I notice as I work on it tomorrow.

Thank you!

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 22 September 2009 - 03:00 PM

Sure.

However, can you please further add on to this statement here:

I also get dialog boxes for missing files as I log out / shut down.

What error dialog boxes? What files? Let me know.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 dkaczka

dkaczka
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 23 September 2009 - 09:05 AM

Examples of error dialog boxes include:

Yesterday, while shutting down & logging off, I received an end program - Adobe Acrobat error. This was strange because all programs appeared to be closed, including Acrobat.

I also received the following dialog boxes, at the same time:
"MMDiag.exe - application failed to initialize because the window station is shutting down."
"Adobe Acrobat AcroRd32.exe application error - The instruction "0x5ad71531" referenced memor at "0x00000014". The memory could not be "read"."

I'll keep a log of anything else I encounter today.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 23 September 2009 - 03:26 PM

Hello.

I'll keep a log of anything else I encounter today.

Please do and let me know.

Do you ALWAYS get those error messages at shutdown/log off or only occasionally? It seems some of those errors is the program trying to run itself during the shut-down procedure. MMDiag.exe is related to the MusicMatch Jukebox Component. Adobe error is related to adobe. You may wish to re-install and download and install the latest version of Adobe. Your version of Adobe is outdated

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 26 September 2009 - 11:13 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users