Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden source of Google redirects


  • This topic is locked This topic is locked
2 replies to this topic

#1 areyouacyborg

areyouacyborg

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 11 October 2009 - 03:30 PM

Hello all,

Last week I made the mistake of doing some Google image searching and got led to some kind of trap site. It seems to have put a lot of malware on my computer, some of which I was able to remove with Spyware Doctor (for instance, a fake popup warning). There were some other parts of it that seem to have been caught by my Viruscan On-Access Scan, and have since been caught as I ran various scans. I ran Spyware Doctor and it is telling me Rootkit.Agent.EX is on the computer. I thought it removed it, but I think it may be "respawning"? Similarly, I ran Sophos Anti-Rootkit, which led me to more virus files that Viruscan deleted.

Anyhow, things right now are: my computer seems to run okay, but when I go to Google my search results get redirected. For instance, if I searched for "cheap plane tickets," maybe Travelocity would come up, and I click that link and it takes me to something completely different. If I try it again, it won't happen, but it will at random times. I appreciate the help anyone can provide to get rid of this pesky annoyance, and anything else that may be hiding on this PC!

As per the forum's instructions, here are my DDS and RootRepeal logs. I'm also (I'm afraid!) going to need some detailed instructions on how to get rid of malware -- i.e., can I just use the "fix problems" button in HijackThis or go in through the registry, etc? I know a little about computers but there's a whole lot I don't know!

Thanks for any help you kind folks can provide.


DDS (Ver_09-09-29.01) - NTFSx86
Run by areyouacyborg at 16:14:28.65 on Sun 10/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.145 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\srcssc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
svchost
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\PERMIS~1\bin\dm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\areyouacyborg\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://aimhome.netscape.com/aimhome.adp
uDefault_Page_URL = hxxp://www.dell4me.com/mywaybiz
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = local.,;*.local;<local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [d3drpc32] rundll32.exe "c:\documents and settings\areyouacyborg\local settings\application data\d3drpc32\d3drpc32.dll", DllInit
uRun: [ttool] c:\windows\srcssc.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\orderreminder\OrderReminder.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [<NO NAME>]
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\documents and settings\areyouacyborg\start menu\programs\startup\ikowin32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: aol.com\free
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {38CE661B-0F4A-4120-9CA7-90015C5C3241} - hxxps://shopping.discovery.com/MediaManager/DiscoveryDS_1_0_0_15.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxps://shopping.discovery.com/MediaManager/Entriq_3_7_0_2_Silent.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\areyoua~1\applic~1\mozilla\firefox\profiles\yjp4xyds.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\areyouacyborg\application data\mozilla\firefox\profiles\yjp4xyds.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\documents and settings\areyouacyborg\application data\mozilla\firefox\profiles\yjp4xyds.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07075003.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-10-8 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-10-8 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-10-8 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-10-8 159600]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 FlipShare Service;FlipShare Service;c:\program files\pure digital technologies\flipshare\FlipShareService.exe [2008-11-13 439616]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2005-2-11 106586]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2003-9-29 237657]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2003-9-29 69706]
R2 PermissionTVDownloadManager;PermissionTV Download Manager Service;c:\progra~1\permis~1\bin\dm.exe [2007-3-28 213053]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2003-9-29 83008]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-10-8 33056]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\areyoua~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2009-10-5 70144]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2004-10-28 249856]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\84.tmp --> c:\windows\system32\84.tmp [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-10-8 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-10-8 348824]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-10-8 1097096]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2009-10-11 15:59 <DIR> --d----- c:\program files\Trend Micro
2009-10-09 10:18 <DIR> --d----- c:\program files\Sophos
2009-10-08 11:51 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-10-08 11:51 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-10-08 11:51 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-10-08 11:51 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-10-08 11:04 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-08 11:04 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-08 11:04 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-08 11:04 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-10-08 11:04 <DIR> --d----- c:\program files\common files\PC Tools
2009-10-08 11:04 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-10-08 11:03 <DIR> --d----- c:\program files\Spyware Doctor
2009-10-08 11:03 <DIR> --d----- c:\docume~1\areyoua~1\applic~1\PC Tools
2009-10-08 11:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-07 06:58 2 a--shrot c:\windows\winstart.bat
2009-10-05 16:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure
2009-10-05 15:03 58,368 a------- c:\windows\srcssc.exe
2009-09-22 00:07 62,724 a---h--- c:\windows\system32\mlfcache.dat
2009-09-18 22:29 <DIR> --d----- c:\program files\iPod
2009-09-18 22:29 <DIR> --d----- c:\program files\iTunes
2009-09-18 22:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 22:19 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-09-12 16:43 153,088 -------- c:\windows\system32\dllcache\triedit.dll

==================== Find3M ====================

2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 23:43 10,841,088 -------- c:\windows\system32\dllcache\wmp.dll

============= FINISH: 16:16:52.76 ===============

My RootRepeal log:

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/10/11 16:20
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ABP480N5.SYS
Image Path: ABP480N5.SYS
Address: 0xF8880000 Size: 23552 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF8569000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: adpu160m.sys
Address: 0xF84F0000 Size: 101888 File Visible: - Signed: -
Status: -

Name: aeaudio.sys
Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys
Address: 0xF8AFA000 Size: 4384 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xEEE31000 Size: 138496 File Visible: - Signed: -
Status: -

Name: agpCPQ.sys
Image Path: agpCPQ.sys
Address: 0xF86E8000 Size: 44928 File Visible: - Signed: -
Status: -

Name: aha154x.sys
Image Path: aha154x.sys
Address: 0xF89D0000 Size: 12800 File Visible: - Signed: -
Status: -

Name: aic78u2.sys
Image Path: aic78u2.sys
Address: 0xF8618000 Size: 55168 File Visible: - Signed: -
Status: -

Name: aic78xx.sys
Image Path: aic78xx.sys
Address: 0xF85E8000 Size: 56960 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xF8ABC000 Size: 5248 File Visible: - Signed: -
Status: -

Name: alim1541.sys
Image Path: alim1541.sys
Address: 0xF86C8000 Size: 42752 File Visible: - Signed: -
Status: -

Name: amdagp.sys
Image Path: amdagp.sys
Address: 0xF86D8000 Size: 43008 File Visible: - Signed: -
Status: -

Name: amsint.sys
Image Path: amsint.sys
Address: 0xF89DC000 Size: 12032 File Visible: - Signed: -
Status: -

Name: AN983.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AN983.sys
Address: 0xF8728000 Size: 36224 File Visible: - Signed: -
Status: -

Name: ANIO.SYS
Image Path: C:\WINDOWS\system32\ANIO.SYS
Address: 0xEF08D000 Size: 28128 File Visible: - Signed: -
Status: -

Name: asc.sys
Image Path: asc.sys
Address: 0xF8850000 Size: 26496 File Visible: - Signed: -
Status: -

Name: asc3350p.sys
Image Path: asc3350p.sys
Address: 0xF8888000 Size: 22400 File Visible: - Signed: -
Status: -

Name: asc3550.sys
Image Path: asc3550.sys
Address: 0xF89E0000 Size: 14848 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF8509000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF8C13000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF8B1A000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF89C8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: cbidf2k.sys
Image Path: cbidf2k.sys
Address: 0xF89E8000 Size: 13952 File Visible: - Signed: -
Status: -

Name: cd20xrnt.sys
Image Path: cd20xrnt.sys
Address: 0xF8AC6000 Size: 7680 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xEECF6000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF8798000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF8678000 Size: 53248 File Visible: - Signed: -
Status: -

Name: cmdide.sys
Image Path: cmdide.sys
Address: 0xF8ABE000 Size: 6656 File Visible: - Signed: -
Status: -

Name: cpqarray.sys
Image Path: cpqarray.sys
Address: 0xF89CC000 Size: 14976 File Visible: - Signed: -
Status: -

Name: dac2w2k.sys
Image Path: dac2w2k.sys
Address: 0xF84C4000 Size: 179584 File Visible: - Signed: -
Status: -

Name: dac960nt.sys
Image Path: dac960nt.sys
Address: 0xF89D8000 Size: 14720 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF8668000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dpti2o.sys
Image Path: dpti2o.sys
Address: 0xF8890000 Size: 20192 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF87B8000 Size: 61440 File Visible: - Signed: -
Status: -

Name: drvmcdb.sys
Image Path: drvmcdb.sys
Address: 0xF8446000 Size: 84992 File Visible: - Signed: -
Status: -

Name: drvnddm.sys
Image Path: C:\WINDOWS\system32\drivers\drvnddm.sys
Address: 0xEEB92000 Size: 38304 File Visible: - Signed: -
Status: -

Name: DSproct.sys
Image Path: C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
Address: 0xF8ACE000 Size: 4736 File Visible: - Signed: -
Status: -

Name: dsunidrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
Address: 0xF8B42000 Size: 5376 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEE6BB000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B4A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xEF01D000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8CFE000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xEE4BF000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF8908000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7829000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF8970000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF84A4000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF8B18000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF8539000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
Address: 0xF8920000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF7819000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF89C0000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xF726B000 Size: 10368 File Visible: - Signed: -
Status: -

Name: hpn.sys
Image Path: hpn.sys
Address: 0xF88A0000 Size: 25952 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xEDC46000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xF8A88000 Size: 8576 File Visible: - Signed: -
Status: -

Name: i2omp.sys
Image Path: i2omp.sys
Address: 0xF8860000 Size: 18560 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF8768000 Size: 52480 File Visible: - Signed: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBF077000 Size: 925696 File Visible: - Signed: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBF042000 Size: 217088 File Visible: - Signed: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF020000 Size: 139264 File Visible: - Signed: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Address: 0xF766B000 Size: 1302208 File Visible: - Signed: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF012000 Size: 57344 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF8788000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ini910u.sys
Image Path: ini910u.sys
Address: 0xF89E4000 Size: 16000 File Visible: - Signed: -
Status: -

Name: IntelC51.sys
Image Path: C:\WINDOWS\system32\DRIVERS\IntelC51.sys
Address: 0xF74E9000 Size: 1205920 File Visible: - Signed: -
Status: -

Name: IntelC52.sys
Image Path: C:\WINDOWS\system32\DRIVERS\IntelC52.sys
Address: 0xF7454000 Size: 609120 File Visible: - Signed: -
Status: -

Name: IntelC53.sys
Image Path: C:\WINDOWS\system32\DRIVERS\IntelC53.sys
Address: 0xF8738000 Size: 58080 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF8AC4000 Size: 5504 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF8708000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Address: 0xED46C000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xEEEC9000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xEEFC2000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF85B8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF8918000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF8AB8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xECA94000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF7610000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF841E000 Size: 92288 File Visible: - Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF8C53000 Size: 2560 File Visible: No Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF8B1C000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF8900000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xF8A70000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mohfilt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mohfilt.sys
Address: 0xF88F8000 Size: 23520 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF8940000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xF725F000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF85C8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: MpFirewall.sys
Image Path: C:\WINDOWS\System32\Drivers\MpFirewall.sys
Address: 0xEEF55000 Size: 79168 File Visible: - Signed: -
Status: -

Name: mraid35x.sys
Image Path: mraid35x.sys
Address: 0xF8858000 Size: 17280 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xEDDEF000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xEED96000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF8998000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF87F8000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF82F3000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF8337000 Size: 105344 File Visible: - Signed: -
Status: -

Name: naiavf5x.sys
Image Path: C:\WINDOWS\system32\drivers\naiavf5x.sys
Address: 0xED207000 Size: 83008 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF8351000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF8307000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xEE5E7000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF735E000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF8828000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF7839000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xEEE53000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF89A0000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF837E000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8BF1000 Size: 2944 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF742F000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF8840000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF8558000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF8B80000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF8838000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCTCore.sys
Image Path: PCTCore.sys
Address: 0xF845B000 Size: 225280 File Visible: - Signed: -
Status: -

Name: pctgntdi.sys
Image Path: C:\WINDOWS\SYSTEM32\DRIVERS\pctgntdi.sys
Address: 0xEEEA3000 Size: 153600 File Visible: - Signed: -
Status: -

Name: perc2.sys
Image Path: perc2.sys
Address: 0xF8898000 Size: 27296 File Visible: - Signed: -
Status: -

Name: perc2hib.sys
Image Path: perc2hib.sys
Address: 0xF8AC8000 Size: 5504 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF7375000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF734D000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF8930000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF8698000 Size: 35712 File Visible: - Signed: -
Status: -

Name: ql1080.sys
Image Path: ql1080.sys
Address: 0xF8638000 Size: 40320 File Visible: - Signed: -
Status: -

Name: ql10wnt.sys
Image Path: ql10wnt.sys
Address: 0xF85F8000 Size: 33152 File Visible: - Signed: -
Status: -

Name: ql12160.sys
Image Path: ql12160.sys
Address: 0xF8658000 Size: 45312 File Visible: - Signed: -
Status: -

Name: ql1240.sys
Image Path: ql1240.sys
Address: 0xF8608000 Size: 40448 File Visible: - Signed: -
Status: -

Name: ql1280.sys
Image Path: ql1280.sys
Address: 0xF8648000 Size: 49024 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF8A90000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF87C8000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF87D8000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF87E8000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF8938000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xEEE06000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF8B1E000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF87A8000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xECE87000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xF8521000 Size: 98304 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xF830F000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xF8778000 Size: 64512 File Visible: - Signed: -
Status: -

Name: sisagp.sys
Image Path: sisagp.sys
Address: 0xF86A8000 Size: 40960 File Visible: - Signed: -
Status: -

Name: smwdm.sys
Image Path: C:\WINDOWS\system32\drivers\smwdm.sys
Address: 0xF7399000 Size: 612352 File Visible: - Signed: -
Status: -

Name: sparrow.sys
Image Path: sparrow.sys
Address: 0xF8848000 Size: 19072 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF8492000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xEDBA4000 Size: 333952 File Visible: - Signed: -
Status: -

Name: sscdbhk5.sys
Image Path: C:\WINDOWS\system32\drivers\sscdbhk5.sys
Address: 0xF8AF8000 Size: 5568 File Visible: - Signed: -
Status: -

Name: ssrtln.sys
Image Path: C:\WINDOWS\system32\drivers\ssrtln.sys
Address: 0xF8988000 Size: 23488 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF8AFC000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sym_hi.sys
Image Path: sym_hi.sys
Address: 0xF8870000 Size: 28384 File Visible: - Signed: -
Status: -

Name: sym_u3.sys
Image Path: sym_u3.sys
Address: 0xF8878000 Size: 30688 File Visible: - Signed: -
Status: -

Name: symc810.sys
Image Path: symc810.sys
Address: 0xF89D4000 Size: 16256 File Visible: - Signed: -
Status: -

Name: symc8xx.sys
Image Path: symc8xx.sys
Address: 0xF8868000 Size: 32640 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xEE027000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xEEF69000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF8928000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF8808000 Size: 40704 File Visible: - Signed: -
Status: -

Name: TfFsMon.sys
Image Path: TfFsMon.sys
Address: 0xF8435000 Size: 69632 File Visible: - Signed: -
Status: -

Name: TfKbMon.sys
Image Path: C:\WINDOWS\System32\Drivers\TfKbMon.sys
Address: 0xF8910000 Size: 32768 File Visible: - Signed: -
Status: -

Name: TfNetMon.sys
Image Path: C:\WINDOWS\system32\drivers\TfNetMon.sys
Address: 0xEDE9A000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tfsnboio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnboio.sys
Address: 0xEEF17000 Size: 25664 File Visible: - Signed: -
Status: -

Name: tfsncofs.sys
Image Path: C:\WINDOWS\system32\dla\tfsncofs.sys
Address: 0xEEB82000 Size: 34784 File Visible: - Signed: -
Status: -

Name: tfsndrct.sys
Image Path: C:\WINDOWS\system32\dla\tfsndrct.sys
Address: 0xF8CB1000 Size: 4064 File Visible: - Signed: -
Status: -

Name: tfsndres.sys
Image Path: C:\WINDOWS\system32\dla\tfsndres.sys
Address: 0xF8CB0000 Size: 2176 File Visible: - Signed: -
Status: -

Name: tfsnifs.sys
Image Path: C:\WINDOWS\system32\dla\tfsnifs.sys
Address: 0xEE62D000 Size: 86144 File Visible: - Signed: -
Status: -

Name: tfsnopio.sys
Image Path: C:\WINDOWS\system32\dla\tfsnopio.sys
Address: 0xEE6AF000 Size: 14656 File Visible: - Signed: -
Status: -

Name: tfsnpool.sys
Image Path: C:\WINDOWS\system32\dla\tfsnpool.sys
Address: 0xF8B7C000 Size: 6304 File Visible: - Signed: -
Status: -

Name: tfsnudf.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudf.sys
Address: 0xEE614000 Size: 98656 File Visible: - Signed: -
Status: -

Name: tfsnudfa.sys
Image Path: C:\WINDOWS\system32\dla\tfsnudfa.sys
Address: 0xEE5FB000 Size: 100544 File Visible: - Signed: -
Status: -

Name: TfSysMon.sys
Image Path: TfSysMon.sys
Address: 0xF8688000 Size: 53248 File Visible: - Signed: -
Status: -

Name: toside.sys
Image Path: toside.sys
Address: 0xF8AC0000 Size: 4992 File Visible: - Signed: -
Status: -

Name: ultra.sys
Image Path: ultra.sys
Address: 0xF8628000 Size: 36736 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF72A7000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF8B0C000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF88F0000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF82CF000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF7633000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xF88B8000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF88E8000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF8990000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaagp.sys
Image Path: viaagp.sys
Address: 0xF86B8000 Size: 42240 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF8AC2000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF7657000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF85D8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF824F000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xEF05D000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEDF0A000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF8ABA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xF8AAC000 Size: 12032 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF840B000 Size: 77568 File Visible: - Signed: -
Status: -

Attached Files


Edited by areyouacyborg, 11 October 2009 - 03:36 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:38 PM

Posted 26 October 2009 - 06:11 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:38 PM

Posted 30 October 2009 - 09:37 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users